homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Full Course List
      • Training Roadmap
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
    • GIAC Certifications
    • Training Events & Summits
      • Event Locations
        • Americas
        • Europe & Middle East
        • Asia Pacific
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Bachelors & Masters Degrees
      • Scholarships
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
      • Why Work with SANS
      • Industries
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • Healthcare Training
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
    • Blog
    • Partners
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Summits & Forums
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. SANS Cybersecurity Leadership Triads
MGT_Triad_370x370_Headshot.jpg
SANS Cybersecurity Leadership

SANS Cybersecurity Leadership Triads

Go Beyond Good Enough. Become A Transformational Cybersecurity Leader or an Operational Cybersecurity Executive.

January 18, 2022

In an effort to help our students find the right career path and/or training for their current responsibilities, SANS Cybersecurity Leadership Curriculum has created two course and certification triads that align to help create stronger, more well-rounded cybersecurity leaders.

Each triad is explained in more detail below, as well as information about the webcast / blog series digging into each triad in great detail.

Slide_MGT512-Triads_2.jpg

Transformational Cybersecurity Leader

With corporations in need of protecting against an endless and increasing onslaught of information security threats, technology management skills alone are no longer sufficient. Today it is about technology, business strategy, and people. Cybersecurity leaders need to be up to speed on information security issues from a technical standpoint, understand how to implement security planning into the broader business objectives, and be able to build a longer lasting security and risk-based culture. Adjusting employees’ and leadership’s way of thinking about security in order to prioritize and act to prevent today’s most common cybersecurity attacks requires organizational change that affects the foundational culture of the organization.

A Transformational Cybersecurity Leader will be able to:

  • Strategize and apply concepts
  • Implement management tools and methodologies
  • Critically analyze the current business situation
  • Identify target state
  • Perform a gap analysis
  • Develop a comprehensive cybersecurity roadmap
  • Includes employees at all levels of the organization in every type of job role

The Transformational Cybersecurity Leader triad ensures a cyber security manager is proficient in all three key pillars by providing a complete, curated package of education to support you along your path to becoming the strongest cybersecurity leader possible in today’s dynamic, online world.

Download a one-page flier about the Transformational Cybersecurity Leader here.

1245x705_MGT-Triads_1.jpg

MGT512: Security Leadership Essentials for Managers | GSLC

Security Manager | Director | Information Security Officer

This course empowers student to become effective security managers and quickly grasp critical information security issues and terminology, with a focus on security frameworks, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, security operations.

MGT514: Security Strategic Planning, Policy, and Leadership | GSTRT

Security Manager | Director | Information Security Officer | CISO

This course gives you tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, create effective information security policy, and develop management and leadership skills to better lead, inspire, and motivate your teams.

MGT521: Leading Cybersecurity Change: Building a Security-Based Culture

Security Awareness Manager | Information Security Officer | CISO | Risk Officer

Drawing on real-world lessons from around the world, this course will teach you how to leverage the principles of organizational change in order to develop, maintain, and measure a security-driven culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply the concepts of organizational change to a variety of different security initiatives and quickly learn how to embed security into your organization's culture.

Operational Cybersecurity Executive

As cyber attacks become more common and more expensive, many organizations are making a foundational shift to view operations from the point of view of an adversary, in order to protect their most sensitive information. Despite vulnerability tools and programs being available for several decades, breaches still happen regularly from known vulnerabilities. With a wide range of technologies in use requiring more time and knowledge to manage, a global shortage of cybersecurity talent, an unprecedented migration to cloud, and legal and regulatory compliance often increasing and complicating the matter more, it’s no wonder we've seen frustration in the eyes of information assurance engineers, auditors, SOC analysts, and cybersecurity managers who are trying to make a difference in their organizations by better defending their data systems. Some organizations even wonder if they will ever succeed at properly protecting their information. Do not give up! The SANS Operational Cybersecurity Executive triad is here to help you build, grow, and sharpen your cyber defense team!

An Operational Cybersecurity Leader will be able to:

  • Understand security controls
  • Implement security controls
  • Audit security controls
  • Create an effective, comprehensive vulnerability management model
  • Guide which threats need attention
  • Continually mature your security operations, in turn saving time, money, and hours of frustration.

Download a one-page flier about the Operational Cybersecurity Executive here.

1245x705_MGT-Triads_Operational.jpg

MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

Security Manager | Architect | Director | Information Security Officer

This course will help you think more strategically about vulnerability management so you can mature your organization's program. By understanding common issues and their solutions, you will be better prepared to meet the challenges of today and tomorrow. Through class discussions and other hands-on exercises, you will learn specific analysis and reporting techniques that will enable you to effectively communicate the problems you and your peers are facing and how they can be solved.

SEC566: Implementing and Auditing Security Frameworks and Controls | GCCC

Security Manager | Information Assurance Auditors | Security Officer

As threats evolve, an organization's security should, too. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Critical Security Controls, a prioritized, risk-based approach to security. Designed by private and public sector experts from around the world, the Controls are the best way to block known attacks and mitigate damage from successful attacks. They have been adopted by the U.S. Department of Homeland Security, state governments, universities, and numerous private firms.

MGT551: Building and Leading Security Operations Centers | GSOM

SOC Manager | SOC Lead | SOC Engineer | Architect

With lessons from those who have been in the trenches for years, this course will help you define, implement and sharpen your organization's cyber defense. Students work on hands-on exercises covering everything from playbook implementation to use case database creation, attack and detection capability prioritization and visualization, and purple team planning, execution, and reporting. Attendees will leave with a framework for understanding where their SOC should be focusing its efforts, how to track and organize defensive capabilities, and how to drive, verify, and communicate SOC improvements.

Recorded Webcast | Blog Series

The webcast series outlined below are based on the fictitious Rekt Casino. It fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach.

The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. It’s as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.

If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees’ approach to protecting company assets, or even attending security related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It’s not enough to acknowledge that security requires more attention, you also have to act on that knowledge.

Transformational Cybersecurity Leader Triad

WEBCAST SERIES: Rekt Casino Hack Assessment Transformational Cybersecurity Leader

  • Part 1: Business Security Strategy, Policies, and Leadership Gone Wrong
  • Part 2: Weak Security Program, Unprotected Systems, and Poor Detection & Response
  • Part 3: Feeble Security Culture Disconnected from Business Objectives
  • Part 4: Panel Discussion: Pulling It All Together

BLOG SERIES: Rekt Casino Hack Assessment Transformational Cybersecurity Leader

  • Part 1: Business Security Strategy, Policies, and Leadership Gone Wrong
  • Part 2: Weak Security Program, Unprotected Systems, and Poor Detection & Response
  • Part 3: Feeble Security Culture Disconnected from Business Objectives
  • Part 4: Panel Discussion: Pulling It All Together

Operational Cybersecurity Executive Triad

WEBCAST SERIES: Rekt Casino Hack Assessment Operational Cybersecurity Executive

  • Part 1: Vulnerability Management Gone Wrong
  • Part 2: What?! There are Critical Security Controls We Should Follow?
  • Part 3: Security Operations Center Ill-equipped and Unprepared
  • Part 4: Panel Discussion: Pulling It All Together

BLOG SERIES: Rekt Casino Hack Assessment Operational Cybersecurity Executive

  • Part 1: Vulnerability Management Gone Wrong
  • Part 2: What?! There are Critical Security Controls We Should Follow?
  • Part 3: Security Operations Center Ill-equipped and Unprepared
  • Part 4: Panel Discussion: Pulling It All Together
Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kingdom of Saudi Arabia
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

Recommended Training

  • MGT551: Building and Leading Security Operations Centers
  • MGT512: Security Leadership Essentials for Managers
  • SEC557: Continuous Automation for Enterprise and Cloud Compliance

Tags:
  • Security Management, Legal, and Audit

Related Content

Blog
csl-340x340-green.jpg
Security Management, Legal, and Audit
May 16, 2022
SANS Cybersecurity Leadership Curriculum
Developing World Class Cybersecurity Leaders
MGT_Triad_370x370_Headshot.jpg
SANS Cybersecurity Leadership
read more
Blog
csl-340x340-logo.jpg
Security Management, Legal, and Audit, Cloud Security
May 2, 2022
Vulnerability Management Resources
Stay current with free resources focused on vulnerability management.
MGT_Triad_370x370_Headshot.jpg
SANS Cybersecurity Leadership
read more
Blog
Cybersecurity_Leadership_Summit_Blog.png
Security Management, Legal, and Audit
October 14, 2021
A Visual Summary of SANS Cybersecurity Leadership Summit 2021
Cybersecurity Leadership Summit was a free, virtual event for the community. Check out these graphic recordings created in real-time during the talks.
Emily Blades
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kingdom of Saudi Arabia
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe
  • © 2022 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn