To be effective as cybersecurity leaders, security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. The Cybersecurity Leadership Curriculum develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.

Current SANS Cybersecurity Leadership Curriculum
NEW Cybersecurity Leadership Courses in 2020 and Q1-2021
MGT433: Managing Human Risk: Mature Security Awareness Programs
MGT520: Leading Cloud Security Design and Implementation
MGT521: Leading Cybersecurity Change: Building a Security-Based Culture
MGT516: Managing Security Vulnerabilities: Enterprise & Cloud
MGT551: Building and Leading Security Operations Centers
SEC557: Continuous Automation for Enterprise & Cloud Compliance
Courses Coming Soon / In Development
MGT416: Vendor Risk Management & Data Privacy

Cybersecurity requires engagement from all levels of leadership throughout an organization. The key differentiator between these various levels is the amount of technical knowledge and business knowledge that is required to succeed. Technology knowledge is invariably greater as you move down the pyramid while business knowledge increases as you move up the pyramid with increasingly more responsibility. Roles and titles will vary across organizations of different sizes and industries but the amount of technical knowledge that an engineer or analyst requires is vastly different from that which a CISO or even a VP of Security requires.
However, as a security leader or manager we are in a difficult situation. We need to have enough technical acumen to understand our team, resolve technical disagreements, and weigh in on appropriate technical direction. At the same time, we must have enough business understanding to convey technical security topics in ways that non-technical leaders can understand and translate business drivers to our teams in ways that they in turn can understand.
That is the focus of this curriculum. To give security leaders both the technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives.
Cybersecurity Leadership Triads
In an effort to help our students find the right path, SANS Cybersecurity Leadership Curriculum has created two triads of courses and certifications that align to help create stronger, more well-rounded cybersecurity leaders. This entire blog post is dedicated to describing these triads in detail as well as providing a series of related resources.

Cyber42 Leadership Simulation
In 2020 we added something new to the mix. We call it Cyber42. This cybersecurity leadership simulation game has been added to a number of SANS Cybersecurity Leadership courses. Additionally, starting in January 2021, we are offering monthly, free Cyber42 Game Days in our various versions, including:
- Security Capabilities
- CISO For A Day
- Vulnerability Management
Learn more about the game and find the Game Day schedule in this blog post.

Why Take Cybersecurity Leadership Training With SANS?
- Leadership Focused – appropriately plan and manage security projects and initiatives
- Technical Focused – gain the respect of technical team members and understand what technical staff are actually doing
- Holistic, Curated Curriculum – based on various job roles and focus areas
- Hands-On Labs – extensively focused on “the how” through non-traditional “lab work” such as analyzing case-studies, participating in team exercises, and competing against classmates in Cyber42 games
- World-Class Instructors – versatile, real-world security practitioners authoring & instructing
- Comprehensive Courseware – access to slides, notes, audio files, labs, and additional resources for future reference
- Certification Prep – specialized training that will help you prepare for a GIAC certification attempt
GIAC Certifications
In addition to courses, we offer six GIAC certifications, one SSA certification, and plans for more in 2021.
- GSLC: GIAC Security Leadership Certification
- GSTRT: GIAC Strategic Planning, Policy, and Leadership
- GCPM: GIAC Certified Project Manager
- GSNA: GIAC Systems Network Auditor
- GLEG: GIAC Law of Data Security & Investigations
- GCCC: GIAC Critical Controls Certification
- SSAP: SANS Security Awareness Professional

Challenge Coins
Hundreds of SANS Institute students have stepped up to the challenge and conquered. They’ve mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of a SANS Challenge Coin, an award given to a select portion of the thousands of students that have taken any of the SANS courses. More Cybersecurity Leadership Challenge Coins are on the radar for 2021!

More exciting milestones are on the horizon with the SANS Cybersecurity Leadership Curriculum such as a web page, additional courses, more GIAC certifications, new posters and free resources. Stay tuned!
Access Our Free Resources
Cybersecurity Leadership Website
Cybersecurity Leadership Webcasts
Course Demos
SANS offers free course demos for all courses available on the SANS OnDemand platform. Browse them here.
Join Us On Social
LinkedIn - SANS Security Leadership
Complete Cybersecurity Leadership Curriculum
Long Courses
MGT512: Security Leadership Essentials for Managers
MGT514: Security Strategic Planning, Policy, and Leadership
MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
MGT521: Leading Cybersecurity Change: Building a Security-Based Culture
MGT525: IT Project Management and Effective Communication
AUD507: Auditing and Monitoring Networks, Perimeters & Systems
LEG523: Law of Data Security and Investigations
SEC557: Continuous Automation for Enterprise and Cloud Security Compliance
SEC566: Implementing and Auditing the Critical Security Controls
Short Courses
MGT415: A Practical Introduction to Cyber Security Risk Management
MGT433: Managing Human Risk: Mature Security Awareness Programs
MGT520: Leading Cloud Security Design and Implementation
MGT551: Building and Leading Security Operations Centers
SEC440: Critical Security Controls: Planning, Implementing, and Auditing