homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Free Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Free Training & Resources
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
      • Leadership Courses
      • Executive Cybersecurity Exercises
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
      • Webcasts Listings
      • Live Streams
        • Wait Just An Infosec
        • Cybersecurity Leadership
        • SANS Threat Analysis Rundown (STAR)
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
        • Blueprint
        • Trust Me, I'm Certified
        • Cloud Ace
        • Wait Just an Infosec
      • Summit Presentations
      • Posters & Cheat Sheets
    • Internet Storm Center
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
      • Open-Source Intelligence (OSINT)
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • Brazil
    • France
    • Japan
    • United Kingdom
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Courses >
  3. LDR516: Building and Leading Vulnerability Management Programs
New

LDR516: Building and Leading Vulnerability Management Programs

Course Demo
    30 CPEs

    ** USE THIS VERSION FOR CLASSES AFTER DECEMBER 31, 2023 ** Vulnerability, patch, and configuration management are not new enterprise security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage security vulnerability capabilities effectively. The quantity of outstanding vulnerabilities for most enterprise organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new security vulnerabilities in their infrastructure and applications. When you add in the cloud, and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, enterprise security may seem unachievable. This vulnerability management training course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 21 Cyber42 and 15 lab exercises

    Course Authors:
    Jonathan Risto
    Jonathan Risto
    Certified Instructor
    David Hazar
    David Hazar
    Certified Instructor
    What You Will LearnSyllabusPrerequisitesLaptop RequirementsAuthor Statement

    What You Will Learn

    IMPORTANT NOTICE: SANS is in process of changing course prefixes from “MGT” to “LDR”. There is no change in course content or pricing. MGT516 will run through December 31, 2023, then LDR516 will run thereafter. Course books may reflect the “MGT” prefix even for "LDR" classes of the course during the transition. If you would like to take the course before December 31, 2023 or via OnDemand, please visit the MGT516 course page.

    Stop Treating Symptoms. Cure The Disease.

    Whether your vulnerability management program is well established, or you are just getting started, this course will help you think differently about vulnerability management. You will learn how to move past the hype to successfully prioritize the security vulnerabilities that are not blocked, then clearly and effectively communicate the risk associated with the rest of the vulnerabilities in your backlog that, for a variety of reasons, cannot currently be remediated. You'll also learn what mature organizations are doing to ease the burden associated with security vulnerability management across both infrastructure and applications as well as across both their cloud and non-cloud environments. LDR516 is based on the Prepare, Identify, Analyze, Communicate, and Treat (PIACT) Model.

    MGT516 helps you think strategically about vulnerability management in order to mature your enterprise security’s program, but it also provides tactical guidance to help you overcome common challenges. By understanding and discussing solutions to typical issues that many organizations face across both traditional and cloud operating environments, you will be better prepared to meet the challenges of today and tomorrow. Knowing that many organizations are adopting cloud services in addition to continuing to manage their more traditional operating environments, we'll also look at different cloud service types throughout the course and how they impact the program both positively and negatively. We will highlight some of the tools and processes that can be leveraged in each of these environments and present new and emerging trends.

    "This course is essential for both well-established and developing vulnerability management teams." - Robert Adams, CBC

    "A great course to utilize if new to cloud vulnerability management." - Amaan Mughal

    Business TakeawaysThis course will help your organization:

    • Understand what is working and what is not working in modern day vulnerability programs
    • Anticipate and plan for the impacts related to cloud operating environments
    • Realize why context matters and how to gather, store, maintain, and utilize contextual data effectively
    • Effectively and efficiently communicate vulnerability data and its associate risk to key stakeholders
    • Determine how to group vulnerabilities meaningfully to identify current obstacles or deficiencies
    • Know which metrics will drive greater adoption and change within the organization
    • Understand what remediation capabilities are available to assist technology teams in resolving vulnerabilities and proactively

    Skills Learned

    • Steps to create, implement, or mature your vulnerability management program and receive buy-in from your stakeholders
    • Techniques for building and maintaining an accurate and useful inventory of IT assets in the enterprise and the cloud
    • What identification processes and technologies are effective across both infrastructure and applications and how to configure them appropriately
    • Which common false positives or false negatives to be aware of in your identification arsenal
    • How to prioritize unblocked vulnerabilities for treatment based on a variety of techniques
    • Effectively report and communicate vulnerability data within your organization
    • Ability to identify and report on the risk associated with vulnerabilities that are blocked and cannot currently be prioritized for remediation
    • A better understanding of modern treatment capabilities and how to better engage with treatment teams
    • Talent for making vulnerability management more fun and engaging for all those involved
    • Differentiating how to deal with application layer vulnerabilities versus infrastructure vulnerabilities
    • An understanding of how our strategies and techniques might change as we move to the cloud, implement private cloud, or roll out DevOps within our organizations

    Collaborative Training

    MGT516 uses the Cyber42 leadership simulation game, critical thinking labs based on outlined scenarios, and demonstrations to provide you with the information you need to skillfully fight the VM battle. Cyber42 helps students absorb and apply the content throughout the course. In this web-based continuous tabletop exercise, students play to improve security culture, manage budget and schedule, and improve specific vulnerability management capabilities at the fictional organization, The "Everything Corporation" or "E Corp". This puts you in real-world scenarios that require you to think through various options for improving the organization's maturity by responding to specific events.

    The following is a brief description of the different game components and other labs by section:

    • Section 1: The Everything Corporation Company Overview, Round 1 Initiative Selection, Practice Event: Improve VM Program Image, and Events 1 - 3: Audit Action Item - VM Policy & Standards, Shadow Cloud Usage, and Asset Inventory; Policy & Standards Review, Moving to the Cloud, Asset Management - Critical Attributes, Leveraging Asset Context Domo & Azure Data Explorer Demonstrations.
    • Section 2: Round 2 Initiative Selection; Events 4-6: Gap in Coverage, Space Race, Misconfigured Blob Storage, and; Scanning Techniques, Scan Validation, Pipeline Integration
    • Section 3: Events 7-9: Healthcare Threat Intelligence Sharing, Error - Does Not Compute, and Inaccurate Report; Round 3 Initiative Selection; Contextual Prioritization, Adding Solution Groups and Types ServiceNow Demonstration
    • Section 4: Events 10-12: Can’t Patch or Won’t Patch, Problems with Aging, Third-Party App Downloads; Round 4 Initiative Selection; Changing Culture, Gold Image Pipeline Demo, Remediation Effectiveness
    • Section 5: Events 13-17: Support for the Program, E-commerce Oops, Legacy Systems, Code Coverage Challenge, and Space Race Part 2-The Board Meeting; Vulnerability Management Buy-In

    "Excellent labs. More fun than I thought possible with vulnerability management." - Page Jeffery, Newmont

    "I have really enjoyed the discussions around these labs and hearing similarities from other users. I think this format for labs is fun." - Isaac Philbrook, Premera

    "Great experience with Cyber42!!" - Yann Esclanguin, Caterpillar

    Syllabus Summary

    • Section 1: Course overview, policies and standards, cloud design considerations, and cyber asset attack surface management
    • Section 2: Identification challenges, processes, and technology across both infrastructure and applications
    • Section 3: Analysis, metrics, and communication techniques for effectively influencing action
    • Section 4: Common treatment or remediation processes and technologies
    • Section 5: Getting buy-in and advancing your program

    Additional Free Resources

    • Key Metrics & Vulnerability Management Maturity Model Poster
    • CISO Scorecard and Cloud Security Maturity Model Poster
    • Operational Cybersecurity Executive Triad
    • Rekt Casino Hack Assessment Operational Series: Vulnerability Management Gone Wrong Webcast
    • Rekt Casino Revisited: Operational Series, Part 1 Blog

    What you will Receive

    • Student manuals containing the entire course content and lab introductions and debriefs
    • Access to lab materials and bonus content and videos on the class website
    • Access to the Cyber42 security leadership simulation game
    • MP3 audio files of the complete course lecture

    What Comes Next

    • SEC566: Implementing and Auditing Security Frameworks and Conrols
    • MGT551: Building and Leading Security Operations Center
    • MGT520: Leading Cloud Security Design and Implementation

    NOTE: SANS offers two courses with a focus on vulnerability management. LDR516 helps you think strategically about vulnerability management in order to mature your organization's program, but it also provides tactical guidance to help you overcome common challenges. SEC460: Enterprise and Cloud | Threat Vulnerability Assessment helps you build your technical vulnerability assessment skills and techniques using time-tested, practical approaches to ensure true value across the enterprise. Review the full comparison here.

    Syllabus (30 CPEs)

    Download PDF
    • Overview

      This section looks at why vulnerability management is important and introduces the course. We then provide an overview of the cloud and how different cloud service types and architectures can impact managing vulnerabilities. Finally, well dig into why asset management is so important and foundational for effective vulnerability management, and the different ways that gaining additional context can help us succeed.

      Exercises
      • Moving to the Cloud: Scenario-based lab about the impact of moving to the cloud on an organizations vulnerability management program
      • Critical Attributes: Scenario-based lab on how to identify critical contextual attributes that need to exist within our asset management database or be tracked in some other way to prioritize and manage vulnerabilities more effectively
      • Leveraging Asset Context
        • Hands-on lab leveraging a spreadsheet that contains both vulnerability and asset data sets to answer questions about the vulnerability of data and the quality of the asset data
        • Demonstration of how asset details and context and be used to help analyze vulnerability data performed in Domo, a SaaS Business Intelligence platform and Azure Data Explorer
      • Cyber42 Game
        • Game introduction and practice event
        • Initiative selection for Round 1
        • Three Round 1 events
      Topics
      • Course Overview
      • Cloud and Cloud Vulnerability Management
      • Asset Management
        • Overview
        • Importance of context
        • Attributes and inline context
        • Cloud asset management
    • Overview

      Identifying vulnerabilities continues to be a major focus for our security programs, as it can provide insight into the current risks to our organization. It also provides the data for our analysis and for the measures and metrics we use to guide the program and track our maturity. This section looks at common identification pitfalls and discuss identification architecture and design across both infrastructure and applications. Well also look at where we might require permission to perform identification and how we safely grant permission to third parties to test our systems and applications and responsibly disclose any findings.

      Exercises
      • Scanning: Scenario-based lab to better understand and identify the types of scanning that are most effective for different asset types
      • Scan Validation: Scenario-based lab to better understand and identify the reasons why certain vulnerabilities are showing up in infrastructure scans even though they seem invalid or out of place
      • Pipeline Integration Demo
        • Demo of how to leverage GitHub Actions to integrate SAST and SCA into an automated pipeline
      • Cyber42 Game
        • One Round 1 event
        • Initiative selection for Round 2
        • Two Round 2 events

      Topics

      Identification

      • Challenges
      • Tools, architecture, and design
      • Cloud identification
      • Permission
      • Validating scan results
      • Scanner configuration
      • Application vulnerabilities
      • Proactive Identification
      • Bug bounty programs
    • Overview

      Gone are the days when we can just scan for vulnerabilities and send the raw output to our teams for remediation. We need to help reduce the burden by analyzing the output to reduce inaccuracies and identify root-cause issues that may be preventing remediation. Once we have identified the issues that cannot be resolved, we should prioritize the rest to ensure that we are having the greatest impact and provide targeted reports or dashboards to system and platform owners. This section will look at some common inaccuracies in the output of our identification processes, discuss prioritization, and then look at what metrics are commonly used to measure our program and the related operational capabilities. We will also discuss how to generate meaningful reports, communication strategies, and the different types of meetings that should be held to increase collaboration and participation.

      Exercises
      • Contextual Prioritization: Critical thinking lab around how we leverage different contextual attributes to help us prioritize our vulnerability data sets
      • Solution Groups and Types: Demo of to apply solution groups or remediation actions to vulnerability data sets and leverage the groupings for analysis and reporting performed in ServiceNow.
      • Cyber42 Game
        • Two Round 2 events
        • Initiative selection for Round 3
        • One Round 3 event
      Topics
      • Analyze
        • Simple Threat Contextual Information
        • Asset-based Contextual Information
        • Advanced Threat Contextual Information
        • Solution Groups
        • Exclusion Groups & Risk
      • Communicate
        • Metrics
        • Reporting
        • Communication Strategy
        • Vulnerability Management Meetings
    • Overview

      Treating vulnerabilities and reducing risk is the ultimate goal of all we do in vulnerability management. It is important for all participants to understand the typical processes and technologies that exist and how to leverage them to increase positive change within the organization. Most organizations will have some form of change, patch, and configuration management programs. This course section will look at how we interface with these processes to streamline change and increase consistency. Well also examine some unique challenges we face in the cloud, how to better deal with application vulnerabilities, and some alternatives we can look to when traditional treatment methods are not available.

      Exercises
      • Changing Culture: Discussion and thought-based lab about what organizational cultures are most or least conducive to vulnerability management and how to go about changing or influencing culture
      • Gold Image Pipeline: Demo of Gold Image Pipeline to update and securely configure an AWS EC2 Instance using Packer, Ansible, and InSpec
      • Remediation Effectiveness: Scenario-based lab to better understand and identify how to gauge the effectiveness of the treatment options selected for various vulnerabilities after implementation and over time
      • Cyber42 Game
        • Three Round 3 events
        • Initiative selection for Round 4
      Topics

      Treatment

      • Change management
      • Patch management
      • Configuration management
      • Cloud management
      • Application management
      • Alternative treatment
      • Other treatment considerations
    • Overview

      Vulnerability management is not the easiest job in an organization, and many challenges can hold us back. From split responsibility and accountability to reliance on shared personnel, much of the work done in this space goes unrecognized. This section will summarize much of what we have learned and discussed throughout the week and look at how we can use this information to improve the program. Well discuss how we can make VM more fun and successful within the organization, identify and collaborate more effectively with various stakeholders, and build out and mature a robust vulnerability management program.

      Exercises
      • Vulnerability Management Buy-In: Scenario-based lab to better identify important stakeholders and get or improve buy-in for the program
      • Cyber42 Game
        • Five Round 4 events
        • Final scoring and wrap-up
      Topics
      • Buy-In
      • Making VM fun
      • Common Problems
      • Stakeholder Identification
      • Collaboration
      • Creating a Vulnerability Management Program
      • Selecting the Right Tools
      • Advancing the Program

    Prerequisites

    A basic understanding of vulnerability, patch, and configuration management concepts is recommended for this course.

    Laptop Requirements

    Important! Bring your own system configured according to these instructions.

    A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

    Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

    MANDATORY LDR516 SYSTEM HARDWARE REQUIREMENTS

    • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

    MANDATORY LDR516 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS

    • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
    • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
    • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
    • Microsoft Office (any version) or OpenOffice installed on your host. Note that you can download Office Trial Software online (free for 30 days).

    Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

    If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org

    Author Statement

    ""It is easy to be overwhelmed by the amount of vulnerability management information available to us. Vulnerabilities are present in just about every device and software we use, with new reports released daily. Managing this dynamic landscape is a challenge for organizations. Our goal is to provide students with a framework for managing the vast quantities of vulnerabilities, and building or improving their vulnerability management program. This will enable students to identify the key problems within their environment, evaluate potential solutions for those problems, and communicate within their teams and to the organization on the effectiveness of vulnerability management." - Jonathan Risto

    "I appreciated Jonathan sharing his personal examples today as he covered the material. Great real world challenges and made the content more relatable. Thank you!" - Bridget Aman

    "I have spent over a decade helping organizations improve their infrastructure and application vulnerability management capabilities and programs. It surprises me how many organizations are struggling with similar issues. I'm also concerned when I hear from organizations about how they are going to successfully implement vulnerability management in the cloud, even while they are still struggling to manage vulnerabilities in their more traditional operating environments. With this course, we want to provide students with a better understanding of what they can do to improve their current program and extend that program into the cloud. We want them to understand the common roadblocks they will face and provide solutions to these challenges. There is no one-size-fits-all solution to vulnerability management, but there are definitely common themes in mature organizations. The course is also a great opportunity to learn from what peers are doing in their organizations to solve some of the same problems you may be facing." - David Hazar

    "David has vast experiences with numerous different types of organizations in vulnerability management. During the class, this was vital in bringing in and discussing real-world challenges." - Vikas Bangia, Bessemer Trust

    No scheduled events for this course.

    Who Should Attend LDR516?

    • Vulnerability program managers and analysts managing vulnerabilities in the enterprise or cloud
    • Information security managers, architects, analysts, officers, and directors
    • Aspiring information security leaders
    • Risk management, business continuity and disaster recovery professionals
    • IT operations managers and administrators
    • CISOs
    • Cloud service managers, administrators, integrators, developers, and brokers
    • Cloud service security and risk managers
    • Government IT professionals who manage vulnerabilities in the enterprise or cloud (FedRAMP, NIST CSF)

    NICE Framework Work Roles:

    • Security Control Assessor (OPM 612)
    • Vulnerability Assessment Analyst (OPM 541)

    "Great class full of new info for beginners and experienced VM folks. Thank you!"- Jen O'Malley, SAP

    See prerequisites

    Related Programs

    DoDD 8140
    DoDD 8140 (0)
    See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140.
    • Register to Learn
    • Courses
    • Certifications
    • Degree Programs
    • Cyber Ranges
    • Job Tools
    • Security Policy Project
    • Posters & Cheat Sheets
    • White Papers
    • Focus Areas
    • Cyber Defense
    • Cloud Security
    • Cybersecurity Leadership
    • Digital Forensics
    • Industrial Control Systems
    • Offensive Operations
    Subscribe to SANS Newsletters
    Receive curated news, vulnerabilities, & security awareness tips
    United States
    Canada
    United Kingdom
    Spain
    Belgium
    Denmark
    Norway
    Netherlands
    Australia
    India
    Japan
    Singapore
    Afghanistan
    Aland Islands
    Albania
    Algeria
    American Samoa
    Andorra
    Angola
    Anguilla
    Antarctica
    Antigua and Barbuda
    Argentina
    Armenia
    Aruba
    Austria
    Azerbaijan
    Bahamas
    Bahrain
    Bangladesh
    Barbados
    Belarus
    Belize
    Benin
    Bermuda
    Bhutan
    Bolivia
    Bonaire, Sint Eustatius, and Saba
    Bosnia And Herzegovina
    Botswana
    Bouvet Island
    Brazil
    British Indian Ocean Territory
    Brunei Darussalam
    Bulgaria
    Burkina Faso
    Burundi
    Cambodia
    Cameroon
    Cape Verde
    Cayman Islands
    Central African Republic
    Chad
    Chile
    China
    Christmas Island
    Cocos (Keeling) Islands
    Colombia
    Comoros
    Cook Islands
    Costa Rica
    Croatia (Local Name: Hrvatska)
    Curacao
    Cyprus
    Czech Republic
    Democratic Republic of the Congo
    Djibouti
    Dominica
    Dominican Republic
    East Timor
    East Timor
    Ecuador
    Egypt
    El Salvador
    Equatorial Guinea
    Eritrea
    Estonia
    Ethiopia
    Falkland Islands (Malvinas)
    Faroe Islands
    Fiji
    Finland
    France
    French Guiana
    French Polynesia
    French Southern Territories
    Gabon
    Gambia
    Georgia
    Germany
    Ghana
    Gibraltar
    Greece
    Greenland
    Grenada
    Guadeloupe
    Guam
    Guatemala
    Guernsey
    Guinea
    Guinea-Bissau
    Guyana
    Haiti
    Heard And McDonald Islands
    Honduras
    Hong Kong
    Hungary
    Iceland
    Indonesia
    Iraq
    Ireland
    Isle of Man
    Israel
    Italy
    Jamaica
    Jersey
    Jordan
    Kazakhstan
    Kenya
    Kiribati
    Korea, Republic Of
    Kosovo
    Kuwait
    Kyrgyzstan
    Lao People's Democratic Republic
    Latvia
    Lebanon
    Lesotho
    Liberia
    Liechtenstein
    Lithuania
    Luxembourg
    Macau
    Macedonia
    Madagascar
    Malawi
    Malaysia
    Maldives
    Mali
    Malta
    Marshall Islands
    Martinique
    Mauritania
    Mauritius
    Mayotte
    Mexico
    Micronesia, Federated States Of
    Moldova, Republic Of
    Monaco
    Mongolia
    Montenegro
    Montserrat
    Morocco
    Mozambique
    Myanmar
    Namibia
    Nauru
    Nepal
    Netherlands Antilles
    New Caledonia
    New Zealand
    Nicaragua
    Niger
    Nigeria
    Niue
    Norfolk Island
    Northern Mariana Islands
    Oman
    Pakistan
    Palau
    Palestine
    Panama
    Papua New Guinea
    Paraguay
    Peru
    Philippines
    Pitcairn
    Poland
    Portugal
    Puerto Rico
    Qatar
    Reunion
    Romania
    Russian Federation
    Rwanda
    Saint Bartholemy
    Saint Kitts And Nevis
    Saint Lucia
    Saint Martin
    Saint Vincent And The Grenadines
    Samoa
    San Marino
    Sao Tome And Principe
    Saudi Arabia
    Senegal
    Serbia
    Seychelles
    Sierra Leone
    Sint Maarten
    Slovakia
    Slovenia
    Solomon Islands
    South Africa
    South Georgia and the South Sandwich Islands
    South Sudan
    Sri Lanka
    St. Helena
    St. Pierre And Miquelon
    Suriname
    Svalbard And Jan Mayen Islands
    Swaziland
    Sweden
    Switzerland
    Taiwan
    Tajikistan
    Tanzania
    Thailand
    Togo
    Tokelau
    Tonga
    Trinidad And Tobago
    Tunisia
    Turkey
    Turkmenistan
    Turks And Caicos Islands
    Tuvalu
    Uganda
    Ukraine
    United Arab Emirates
    United States Minor Outlying Islands
    Uruguay
    Uzbekistan
    Vanuatu
    Vatican City
    Venezuela
    Vietnam
    Virgin Islands (British)
    Virgin Islands (U.S.)
    Wallis And Futuna Islands
    Western Sahara
    Yemen
    Yugoslavia
    Zambia
    Zimbabwe

    By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    • © 2023 SANS™ Institute
    • Privacy Policy
    • Terms and Conditions
    • Contact
    • Careers
    • Twitter
    • Facebook
    • Youtube
    • LinkedIn