What Are The Laptop Requirements?

A laptop or desktop with a current web browser, since the course runs through the SANS OnDemand portal. The exercises don’t require specialized software, just your usual reading and writing tools.

Who Should Attend SEC402 Training?

Cybersecurity professionals who write reports, briefings, emails, or other content as part of their job. The course works for managers and individual contributors, consultants and in-house staff, beginners and experts. If your job depends in part on whether your writing gets read and acted on, this course is for you.

Two books and one handout in print and digital format MP3 audio recordings of the full course Four months of access to the SANS OnDemand portal

What Are The Prerequisites For This Course?

No specific technical prerequisites. The course works for cybersecurity professionals at any level, from analysts and engineers to managers and executives. Some familiarity with the kinds of writing security teams produce, like incident reports, advisories, and emails, helps but isn’t required.

What Learning Path Is This Course A Part Of?

SEC402 covers foundational materials that apply across SANS curricula. Cybersecurity professionals often take SEC402 alongside their technical and leadership training.

What Is Cybersecurity Writing And Why Is It Important?

Cybersecurity writing turns security knowledge into reports, briefings, and emails that the right people read and act on. It matters because security recommendations only protect the organization when someone with authority decides to follow them.

How Will This Course Benefit My Career?

Cybersecurity professionals who write well influence more decisions and earn more credit for their analysis. Over time, strong writers get invited into the decisions other professionals only hear about secondhand.

UPDATED

SEC402: Cybersecurity Writing: Hack the Reader

SEC402Cybersecurity Leadership

12 Hours (Self-Paced)

Course authored by:

Lenny Zeltser

Course authored by:

Lenny Zeltser

12 CPEs
Apply your credits to renew your certifications
Self-paced
Train at your own pace from wherever you are
Essential Skill Level
Course material is for individuals with an understanding of IT or cyber security concepts

Jump to:

Overview
Syllabus
FAQs
Schedule & Pricing

Improve persuasive communication techniques to breach readers' defenses, ensuring security reports influence decisions even when audiences resist engaging with technical content.

Outstanding course. Provides a writing framework/rubric to evaluate & guide future writing.
Jordan WhitleyNew York Life

Course Overview

SEC402 teaches cybersecurity professionals to write so their reports, briefings, and emails get read and acted on. The technical insight is often there, but the writing that carries it loses the reader before the recommendation lands. This course teaches a reader-centered approach built around the five “golden” elements: structure, look, words, tone, and information. Students spot and fix problems in writing samples, including incident reports, threat reports, and assessment findings. They also learn how to use AI to draft, critique, and improve their writing, without ceding judgment to it.

What You'll Learn

Apply a reader-centered approach to incident, threat, and assessment reports
Organize your writing so busy colleagues and clients can scan, find what matters, and act
Make decisive choices about words and tone, including for difficult conversations
Match the information you include to the report type and the reader’s needs

Business Takeaways

Get more recommendations approved and implemented
Cut wasted time when stakeholders misread recommendations and incident updates
Get executives to read the analysis behind the recommendation
Minimize the back-and-forth between a security finding and a business decision
Reduce rework caused by reports that don’t answer the right questions

Meet Your Author

Lenny Zeltser

Fellow

Lenny Zeltser is a leader in developing resilient security programs. His invaluable tools, like REMnux, a widely used Linux distribution for malware analysis, have become industry standards in combating malicious software.

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC402: Cybersecurity Writing: Hack the Reader.

Section 1Capturing Attention: Structure, Look, and Words

Section 1 introduces the reader-centered approach and the first three elements that determine whether your writing gets read. Students learn to organize cybersecurity reports and messages, so readers find the takeaway, make it easy to scan, and choose words that work for both technical and business audiences. Hands-on exercises use weak and strong examples.

Topics covered

Reader-centered methodology and the five “golden” elements
Document structure with strong summaries, headings, paragraphs, and top-down narrative
Visual layout and emphasis that direct the eye
Word choice for clear, persuasive cybersecurity writing
Using AI as a new kind of reader and drafting helper

Section 2Earning Trust: Tone and Information

Section 2 turns to tone and information, which readers weigh before they trust you and act on what you wrote. Students learn to set a tone that stays professional, responsive, and constructive, even in disagreements and negative findings. They also learn what each report type, including incident, assessment, and threat reports, needs to deliver to readers.

Topics covered

The right tone: professional, responsive, constructive, and persuasive
The right information in cybersecurity incident reports
The right information in security assessment reports
The right information in malware and threat reports
Using AI to draft, review, and learn from public security reports

Things You Need To Know

Relevant Job Roles

Cybersecurity Legal Advice (OPM 731)

NICE: Oversight and Governance

Responsible for providing cybersecurity legal advice and recommendations, including monitoring related legislation and regulations.

Explore learning path

Systems Authorization (OPM 611)

NICE: Oversight and Governance

Responsible for operating an information system at an acceptable level of risk to organizational operations, organizational assets, individuals, other organizations, and the nation.

Explore learning path

Security Manager Training, Salary, and Career Path

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Manager, Information Security Specialist, and Program/Project Leader.

Explore learning path

Communications Security (COMSEC) Management (OPM 723)

NICE: Oversight and Governance

Responsible for managing the Communications Security (COMSEC) resources of an organization.

Explore learning path

Cybersecurity Instruction (OPM 712)

NICE: Oversight and Governance

Responsible for developing and conducting cybersecurity awareness, training, or education.

Explore learning path

Knowledge Management (OPM 431)

NICE: Implementation and Operation

Responsible for managing and administering processes and tools to identify, document, and access an organization’s intellectual capital.

Explore learning path

Technology Program Auditing (OPM 805)

NICE: Oversight and Governance

Responsible for conducting evaluations of technology programs or their individual components to determine compliance with published standards.

Explore learning path

Incident Response Team Member

Digital Forensics and Incident Response

This dynamic and fast-paced role involves identifying, mitigating, and eradicating attackers while their operations are still unfolding.

Explore learning path

Course Schedule and Pricing

Have Questions?Contact Us

Filter by:

Location & instructor
Virtual (OnDemand)
Instructed by
Lenny Zeltser
Date & Time
OnDemand (Anytime)Self-Paced, 4 months access
Course price
$3,505 USD*Prices exclude applicable local taxes
Registration Options
Self-Paced

Showing 1 of 1

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 3
Outstanding course. Provides a writing framework/rubric to evaluate and guide future writing.
Jordan WhitleyNew York Life
Slide 2 of 3
I attended a training at my company right before coming here related to improving written communication. I notice similarities here but the cybersecurity focus here is invaluable!
Andrew WalkerNovant Health
Slide 3 of 3
Cybersecurity writing skills are critical for professional development.
R. WajdaSecure Cloud LLC

Benefits of Learning with SANS

Bryan Simon: Teacher Standing Next to Smartboard and Explaining Concept

Get feedback from the world’s best cybersecurity experts and instructors

Choose how you want to learn - online, on demand, or at our live in-person training events

Close Up of Woman Holding a Pen and Documents

Get access to our range of industry-leading courses and resources

SEC536: Adversarial AI - Penetration Testing AI Systems

SEC402: Cybersecurity Writing: Hack the Reader