Test Drive World-Class SANS Cyber Security Training

Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.
SANS OnDemand Student

Get a Free Hour of SANS Training

Experience SANS Cyber Security Training through course demos, available for 65+ courses. Preview course content, see our top instructors in action, evaluate difficulty level, and try out our OnDemand training platform.

Register for your course from within the demo or navigate to your preferred course page to learn more, search training formats, and register.

NEW | Enjoy an all-new course demo experience featuring our new OnDemand Player.

Cyber Defense Course Demos

Our SANS Blue Team Ops curriculum provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and applications against the most dangerous threats.
  • In today's fast-paced threat landscape, proficiency in Linux is not optional - it's essential. Hackers know how to use Linux and a single unsecured Linux box could be all it takes for your organization to fall victim to a devastating cyberattack. Whether you are defensive, offensive, performing incident response, or working in mobile or ICS, this course will equip you with the fundamental proficiency, knowledge, and tools needed to stay ahead of the game. Acquire yours by taking our practical, hands-on training.

  • SEC450 provides students with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower those on their way to becoming the next generation of blue team members.

  • SEC497 is based on two decades of experience with open-source intelligence (OSINT) research and investigations supporting law enforcement, intelligence operations, and a variety of private sector businesses ranging from small start-ups to Fortune 100 companies. The goal is to provide practical, real-world tools and techniques to help individuals perform OSINT research safely and effectively.

  • SEC501: Advanced Security Essentials - Enterprise Defender is an essential course for members of security teams of all sizes. That includes smaller teams where you wear several (or all) hats and need a robust understanding of many facets of cybersecurity, and larger teams where your role is more focused, and gaining skills in additional areas adds to your flexibility and opportunities. This course concentrates on showing you how to examine the traffic that is flowing on your networks, look for indications of an attack, and perform penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs.

  • SEC503: Network Monitoring and Threat Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.

  • In SEC505 you will learn how to use PowerShell to automate Windows security and harden PowerShell itself. No prior PowerShell scripting experience is required to take the course because you will learn PowerShell along the way. We will even write a PowerShell ransomware script together in a lab in order to implement better ransomware defenses.

  • In today's rapidly evolving threat landscape, traditional cybersecurity measures are no longer sufficient. This advanced training addresses the challenge by equipping practitioners with cutting-edge skills in cybersecurity engineering and advanced threat detection for cloud, network, and endpoint environments. Featuring 18 hands-on labs, a final capstone project, plus gamified bootcamp challenges, it immerses you in real-world scenarios. Master NDR, EDR, and MITRE ATT&CK to build a robust SOC with threat-informed defenses. Elevate your expertise and stay ahead of adversaries with this comprehensive course.

  • This course is designed to help students build and maintain a truly defensible security architecture, while taking them on a journey towards implementing Zero Trust principles, pillars and capabilities. There will be a heavy focus on leveraging current infrastructure and investment. Students will learn how to assess, re-configure and validate existing technologies to significantly improve their organizations' prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways.

  • The threat landscape has changed and gone are the days when erecting a strong perimeter is sufficient to keep adversaries at bay. Supply chain attacks are one of the many effective ways to circumvent traditional perimeter-based controls. In these difficult to spot attacks, organizations unintentionally invite the adversary inside using unvalidated but "trusted" technologies, effectively leading to self-compromise. SEC547: Defending Product Supply Chains teaches how to minimize the risk of supply chain attacks via in-depth supply chain risk management strategies and tactics. The course covers the threat landscape and provides critical skills for defenders across 13 custom tailored labs, provides real-world examples of how these attacks work and how to stop them from happening to you. You'll leave this course with the industry best practice required to inject security and assurance into your organization's technology acquisitions.

  • Many organizations have logging capabilities but lack the people and processes to analyze them. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide training, methods, and processes for enhancing existing logging solutions.

  • SEC573 is an immersive, self-paced, hands-on, and lab-intensive course. After covering the essentials required for people who have never coded before, the course will present students with real-world forensics, defensive, and offensive challenges. You will develop a malware dropper for an offensive operation; learn to search your logs for the latest attacks; develop code to carve forensics artifacts from memory, hard drives, and packets; automate the interaction with an online website's API; and write a custom packet sniffer. Through fun and engaging labs, youll develop useful tools and build essential skills that will make you the most valuable member of your information security team.

  • Are you a Blue Teamer who has been asked to do more with less? Do you wish you could detect and respond at the same pace as your adversaries who are breaking into and moving within the network? SEC586: Blue Team Operations: Defensive PowerShell teaches deep automation and defensive capabilities using PowerShell. Come join us and learn how to automate everything from regular hardening and auditing tasks to advanced defenses. This course will provide you with skills for near real-time detection and response and elevate your defenses to the next level.

  • In SEC587 you will learn how to perform advanced OSINT Gathering & Analysis as well as understand and use common programming languages such as JSON and Python. SEC587 also will go into Dark Web and Financial (Cryptocurrency) topics as well as disinformation, advanced image and video OSINT analysis.

  • SEC595 provides students with a crash-course introduction to practical data science, statistics, probability, and machine learning. The course is structured as a series of short discussions with extensive hands-on labs that help students to develop useful intuitive understandings of how these concepts relate and can be used to solve real-world problems. If you've never done anything with data science or machine learning but want to use these techniques, this is definitely the course for you!

  • SEC673 looks at coding techniques used by popular open-source information security packages and how to apply them to your own Python cybersecurity projects. You'll learn from the best of them as we spend the week making information security for our project, named SPF100, as easy to develop and maintain as that of the most popular cybersecurity projects. Discover how to organize your code and use advanced programming concepts to make your code faster, more efficient, and easier to develop and maintain.

Cloud Security Course Demos

The SANS Cloud curriculum provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and applications in the cloud against the most dangerous threats.
  • Today's world of cyber security moves quickly. Cloud security moves even faster, so getting started or moving into a career in this field can be intimidating if you do not have the foundation to be successful. SANS SEC388 solves this problem by helping you to learn the foundational elements of modern cloud computing and security. This course kicks off your journey to becoming a SANS Cloud Ace by taking an introductory yet critical look at cloud security. This course focuses on Azure and AWS, and shows you how to interact with each cloud provider by familiarizing you with common terminology, cloud services, security concerns, and solutions to cloud-based security shortcomings. Through hands-on labs, SEC388 puts you in real-world scenarios that challenge you to learn more about AWS, Azure, and relevant cloud computing and security concepts. 

  • More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud, and not just to one cloud service provider (CSP). Organizations are responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multicloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals are not properly trained to secure the organization's cloud environment and investigate and respond to the inevitable security breaches. New technologies introduce new risks. Help your organization successfully navigate both the security challenges and opportunities presented by cloud services. 20 Hands-on Labs + CloudWars CTF

  • As the landscape rapidly evolves and development teams eagerly adopt the next big thing, security is constantly playing catch-up in order to avert disaster. SEC510: Cloud Security Controls and Mitigations teaches you how the Big 3 cloud providers work and how to securely configure and use their services and PaaS / IaaS offerings. 20 Hands-On Labs + CloudWars

  • Security professionals are asked to provide validated and scalable solutions to secure this content in line with best industry practices using modern web application frameworks. Attending this class will not only raise awareness about common security flaws in modern web applications, but it will also teach students how to recognize and mitigate these flaws early and efficiently. 

  • SEC540 provides security professionals with a methodology to secure modern Cloud and DevOps environments. By embracing the DevOps culture, students will walk away from SEC540 battle-tested and ready to build to their organization's Cloud & DevSecOps Security Program.

  • While shifting to cloud infrastructure offers many benefits, it also exposes organizations to new and continuously evolving threats. Many organizations are unaware of the critical differences between on-premises and cloud environments, leading to challenges in understanding what to log and how to detect threats effectively. Unlike other, primarily theoretical courses, SEC541: Cloud Security Threat Detection provides hands-on-keyboard experience through 21 practical labs, covering AWS, Azure, and Microsoft 365. This course empowers your team to master cloud-native logging, threat detection, and monitoring, solving hidden, low-hanging but high ROI issues. Equip your team with the skills to necessary to enhance your organization's cloud security posture and stay ahead of potential breaches with SEC541.

  • The age of cloud computing has arrived as organizations have seen the advantages of migrating their applications from traditional on-premises networks. However, the rapid adoption of cloud has left the cloud security architect scrambling to design on this new medium. A shift to the cloud requires cybersecurity professionals to reorient their security goals around a new threat model to enable business requirements while improving their organization's security posture. This enterprise cloud security architecture training course will teach students to create secure identity and network patterns in the cloud in order to support business at any stage of the cloud journey, whether planning for first workloads, managing complex legacy environments, or operating in an advanced cloud-native ecosystem.

Cybersecurity and IT Essentials Course Demos

SANS New to Cybersecurity curriculum features multiple options to meet the needs of anyone looking to enter the field. From zero technical experience to basic IT knowledge, SANS has a solution that will enable you to select a starting point for your cybersecurity learning journey.
  • This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

  • Whether you are new to information security or a seasoned practitioner with a specialized focus, SEC401 will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud. SEC401 will also show you how to directly apply the concept learned into a winning defensive strategy, all in the terms of the modern adversary. This is how we fight; this is how we win!

  • Want to write better? Learn to hack the reader! Discover how to find an opening, break down your readers' defenses, and capture their attention to deliver your message-even if they are too busy or indifferent to others' writing. This unique course, built exclusively for cybersecurity professionals, will strengthen your writing skills and boost your security career.

  • SEC403 shows you how to put together an effective security briefing, secure the interest and engagement of your audience, and confidently deliver presentations to a variety of groups. You will learn effective techniques to secure management approval for new security projects and tools, as well as how to handle the toughest questions and adjust on-the-fly. Designed exclusively for cybersecurity professionals, this course covers best practices for common security presentations such as penetration testing reports, security assessment reports, incident updates, after-action reports, security awareness briefings, and more.


Digital Forensics & Incident Response Course Demos

Our DFIR Curriculum will teach you how to detect compromised systems, identify how and when a breach occurred, understand what attackers took or changed, and successfully contain and remediate incidents.
  • FOR498, a digital forensic acquisition training course, provides the necessary skills to identify the many and varied data storage mediums in use today, and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. It covers digital acquisition from computers, portable devices, networks, and the cloud. It then teaches the student Battlefield Forensics, or the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less.

  • FOR500 builds in-depth and comprehensive digital forensics knowledge of Microsoft Windows operating systems by analyzing and authenticating forensic data as well as track detailed user activity and organize findings. It teaches students to apply digital forensic methodologies to a variety of case types and situations, allowing them to apply in the real world the right methodology to achieve the best outcome.

  • Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as "threat hunting".FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists.

  • FOR509: Enterprise Cloud Forensics and Incident Response addresses today's need to bring examiners up to speed with the rapidly changing world of enterprise cloud environments by uncovering the new evidence sources that only exist in the Cloud.

  • FOR518 is the first non-vendor-based Mac and iOS incident response and forensics course that focuses students on the raw data, in-depth detailed analysis, and how to get the most out of their Mac and iOS cases. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device.

  • Ransomware attackers have become more sophisticated, and their techniques constantly evolve. It is a threat that requires an immediate response, especially in the enterprise. FOR528: Ransomware and Cyber Extortion covers the entire life cycle of an incident, from initial detection to incident response and postmortem analysis. While there is no way to prepare for every scenario possible, our course uses deftly devised, real-world attacks and their subsequent forensic artifacts to provide you, the analyst, with all that you need to respond when the threat become a reality.

  • Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. SANS FOR572 covers the tools, technology, and processes required to integrate network evidence sources into your investigations to provide better findings, and to get the job done faster.

  • The Digital Forensics Essentials course provides the necessary knowledge to understand the Digital Forensics and Incident Response disciplines, how to be an effective and efficient Digital Forensics practitioner or Incident Responder, and how to effectively use digital evidence.

  • FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

  • FOR585 is continuously updated to keep up with the latest malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (jailbreaks and roots) and encryption. It offers the most unique and current instruction to arm you with mobile device forensic knowledge you can immediately apply to cases you're working on the day you get back to work.

  • FOR608: Enterprise-Class Incident Response & Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. By using example tools built to operate at enterprise-class scale, students learn the techniques to collect focused data for incident response and threat hunting, and dig into analysis methodologies to learn multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using an array of analysis techniques.

  • Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

  • Developing deep reverse-engineering skills requires consistent practice. FOR710: Reverse-Engineering Malware - Advanced Code Analysis prepares malware specialists to dissect sophisticated Windows executables, such as those that dominate the headlines and preoccupy incident response teams across the globe. This course not only includes the necessary background and instructor-led walk throughs, but also provides students with numerous opportunities to tackle real-world reverse engineering scenarios during class.

Industrial Control Systems Course Demos

The SANS ICS Curricula provides hands-on training courses focused on Attacking and Defending ICS environments. These courses equip both security professionals and control system engineers with the knowledge and skills they need to safeguard our critical infrastructures.
  • ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

  • The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers students with knowledge of the what and the how of the version 5/6/7 standards. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations.

  • ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response, and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active Defense and Incident Response. The course has gone through a significant update changing much of the content, most of the labs, and adding a day in course length.

Offensive Operations, Penetration Testing and Red Teaming Course Demos

SANS Offensive Operations Curriculum offers courses spanning topics ranging from introductory penetration testing and hardware hacking, all the way to advanced exploit writing and red teaming, as well as specialized training such as purple teaming, wireless or mobile device security, and more.
  • SEC504 gives you the information you need to understand how attackers scan, exploit, pivot, and establish persistence in cloud and conventional systems. To help you develop retention and long-term recall of the course material, 50 percent of class time is spent on hands-on exercises, using visual association tools to break down complex topics. This course prepares you to conduct cyber investigations and will boost your career by helping you develop these in-demand skills.

  • In SEC542, you will practice the art of exploiting web applications to find flaws in your enterprise's web apps. You'll learn about the attacker's tools and methods in order to be a more powerful defender. Through detailed, hands-on exercises and with guidance from the instructor, you will learn the four-step process for web application penetration testing; inject SQL into back-end databases to learn how attackers exfiltrate sensitive data; and utilize cross-site scripting attacks to dominate a target infrastructure. You will also explore various other web app vulnerabilities in-depth using proven techniques and a structured testing regimen.

  • SEC556 facilitates examining the entire IoT ecosystem, helping you build the vital skills needed to identify, assess, and exploit basic and complex security mechanisms in IoT devices. This course gives you tools and hands-on techniques necessary to evaluate the ever-expanding IoT attack surface.

  • SEC560 prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. T

  • Develop and improve Red Team operations for security controls in SEC565 through adversary emulation, cyber threat intelligence, Red Team tradecraft, and engagement planning. Learn how to execute consistent and repeatable Red Team engagements that are focused on the effectiveness of the people, processes, and technology used to defend environments.

  • Think Red, Act Blue - Attackers are using new methods of compromising software supply chains that bypass traditional security controls across multiple attack surfaces. SEC568 offers comprehensive training, equipping you with the technical expertise to conduct precise product security assessments and risk analysis. Gain the knowledge and skills needed to protect your digital assets in a rapidly changing threat landscape.

  • SEC575 will prepare you to effectively evaluate the security of mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks.

  • SEC580 will teach you how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen. In this course, you will learn how Metasploit can fit into your day-to-day penetration testing assessment activities. You'll gain an in-depth understanding of the Metasploit Framework far beyond how to exploit a remote system. You'll also explore exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

  • SEC588 will equip you with the latest in cloud-focused penetration testing techniques and teach you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers, as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It's one thing to assess and secure a data center, but it takes a specialized skillset to truly assess and report on the risk that an organization faces if its cloud services are left insecure.

  • Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses will arm you with the knowledge and expertise you need to overcome today's threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls aimed at stopping, detecting, and responding to your adversaries through a purple team strategy.

  • SEC617 will give you the skills you need to understand the security strengths and weaknesses in wireless systems. In this course, you will learn how to evaluate the ever-present cacophony of Wi-Fi networks and identify the Wi-Fi access points and client devices that threaten your organization; assess, attack, and exploit deficiencies in modern Wi-Fi deployments using WPA2 technology, including sophisticated WPA2-Enterprise networks; use your understanding of the many weaknesses in Wi-Fi protocols and apply it to modern wireless systems; and identify and attack Wi-Fi access points and exploit the behavioral differences in how client devices scan for, identify, and select access points.

  • SEC660 is designed as a logical progression point for students who have completed SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. This course provides you with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and teaches you how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

  • SEC670 prepares you to create custom-compiled programs specifically for Windows and introduces students to techniques that real nation-state malware authors are currently using. You will learn the essential building blocks for developing custom offensive tools through required programming, APIs used, and mitigations for techniques covering privilege escalation, persistence, and collection.

  • SEC699 is SANS's advanced purple team offering, with a key focus on adversary emulation for data breach prevention and detection. Throughout this course, students will learn how real-life threat actors can be emulated in a realistic enterprise environment, including multiple AD forests. In true purple fashion, the goal of the course is to educate students on how adversarial techniques can be emulated (manual and automated) and detected (use cases/rules and anomaly-based detection). A natural follow-up to SEC599, this is an advanced SANS course offering, with 60 percent of class time spent on labs!

  • You will learn the skills required to reverse-engineer applications to find vulnerabilities, perform remote user application and kernel debugging, analyze patches for one-day exploits, perform advanced fuzzing, and write complex exploits against targets such as the Windows kernel and the modern Linux heap, all while circumventing or working with against cutting-edge exploit mitigation.

Cybersecurity Leadership Course Demos

The SANS Cybersecurity Leadership Curriculum, through world-class training and GIAC Certifications, develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.
  • Unveil the prevalent risks, discover mitigation tactics, and gain insights into AI-related cybersecurity and policy development. Designed for AI adopters to decision-makers, this training ensures a comprehensive grasp of GenAI's transformative impact on both personal and professional realms. Embrace the AI evolution with confidence and competence.

  • AUD507 gives you the three things needed to measure, report on, and manage risk in the enterprise: tools, techniques and thought processes. Auditors, managers, security and compliance professionals will get the mix of hands-on experience and classroom discussion they need to better protect their organizations. You'll learn to audit Windows, Linux, containers, web technologies, virtualization and networks.

  • LDR414 is fully updated for the April 2024 CISSP exam update! LDR414: SANS Training Program for CISSP Certification is an accelerated review course to prepare you to pass the exam. The course, designed by expert practitioners and SANS Fellows, Eric Conrad and Seth Misenar, prepares students to navigate all types of questions included on the new version of the exam. SANS' unique offering allows you to not only pass the test, but also to learn from the best.

  • Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. In this introduction to cybersecurity risk assessments, understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to properly prepare for and perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the foundational knowledge and practical, hands-on skills they need to perform such risk assessments.

  • Security leaders realize that cybersecurity is no longer just a technical issue but also a human one. Their greatest challenge now has become how to most effectively manage their human risk, as people are involved in over 80% of all breaches. Many organizations attempt to address this by running security awareness programs, but far too often most programs are compliance focused, nothing more than mandatory annual training. As a result, not only is their workforce highly insecure, but most of their workforce has a very negative perception of cybersecurity. This course enables organizations to effectively manage and measure their human risk by changing people's behavior and building a strong security culture.

  • Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.

  • The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

  • Vulnerability, patch, and configuration management are not new enterprise security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage security vulnerability capabilities effectively. The quantity of outstanding vulnerabilities for most enterprise organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new security vulnerabilities in their infrastructure and applications. When you add in the cloud, and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, enterprise security may seem unachievable. This vulnerability management training course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 21 Cyber42 and 15 lab exercises

  • This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.

  • This Security Culture for Leaders course will teach and enable today's cybersecurity leaders to build, manage, and measure a strong security culture. Cybersecurity leadership is no longer just about technology. It is ultimately about culture - not only what people think and feel about security but how they act, from the Board of Directors to every corner of the organization. As a result of this cyber security culture course, students will not only create an engaged and far more secure workforce, but also lead more effective and successful security initiatives. In addition, students will apply everything they learn through a series of 12 interactive team labs, numerous case studies and the Cyber42 leadership simulation capstone.

  • Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value. 35 Exercises

  • If you are a SOC manager or leader looking to unlock the power of proactive, intelligence-informed cyber defense, then LDR551 is the perfect course for you! In a world where IT environments and threat actors evolve faster than many teams can track, position your SOC to defend against highly motivated threat actors. Highly dynamic modern environments require a cyber defense capability that is forward-looking, fast-paced, and intelligence-driven. This SOC manager training course will guide you through these critical activities from start to finish and teach you how to design defenses with your organization's unique risk profile in mind. Walk away with the ability to align your SOC activities with organizational goals. 17 hands-on exercises + Cyber42 interactive leadership simulations.

  • If you are worried about leading or supporting a major cyber incident, then this is the course for you. LDR553: Cyber Incident Management focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine (9) case studies for hands-on learning.

  • The successful information security leader is responsible for more than just managing cybersecurity teams that protect their organization's interests. There are few disciplines more critical to organizational success than financial stewardship, so an effective information security leader must also have solid knowledge of business finance. This course will take information security leaders on a journey to help them understand and successfully navigate their organization's financial status. Understanding and effectively communicating financial stewardship will contribute to your own success, the success of the cybersecurity team that you are privileged to lead, and, ultimately, the success of your organization.

  • High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using a vetted cybersecurity control standard. Students will specifically learn how to implement, manage, and assess security control requirements defined by the Center for Internet Security's (CIS) Controls. Students will gain direct knowledge of the CIS Controls and ecosystem of tools to implement CIS controls across organizations complex networks, including cloud assets. 17 Lab Exercises and a program management simulation.