To be effective as cybersecurity leaders, security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. The Management Curriculum develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.
Current SANS Cybersecurity Management Curriculum
NEW MANAGEMENT COURSES IN 2020
COURSES COMING SOON / IN DEVELOPMENT
SEC557: Continuous Automation for Enterprise & Cloud Compliance
MGT416: Vendor Risk Management & Data Privacy
Cybersecurity requires engagement from all levels of leadership throughout an organization. The key differentiator between these various levels is the amount of technical knowledge and business knowledge that is required to succeed. Technology knowledge is invariably greater as you move down the pyramid while business knowledge increases as you move up the pyramid with increasingly more responsibility. Roles and titles will vary across organizations of different sizes and industries but the amount of technical knowledge that an engineer or analyst requires is vastly different from that which a CISO or even a VP of Security requires.
However, as a security leader or manager we are in a difficult situation. We need to have enough technical acumen to understand our team, resolve technical disagreements, and weigh in on appropriate technical direction. At the same time, we must have enough business understanding to convey technical security topics in ways that non-technical leaders can understand and translate business drivers to our teams in ways that they in turn can understand.
That is the focus of this curriculum. To give security leaders both the technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives.
In an effort to help our students find the right path, SANS Management Curriculum has created two cybersecurity leadership triads that align to help create stronger, more well-rounded cybersecurity leaders.
Transformational Cybersecurity Leader
With corporations in need of protecting against an endless and increasing onslaught of information security threats, technology management skills alone are no longer sufficient. Today it is about technology, business strategy, and people. Cybersecurity leaders need to be up to speed on information security issues from a technical standpoint, understand how to implement security planning into the broader business objectives, and be able to build a longer lasting security and risk-based culture. Adjusting employees’ and leadership’s way of thinking about security in order to prioritize and act to prevent today’s most common cybersecurity attacks requires organizational change that affects the foundational culture of the organization.
A Transformational Cybersecurity Leader will be able to:
- Strategize and apply concepts
- Implement management tools and methodologies
- Critically analyze the current business situation
- Identify target state
- Perform a gap analysis
- Develop a comprehensive cybersecurity roadmap
- Includes employees at all levels of the organization in every type of job role
The SANS Management Transformational Cybersecurity Leader triad ensures a cyber security manager is proficient in all three key pillars by providing a complete, curated package of education to support you along your path to becoming the strongest cybersecurity leader possible in today’s dynamic, online world.
Security Manager | Information Security Officer - Specialist - Analyst
This course empowers student to become effective security managers and quickly grasp critical information security issues and terminology, with a focus on security frameworks, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, security operations.
Security Manager - Director | Information Security Officer - Specialist - Analyst
This course gives you tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, create effective information security policy, and develop management and leadership skills to better lead, inspire, and motivate your teams.
Human Risk Officer | Chief Risk Officer | Security Awareness Manager | CISO
Drawing on real-world lessons from around the world, this course will teach you how to leverage the principles of organizational change in order to develop, maintain, and measure a security-driven culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply the concepts of organizational change to a variety of different security initiatives and quickly learn how to embed security into your organization's culture.
Operational Cybersecurity Executive
As cyber attacks become more common and more expensive, many organizations are making a foundational shift to view operations from the point of view of an adversary, in order to protect their most sensitive information. Despite vulnerability tools and programs being available for several decades, breaches still happen regularly from known vulnerabilities. With a wide range of technologies in use requiring more time and knowledge to manage, a global shortage of cybersecurity talent, an unprecedented migration to cloud, and legal and regulatory compliance often increasing and complicating the matter more, it’s no wonder we've seen frustration in the eyes of information assurance engineers, auditors, SOC analysts, and cybersecurity managers who are trying to make a difference in their organizations by better defending their data systems. Some organizations even wonder if they will ever succeed at properly protecting their information. Do not give up! The SANS Operational Cybersecurity Executive triad is here to help you build, grow, and sharpen your cyber defense team!
An Operational Cybersecurity Leader will be able to:
- Understand security controls
- Implement security controls
- Audit security controls
- Create an effective, comprehensive vulnerability management model
- Guide which threats need attention
- Continually mature your security operations, in turn saving time, money, and hours of frustration.
Information Security Director | Information Security Architect | Operations Manager
This course will help you think more strategically about vulnerability management so you can mature your organization's program. By understanding common issues and their solutions, you will be better prepared to meet the challenges of today and tomorrow. Through class discussions and other hands-on exercises, you will learn specific analysis and reporting techniques that will enable you to effectively communicate the problems you and your peers are facing and how they can be solved.
Information Assurance Auditors | System Administrator | Network Security Engineers
As threats evolve, an organization's security should, too. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Critical Security Controls, a prioritized, risk-based approach to security. Designed by private and public sector experts from around the world, the Controls are the best way to block known attacks and mitigate damage from successful attacks. They have been adopted by the U.S. Department of Homeland Security, state governments, universities, and numerous private firms.
SOC Manager | Senior SOC Analyst | Network Security Engineer - Architect
With lessons from those who have been in the trenches for years, this course will help you define, implement and sharpen your organization's cyber defense. Students work on hands-on exercises covering everything from playbook implementation to use case database creation, attack and detection capability prioritization and visualization, and purple team planning, execution, and reporting. Attendees will leave with a framework for understanding where their SOC should be focusing its efforts, how to track and organize defensive capabilities, and how to drive, verify, and communicate SOC improvements.
WHY TAKE CYBERSECURITY LEADERSHIP TRAINING WITH SANS?
- Leadership Focused – appropriately plan and manage security projects and initiatives
- Technical Focused – gain the respect of technical team members and understand what technical staff are actually doing
- Holistic, Curated Curriculum – based on various job roles and focus areas
- Hands-On Labs – extensively focused on “the how” through non-traditional “lab work” such as analyzing case-studies, participating in team exercises, and competing against classmates in Cyber42 games
- World-Class Instructors – versatile, real-world security practitioners authoring & instructing
- Comprehensive Courseware – access to slides, notes, audio files, labs, and additional resources for future reference
- Certification Prep – specialized training that will help you prepare for a GIAC certification attempt
In addition to courses, we offer six GIAC certifications, one SSA certification, and plans for more in 2021.
- GSLC: GIAC Security Leadership Certification
- GSTRT: GIAC Strategic Planning, Policy, and Leadership
- GCPM: GIAC Certified Project Manager
- GSNA: GIAC Systems Network Auditor
- GLEG: GIAC Law of Data Security & Investigations
- GCCC: GIAC Critical Controls Certification
- SSAP: SANS Security Awareness Professional
Hundreds of SANS Institute students have stepped up to the challenge and conquered. They’ve mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of a SANS Challenge Coin, an award given to a select portion of the thousands of students that have taken any of the SANS courses. More Management Challenge Coins are on the radar for 2021!
More exciting milestones are on the horizon with the SANS Cybersecurity Management Curriculum such as a web page, additional courses, more GIAC certifications, new posters and free resources. Stay tuned!
ACCESS OUR FREE RESOURCES
JOIN US ON SOCIAL
COMPLETE SANS CYBERSECURITY MANAGEMENT CURRICULUM