The SANS Cybersecurity Leadership Curriculum, through world-class training and GIAC Certifications, develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.

Senior Security Leader

Daily focus is on developing, leading, and growing the security program. Includes titles such as CISO, VP, Senior Manager, Director, or Officer.
  • The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

    Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)

    • This Security Culture for Leaders course will teach and enable today's cybersecurity leaders to build, manage, and measure a strong security culture. Cybersecurity leadership is no longer just about technology. It is ultimately about culture - not only what people think and feel about security but how they act, from the Board of Directors to every corner of the organization. As a result of this cyber security culture course, students will not only create an engaged and far more secure workforce, but also lead more effective and successful security initiatives. In addition, students will apply everything they learn through a series of 12 interactive team labs, numerous case studies and the Cyber42 leadership simulation capstone.

    • Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. Understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the practical, hands-on skills they need to perform such risk assessments.

    • This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.



    • If you are worried about leading or supporting a major cyber incident, then this is the course for you. You cannot predict or pick when your organization will face a major cyber incident, but you can choose how prepared you are when it happens. While there are broad technical aspects to cyber incidents there is also a myriad of other activities that generally fall to executives, managers, legal, press, and human relations staff. These include communicating both internally and externally, considering the battle rhythm, and a look at methodologies for tracking information gathered and released to the public. This cyber incident management training course focuses on the challenges facing leaders and incident commanders as they work to bring enterprise networks back online and get business moving again.



    Security Manager

    Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
    • Performing IT security audits at the enterprise level can be an overwhelming task. Its difficult to know where to start and which controls should be audited first. Audits often focus on things that are not as important, wasting precious time and resources. Management is left in the dark about the real risk to the organization's mission. Operations staff cannotuse the audit report to reproduce or remediate findings. AUD507 gives the student the tools, techniques and thought processes required to perform meaningful risk assessments and audits. Learn to use risk assessments to recommend which controls should be used and where they should be placed. Know which tools will help you focus your efforts and learn how to automate those tools for maximum effectiveness.

      Certification: GIAC Systems and Network Auditor (GSNA)
      • Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.


        Certification: GIAC Security Leadership (GSLC)

      • Vulnerability, patch, and configuration management are not new enterprise security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage security vulnerability capabilities effectively. The quantity of outstanding vulnerabilities for most enterprise organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new security vulnerabilities in their infrastructure and applications. When you add in the cloud, and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, enterprise security may seem unachievable. This vulnerability management training course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 21 Cyber42 and 15 lab exercises.

      • This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.



      • Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value. 35 Exercises.

        Certification: GIAC Certified Project Manager (GCPM)

        • If you are a SOC manager or leader looking to unlock the power of proactive, intelligence-informed cyber defense, then LDR551 is the perfect course for you! In a world where IT environments and threat actors evolve faster than many teams can track, position your SOC to defend against highly motivated threat actors. Highly dynamic modern environments require a cyber defense capability that is forward-looking, fast-paced, and intelligence-driven. This SOC manager training course will guide you through these critical activities from start to finish and teach you how to design defenses with your organization's unique risk profile in mind. Walk away with the ability to align your SOC activities with organizational goals. 17 hands-on exercises + Cyber42 interactive leadership simulations.

          Certification: GIAC Security Operations Manager (GSOM)

          • High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using vetted cybersecurity frameworks and standards. Students will specifically learn how to navigate security control requirements defined by the Center for Internet Security's (CIS) Controls (v7.1 / 8.0), the NIST Cybersecurity Framework (CSF) the Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, ISO/IEC 27000, and other frameworks into a cohesive strategy to defend their organization while complying with industry standards.

            Certification:
             GIAC Critical Controls Certification (GCCC)

            • Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. Understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the practical, hands-on skills they need to perform such risk assessments.

            470x382_KEYWORDS_MGT-Triads.jpg

            SANS Cybersecurity Leadership Triads

            In an effort to help our students find the right path, we have created an over-arching pyramid and two cybersecurity management triads that align to help create stronger, more well-rounded cybersecurity leaders.
            SANS.EDU_Social_Cards_470x382_CybersecMgmt.jpg

            SANS.edu Graduate Certificate in Cybersecurity Management

            Prepare to design, deploy, and manage enterprise information security environments — and effectively lead cybersecurity teams.

            • Designed for working InfoSec professionals
            • 15-credit-hour program combining leadership and technical skills
            • Includes 5 industry-recognized GIAC certifications