SANS Courses Banner

Test Drive World-Class SANS Training

Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.
SANS-Tour-Demos-PRO-006-470x382-v2.jpg

Experience SANS Cyber Security Training through our free course demos available for more than 65 SANS courses. See our top SANS Instructors in action, evaluate course subject matter and difficulty level, and try out the features of our battle-tested OnDemand platform with about an hour of free content.

Register for your course from within the demo, or navigate to your preferred course page to learn more, search training options, and register.

SANS Online Training has convenient and flexible courses for any student, in any situation, anytime, and anywhere.

Cyber Defense Course Demos

Our SANS Blue Team Ops curriculum provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and applications against the most dangerous threats.
  • SEC450 provides students with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower those on their way to becoming the next generation of blue team members.

  • SEC487 is a foundational course in open-source intelligence (OSINT) gathering that teaches students how to find, collect, and analyze data from the Internet. Far from being a beginner class, this course teaches students the OSINT groundwork to be successful in finding and using online information, reinforced with over 25 hands-on exercises.

  • SEC501: Advanced Security Essentials - Enterprise Defender is an essential course for members of security teams of all sizes. That includes smaller teams where you wear several (or all) hats and need a robust understanding of many facets of cybersecurity, and larger teams where your role is more focused, and gaining skills in additional areas adds to your flexibility and opportunities. This course concentrates on showing you how to examine the traffic that is flowing on your networks, look for indications of an attack, and perform penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs.

  • SEC503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.

  • In SEC505 you will learn how to use PowerShell to automate Windows security and harden PowerShell itself. No prior PowerShell scripting experience is required to take the course because you will learn PowerShell along the way. We will even write a PowerShell ransomware script together in a lab in order to implement better ransomware defenses.

  • This course assesses the current state of security architecture and continuous monitoring, and provides a new approach to security architecture that can be easily understood and defended. When students finish, they have a list of action items in hand for making their organization one of the most effective vehicles for frustrating adversaries. Students are able to assess deficiencies in their own organization's security architectures and affect meaningful changes that are continuously monitored for deviations from their expected security posture.

  • This course is designed to help students build and maintain a truly defensible security architecture, while taking them on a journey towards implementing Zero Trust principles, pillars and capabilities. There will be a heavy focus on leveraging current infrastructure and investment. Students will learn how to assess, re-configure and validate existing technologies to significantly improve their organizations' prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways.

  • Many organizations have logging capabilities but lack the people and processes to analyze them. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide training, methods, and processes for enhancing existing logging solutions.

  • Are you a Blue Teamer who has been asked to do more with less? Do you wish you could detect and respond at the same pace as your adversaries who are breaking into and moving within the network? SEC586: Blue Team Operations: Defensive PowerShell teaches deep automation and defensive capabilities using PowerShell. Come join us and learn how to automate everything from regular hardening and auditing tasks to advanced defenses. This course will provide you with skills for near real-time detection and response and elevate your defenses to the next level.a

  • In SEC587 you will learn how to perform advanced OSINT Gathering & Analysis as well as understand and use common programming languages such as JSON and Python. SEC587 also will go into Dark Web and Financial (Cryptocurrency) topics as well as disinformation, advanced image and video OSINT analysis.

  • SEC595 provides students with a crash-course introduction to practical data science, statistics, probability, and machine learning. The course is structured as a series of short discussions with extensive hands-on labs that help students to develop useful intuitive understandings of how these concepts relate and can be used to solve real-world problems. If you've never done anything with data science or machine learning but want to use these techniques, this is definitely the course for you!

Cloud Security Course Demos

The SANS Cloud curriculum provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and applications in the cloud against the most dangerous threats.
  • More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud, and not just to one cloud service provider (CSP). Organizations are responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multicloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals are not properly trained to secure the organization's cloud environment and investigate and respond to the inevitable security breaches. New technologies introduce new risks. Help your organization successfully navigate both the security challenges and opportunities presented by cloud services. 20 Hands-on Labs + CloudWars CTF

  • As the landscape rapidly evolves and development teams eagerly adopt the next big thing, security is constantly playing catch-up in order to avert disaster. SEC510: Public Cloud Security: AWS, Azure, and GCP teaches you how the Big 3 cloud providers work and how to securely configure and use their services and PaaS / IaaS offerings. 20 Hands-On Labs + CloudWars

  • Security professionals are asked to provide validated and scalable solutions to secure this content in line with best industry practices using modern web application frameworks. Attending this class will not only raise awareness about common security flaws in modern web applications, but it will also teach students how to recognize and mitigate these flaws early and efficiently. 

  • SEC534: Secure DevOps: A Practical Introduction explains the fundamentals of DevOps and how DevOps teams can build and deliver secure software. You will learn DevOps principles, practices, and tools and how they can be leveraged to improve the reliability, integrity, and security of systems.

  • SEC540 provides security professionals with a methodology to secure modern Cloud and DevOps environments. By embracing the DevOps culture, students will walk away from SEC540 battle-tested and ready to build to their organization's Cloud & DevSecOps Security Program.

  • SEC541 is a cloud security course that investigates how attackers are operating against Amazon Web Services (AWS) and Microsoft Azure environments, the attacker's characteristics, and how to detect and investigate suspicious activity in your cloud infrastructure. You will learn how to spot the malice and investigate suspicious activity in your cloud infrastructure. In order to protect against cloud environment attacks, an organization must know which types of attacks are most likely to happen in your environment, be able to capture the correct data in a timely manner, and be able to analyze that data within the context of their cloud environment and overall business objectives.

Cybersecurity and IT Essentials Course Demos

SANS New to Cybersecurity curriculum features multiple options to meet the needs of anyone looking to enter the field. From zero technical experience to basic IT knowledge, SANS has a solution that will enable you to select a starting point for your cybersecurity learning journey.
  • This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

  • Whether you are new to information security or a seasoned practitioner with a specialized focus, SEC401 will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud. SEC401 will also show you how to directly apply the concept learned into a winning defensive strategy, all in the terms of the modern adversary. This is how we fight; this is how we win!

  • Want to write better? Learn to hack the reader! Discover how to find an opening, break down your readers' defenses, and capture their attention to deliver your message--even if they are too busy or indifferent to others' writing. This unique course, built exclusively for cybersecurity professionals, will strengthen your writing skills and boost your security career.

  • SEC403 shows you how to put together an effective security briefing, secure the interest and engagement of your audience, and confidently deliver presentations to a variety of groups. You will learn effective techniques to secure management approval for new security projects and tools, as well as how to handle the toughest questions and adjust on-the-fly. Designed exclusively for cybersecurity professionals, this course covers best practices for common security presentations such as penetration testing reports, security assessment reports, incident updates, after-action reports, security awareness briefings, and more.


Digital Forensics & Incident Response Course Demos

Our DFIR Curriculum will teach you how to detect compromised systems, identify how and when a breach occurred, understand what attackers took or changed, and successfully contain and remediate incidents.
  • The Digital Forensics Essentials course provides the necessary knowledge to understand the Digital Forensics and Incident Response disciplines, how to be an effective and efficient Digital Forensics practitioner or Incident Responder, and how to effectively use digital evidence.

  • FOR498, a digital forensic acquisition training course, provides the necessary skills to identify the many and varied data storage mediums in use today, and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. It covers digital acquisition from computers, portable devices, networks, and the cloud. It then teaches the student Battlefield Forensics, or the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less.

  • FOR500 builds in-depth and comprehensive digital forensics knowledge of Microsoft Windows operating systems by analyzing and authenticating forensic data as well as track detailed user activity and organize findings. It teaches students to apply digital forensic methodologies to a variety of case types and situations, allowing them to apply in the real world the right methodology to achieve the best outcome.

  • Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as "threat hunting".FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists.

  • FOR509: Enterprise Cloud Forensics and Incident Response addresses today's need to bring examiners up to speed with the rapidly changing world of enterprise cloud environments by uncovering the new evidence sources that only exist in the Cloud.

  • FOR518 is the first non-vendor-based Mac and iOS incident response and forensics course that focuses students on the raw data, in-depth detailed analysis, and how to get the most out of their Mac and iOS cases. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device.

  • Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. SANS FOR572 covers the tools, technology, and processes required to integrate network evidence sources into your investigations to provide better findings, and to get the job done faster.

  • FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

  • FOR585 is continuously updated to keep up with the latest malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (jailbreaks and roots) and encryption. It offers the most unique and current instruction to arm you with mobile device forensic knowledge you can immediately apply to cases you're working on the day you get back to work.

  • FOR608: Enterprise-Class Incident Response & Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. By using example tools built to operate at enterprise-class scale, students learn the techniques to collect focused data for incident response and threat hunting, and dig into analysis methodologies to learn multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using an array of analysis techniques.

  • Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

  • Developing deep reverse-engineering skills requires consistent practice. FOR710: Reverse-Engineering Malware - Advanced Code Analysis prepares malware specialists to dissect sophisticated Windows executables, such as those that dominate the headlines and preoccupy incident response teams across the globe. This course not only includes the necessary background and instructor-led walk throughs, but also provides students with numerous opportunities to tackle real-world reverse engineering scenarios during class.

Industrial Control Systems Course Demos

The SANS ICS Curricula provides hands-on training courses focused on Attacking and Defending ICS environments. These courses equip both security professionals and control system engineers with the knowledge and skills they need to safeguard our critical infrastructures.
  • ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

  • The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers students with knowledge of the what and the how of the version 5/6/7 standards. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations.

  • ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response, and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active Defense and Incident Response. The course has gone through a significant update changing much of the content, most of the labs, and adding a day in course length.

Offensive Operations Course Demos

SANS Offensive Operations Curriculum offers courses spanning topics ranging from introductory penetration testing and hardware hacking, all the way to advanced exploit writing and red teaming, as well as specialized training such as purple teaming, wireless or mobile device security, and more.
  • SEC460 will help you build your technical vulnerability assessment skills and techniques using time-tested, practical approaches to ensure true value across the enterprise. Throughout the course you will use real industry-standard security tools for vulnerability assessment, management, and mitigation; learn a holistic vulnerability assessment methodology while focusing on challenges faced in a large enterprise; and practice on a full-scale enterprise range chock-full of target machines representative of an enterprise environment, leveraging production-ready tools and a proven testing methodology. SEC460 takes you beyond the checklist and gives you a tour of attackers' perspectives that is crucial to discovering where they will strike.

  • SEC504 gives you the information you need to understand how attackers scan, exploit, pivot, and establish persistence in cloud and conventional systems. To help you develop retention and long-term recall of the course material, 50 percent of class time is spent on hands-on exercises, using visual association tools to break down complex topics. This course prepares you to conduct cyber investigations and will boost your career by helping you develop these in-demand skills.

  • In SEC542, you will practice the art of exploiting web applications to find flaws in your enterprise's web apps. You'll learn about the attacker's tools and methods in order to be a more powerful defender. Through detailed, hands-on exercises and with guidance from the instructor, you will learn the four-step process for web application penetration testing; inject SQL into back-end databases to learn how attackers exfiltrate sensitive data; and utilize cross-site scripting attacks to dominate a target infrastructure. You will also explore various other web app vulnerabilities in-depth using proven techniques and a structured testing regimen.

  • SEC554 will teach you the essential topics of blockchain and smart contract technology. The course takes a detailed look at the cryptography and transactions behind blockchain and provides the hands-on training and tools to deploy, audit, scan, and exploit blockchain and smart contract assets.


  • SEC556 facilitates examining the entire IoT ecosystem, helping you build the vital skills needed to identify, assess, and exploit basic and complex security mechanisms in IoT devices. This course gives you tools and hands-on techniques necessary to evaluate the ever-expanding IoT attack surface.

  • SEC560 prepares you to conduct successful penetration testing for a modern enterprise, including on-premise systems, Azure, and Azure AD. You will learn the methodology and techniques used by real-world penetration testers in large organizations to identify and exploit vulnerabilities at scale and show real business risk to your organization. T

  • SEC573 is an immersive, self-paced, hands-on, and lab-intensive course. After covering the essentials required for people who have never coded before, the course will present students with real-world forensics, defensive, and offensive challenges. You will develop a malware dropper for an offensive operation; learn to search your logs for the latest attacks; develop code to carve forensics artifacts from memory, hard drives, and packets; automate the interaction with an online website's API; and write a custom packet sniffer. Through fun and engaging labs, youll develop useful tools and build essential skills that will make you the most valuable member of your information security team.


  • SEC580 will teach you how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen. In this course, you will learn how Metasploit can fit into your day-to-day penetration testing assessment activities. You'll gain an in-depth understanding of the Metasploit Framework far beyond how to exploit a remote system. You'll also explore exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

  • SEC588 will equip you with the latest in cloud-focused penetration testing techniques and teach you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers, as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It's one thing to assess and secure a data center, but it takes a specialized skillset to truly assess and report on the risk that an organization faces if its cloud services are left insecure.

  • Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses will arm you with the knowledge and expertise you need to overcome today's threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls aimed at stopping, detecting, and responding to your adversaries through a purple team strategy.

  • SEC617 will give you the skills you need to understand the security strengths and weaknesses in wireless systems. In this course, you will learn how to evaluate the ever-present cacophony of Wi-Fi networks and identify the Wi-Fi access points and client devices that threaten your organization; assess, attack, and exploit deficiencies in modern Wi-Fi deployments using WPA2 technology, including sophisticated WPA2-Enterprise networks; use your understanding of the many weaknesses in Wi-Fi protocols and apply it to modern wireless systems; and identify and attack Wi-Fi access points and exploit the behavioral differences in how client devices scan for, identify, and select access points.

  • SEC660 is designed as a logical progression point for students who have completed SEC560: Network Penetration Testing and Ethical Hacking, or for those with existing penetration testing experience. This course provides you with in-depth knowledge of the most prominent and powerful attack vectors and furnishes an environment to perform these attacks in numerous hands-on scenarios. The course goes far beyond simple scanning for low-hanging fruit and teaches you how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

  • SEC661 is designed to break down the complexity of exploit development and the difficulties with analyzing software that runs on IoT devices. Students will learn how to interact with software running in ARM environments and write custom exploits against known IoT vulnerabilities.

  • SEC699 is SANS's advanced purple team offering, with a key focus on adversary emulation for data breach prevention and detection. Throughout this course, students will learn how real-life threat actors can be emulated in a realistic enterprise environment, including multiple AD forests. In true purple fashion, the goal of the course is to educate students on how adversarial techniques can be emulated (manual and automated) and detected (use cases/rules and anomaly-based detection). A natural follow-up to SEC599, this is an advanced SANS course offering, with 60 percent of class time spent on labs!

  • You will learn the skills required to reverse-engineer applications to find vulnerabilities, perform remote user application and kernel debugging, analyze patches for one-day exploits, perform advanced fuzzing, and write complex exploits against targets such as the Windows kernel and the modern Linux heap, all while circumventing or working with against cutting-edge exploit mitigation.

Cybersecurity Leadership Course Demos

The SANS Cybersecurity Leadership Curriculum, through world-class training and GIAC Certifications, develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.
  • AUD507 gives you the three things needed to measure, report on, and manage risk in the enterprise: tools, techniques and thought processes. Auditors, managers, security and compliance professionals will get the mix of hands-on experience and classroom discussion they need to better protect their organizations. You'll learn to audit Windows, Linux, containers, web technologies, virtualization and networks.

  • New law on privacy, e-discovery and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the cybersecurity team. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies, and records management procedures.

  • MGT414 is fully updated for the May 2021 CISSP exam update! MGT414: SANS Training Program for CISSP Certification is an accelerated review course designed to prepare you to pass the exam. The course prepares students to navigate all types of questions included on the new version of the exam.

  • Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the primary attack vector for cyber attackers. The most effective way to manage your organization's human risk is to establish a mature security awareness program that goes beyond compliance, changes people's behaviors, and ultimately creates a secure culture. This two-day intensive course, to include five interactive labs, will teach you the key concepts and skills needed to do just that, whether you are establishing a new program or maturing an existing one.

  • Security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. This course empowers you to become an effective security manager and get up to speed quickly on information security issues and terminology. You won't just learn about security, you will learn how to manage and lead security teams and programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.

  • The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

  • Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable. This course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 16 Cyber42 and lab exercises

  • While the cloud environment may appear similar to running a traditional IT environment on the premises, the cloud solutions protection requirements are in fact very different because the traditional network perimeter is no longer the best line of defense, and the threat vectors are not the same. Effective defense of the organizations cloud environment requires significant planning and governance by a well-informed management team. This course provides the information security leaders need to drive a secure cloud model and leapfrog on security to leverage the security capabilities in the cloud. We will walk through the key aspects of managing cloud transition and ensuring security in the continuous operations post-migration that are common across organizations on the same journey. Nine scenario-based labs are included.

  • Cybersecurity leadership is no longer just about technology. It is ultimately about organizational change - change not only in how people think about cybersecurity but in what they prioritize and how they act, from the Board of Directors to every corner of the organization. Students will learn how to build, manage, and measure a strong cybersecurity culture by leveraging the latest in organizational change models and real-world lessons learned. In addition, students will apply everything they learn through a series of 16 interactive labs and case studies.

  • Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value.

  • Information technology is so tightly woven into the fabric of modern business that cyber risk has become business risk. SOC teams are facing more pressure than ever before to help manage this risk by identifying and responding to threats across a diverse set of infrastructures, business processes, and users. Furthermore, SOC managers are in the unique position of having to bridge the gap between business processes and the highly technical work that goes on in the SOC. MGT551 students will learn how to design their defenses around their unique organizational requirements and risk profile. We will give you the tools to build an intelligence-driven defense, measure progress towards your goals, and develop more advanced processes like threat hunting, active defense, and continuous SOC assessment. 

  • Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value.

  • Information technology is so tightly woven into the fabric of modern business that cyber risk has become business risk. SOC teams are facing more pressure than ever before to help manage this risk by identifying and responding to threats across a diverse set of infrastructures, business processes, and users. Furthermore, SOC managers are in the unique position of having to bridge the gap between business processes and the highly technical work that goes on in the SOC. MGT551 students will learn how to design their defenses around their unique organizational requirements and risk profile. We will give you the tools to build an intelligence-driven defense, measure progress towards your goals, and develop more advanced processes like threat hunting, active defense, and continuous SOC assessment. 15 Hands-On Exercises

  • High profile cybersecurity attacks indicate that offensive attacks are overwhelming defensive measures. Even with management's attention to system penetrations and data loss, risky incidents are still costly to the enterprise's balance sheets. Cybersecurity, privacy, and compliance people are asking, "How do we practically protect and defend our information and systems? How do we understand security frameworks and controls?" This course provides students an overview to the security controls and cybersecurity hygiene defined in the CIS Critical Controls.

  • High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using vetted cybersecurity frameworks and standards. Students will specifically learn how to navigate security control requirements defined by the Center for Internet Security's (CIS) Controls (v7.1 / 8.0), the NIST Cybersecurity Framework (CSF) the Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, ISO/IEC 27000, and other frameworks into a cohesive strategy to defend their organization while complying with industry standards. 13 Hands-on Exercises