The SANS Security Awareness Professional (SSAP) is the world’s leading industry-recognized credential that signifies that the holder has the knowledge and expertise to build, maintain and measure a mature security awareness program. The SSAP was developed and is maintained by GIAC, the same organization that develops and maintains security certifications for SANS Institute courses.
The first step to achieving your SSAP is taking the 3-day SANS LDR433: Managing Human Risk course on building mature awareness programs. Once you have completed this course, you will be fully prepared to take the exam. Full details on the exam and how to register can be found on the SSAP page.
A question we are commonly asked is how to prepare for the exam. Here are key tips for success.
- Know the Content. First, make sure you understand all the LDR433 course training content. If it’s in the course books, it’s eligible to be in the exam. If it’s a fun but random story from the instructor, it’s not in the exam. Keep in mind that even if you have multiple years of experience, you will need to study the material to be successful, as the course goes into the theory and models of concepts such as risk management, marketing, adult learning theory and behavior change. You need to know those models.
- Open Book: The SSAP, like all GIAC certifications, are open book. This means you can bring your course books (and any other printed materials / notes) with you for the exams. GIAC exams are not testing your ability to memorize content, they test your ability to comprehend and apply the content. Please note, you cannot bring any digital materials / notes to an exam, printed only.
- Index Your Course Books. You will receive a book for each day of each class. The course books have the class slides and details notes for each slide. We recommend that you highlight, tag and take notes in your books during the course. Even better, we suggest you index your books so you can quickly find and reference key points during the exam, such as models and frameworks covered in the materials. Check out this outstanding tutorial on how to index a SANS course by Hacks4Pancakes.
- Take the Practice Test. Like other GIAC exams, the SSAP comes with a practice test. Unlike other GIAC exams, you only get one practice test. This is due to LDR433 being a three-day course. Be sure to take the practice test AFTER you complete the steps above.
Remember, GIAC exams are not designed to trick you, they are designed to test your retention and comprehension. If you take the class, pay attention, review the content, create an index and then take the practice test, you are going to do just fine.
Best of luck, and welcome to the community!