Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

LDR433: Managing Human Risk

LDR433Cybersecurity Leadership
  • 3 Days (Instructor-Led)
  • 18 Hours (Self-Paced)
Course authored by:
Lance Spitzner
Lance Spitzner
Register NowCourse Preview
LDR433: Managing Human Risk
Course authored by:
Lance Spitzner
Lance Spitzner
Register NowCourse Preview
  • SANS Security Awareness Professional (SSAP)

    Learn about certification

  • 18 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • Beginner Level

    Course content applicable to people with limited or no cyber security experience

  • 6 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

This intensive three-day course prepares you to build a mature awareness program, providing you with the roadmap, skills, and lessons learned on how to effectively manage and measure your organization’s human risk.

Featured Quote

I think the course is really engaging and works at two levels: 1. Provides someone starting out with a solid foundational knowledge 2. Allows an existing program to benchmark and get new ideas, to supplement the existing work.
Brian WrightStudent Loans Company Unlimited

Course Overview

LDR433 provides security professionals with a structured roadmap to build, manage, and measure human risk by changing and securing their workforce's behaviors. The course offers a step-by-step strategy for engaging and securing your workforce, including six interactive team labs and a Digital Download Package. Students will learn how to assess and prioritize top human risks and the behaviors that manage those risks, how to engage and train their workforce, how to build a strong security culture, and how to measure the impact of these changes. This is the only SANS short course that provides the industry-recognized SANS Security Awareness Professional (SSAP) credential. The course content draws from lessons learned across hundreds of global programs, offering both instructor guidance and extensive peer interaction.

What You'll Learn

  • Benchmark and advance your program's maturity level
  • Identify and prioritize human risks
  • Understand the sciences behind adult learning theory, cognitive biases, and behavior change
  • Gain actionable strategies to engage and change security behaviors
  • Employ techniques to engage and build credibility with leadership and your security team
  • Implement approaches to measure and communicate your program's value
  • Leverage AI to accelerate and amplify your impact

Business Takeaways

  • Align security awareness with strategic security priorities
  • Identify and manage your organization's top human risks
  • Integrate human risk management with broader risk management efforts
  • Build sustainable programs that foster a strong security culture
  • Demonstrate program value to leadership in business terms
  • Implement effective learning and behavioral change models
  • Leverage AI to maximize program impact and efficiency

Meet Your Author

Lance Spitzner
Lance Spitzner

Lance Spitzner

Senior Instructor

Lance revolutionized cyber defense by founding the Honeynet Project. At SANS, he has empowered over 350 organizations worldwide to build resilient security cultures, transforming human risk management into a cornerstone of modern cybersecurity.

Read more about Lance Spitzner

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in LDR433: Managing Human Risk. .

Section 1Fundamentals and Identifying / Prioritizing Human Risk

Section 1 covers the fundamentals of human risk management, beginning with benchmarking your program's maturity and providing a roadmap for improvement. It addresses critical foundations including leadership support, program charter, and strategic partnerships, then covers risk management principles and how to identify and prioritize your top human risks.

Topics covered

  • Security Awareness Maturity Model stages
  • Risk management fundamentals
  • Cyber Threat Intelligence and attacker methods
  • Gaining leadership support and developing strategic partnerships
  • Human risk assessments and prioritization, and role-based risks

Labs

  • Benchmark your program maturity against peers
  • Case Study: Identify and prioritize top human risks

Section 2Identifying and Changing Behavior

Section 2 begins with identifying the key behaviors that most effectively manage your greatest human risks. We then cover organization level behavior change, to include engagement fundamentals motivation and training. You will develop an overall strategy for your program, to include how to adapt your program across demographics, cultures, and regions, then concluding with operationalizing specific training methods and modalities.

Topics covered

  • Behavior identification and prioritization
  • Engagement strategies using marketing models
  • Training approaches using ADDIE framework
  • Operationalize different training methods and modalities, to include how to leverage AI

Labs

  • Identify and prioritize key behaviors
  • Apply the AIDA Model to promote MFA adoption

Section 3Security Culture and Measuring Change

Section 3 focuses on organizational culture, security culture and embedding security in your organization's overall culture. We then cover metrics, starting with strategic applications, then exploring how to measure behavior and culture change. Students will learn to communicate program value to leadership and finish the class by creating an actionable implementation plan.

Topics covered

  • Career development for awareness professionals
  • Define and align with organizational culture
  • Security culture indicators and development
  • Incentive programs for sustainable behavior, and ambassador program implementation
  • Metrics and create a strategic metrics framework and a final action plan

Labs

  • Analyze and align with organizational culture
  • Create a comprehensive action plan

Things You Need To Know

Relevant Job Roles

Cybersecurity Curriculum Development (OPM 711)

NICE: Oversight and Governance

Responsible for developing, planning, coordinating, and evaluating cybersecurity awareness, training, or education content, methods, and techniques based on instructional needs and requirements.

Explore learning path

Security Manager Training, Salary, and Career Path

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Manager, Information Security Specialist, and Program/Project Leader.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

SSAP Credential Attempt

Add an SSAP credential attempt and receive free one practice test. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

Showing 8 of 8

Learn Alongside Leading Cybersecurity Professionals From Around The World

  • Slide 1 of 3
    Overall just fantastic. I would love for my whole team to attend this training - invaluable and eye-opening knowledge, that I think will enable lots of good changes and growth. There's just SO MUCH amazing content here, and the delivery was fantastic.
    Luka MorkyteJPMorgan Chase
  • Slide 2 of 3
    Just what I needed.
    Philippe VaquerBureau Veritas
  • Slide 3 of 3
    The labs presented an effective way to grasp the material and present to others for good feedback.
    Michael U.U.S. Government
Slide 1 of 0

Benefits of Learning with SANS

Bryan Simon: Teacher Standing Next to Smartboard and Explaining Concept

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Close Up of Woman Holding a Pen and Documents

Get access to our range of industry-leading courses and resources