LDR521: Security Culture for Leaders

  • In Person (5 days)
  • Online
30 CPEs

This Security Culture for Leaders course will teach and enable today's cybersecurity leaders to build, manage, and measure a strong security culture. Cybersecurity leadership is no longer just about technology. It is ultimately about culture - not only what people think and feel about security but how they act, from the Board of Directors to every corner of the organization. As a result of this cyber security culture course, students will not only create an engaged and far more secure workforce, but also lead more effective and successful security initiatives. In addition, students will apply everything they learn through a series of 12 interactive team labs, numerous case studies and the Cyber42 leadership simulation capstone.

What You Will Learn

What is a Security Culture?

Security culture is your workforce’s shared attitudes, perceptions, and beliefs about cybersecurity. The stronger your security culture, not only the more likely people will exhibit secure behaviors but more likely your security initiatives will succeed. The key drivers of your security culture include your security team, your security policies, and your security training. Your organization already has a security culture. The questions is, is it the culture you want?

Build and Measure a Strong Security Culture

Drawing on real-world lessons from around the world, the SANS LDR521 security culture for leadership course will teach you how to leverage the principles of organizational change to develop, maintain, and measure a strong security culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply these concepts to various real-world security initiatives and quickly learn how to embed security into your organization's culture, from senior leadership on down.

Apply findings from Daniel Kahneman's Nobel prize-winning research, Thayler and Sunstein's Nudge Theory, and Simon Sinek's Golden Circle. Learn how Spock, Homer Simpson, the Elephant and Rider, and the Curse of Knowledge are all keys to building a strong security culture at your company.

"This content is helping bring back concepts that get forgotten when you go from a doer to a senior leadership role. It brought back good concepts and a way to utilize them in the Security Context as well as getting leadership to think differently." - Michael Neuman


  • Create a far more engaged and secure workforce, not only in their attitudes about security but also in their behaviors
  • Dramatically improve the ROI of security initiatives and projects through increased success and impact
  • Strengthen communication between the security team and business executives
  • Instill stronger and more positive attitudes, perceptions, and beliefs about the security team
  • Construct simpler, more effective security policies and governance


  • Explain what organizational culture is, its importance to security, and how to map and measure both your organization's overall culture and security culture
  • Align your security culture to your organization's strategy, including how to leverage different security frameworks and maturity models
  • Effectively communicate the business value of security to your Board of Directors and executives and more effectively engage and motivate your workforce
  • Enable and secure your workforce by integrating security into all aspects of your organization's culture
  • Dramatically improve both the effectiveness and impact of your security initiatives, such as DevSecOps, cloud migration, vulnerability management, Security Operations Center, incident detection & response and other related security projects
  • Create and effectively communicate business cases to leadership and gain their support for your security initiatives
  • Ability to measure your security culture, how to make those measurements actionable, and how to present the maturity and value of your security culture to leadership
  • Leverage numerous templates and resources from the Digital Download Package and Community Forum that are part of the course and which you can then build on immediately


The first four sections of the course leverage 12 interactive team labs, enabling you to apply the lessons learned to a variety of real-world security situations and challenges. These team labs enable you to learn not only from the instructor and course materials but also from your fellow students' expertise and experiences. Finally, the last section is a capstone event as you work through a series of case studies to see which team can create the strongest security culture. Leveraging the Cyber42 simulation game environment, you are put in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work. A Laptop is required for the Cyber 42 leadership simulation capstone.

"Labs are applicable to the coursework and can be used at my workplace immediately." - Jerome C., US Military

"I love the way each lab built on previous topics covered culminating in the last day where we could apply everything we learnt. Everytime we did a lab they were well explained and at no time did i feel rushed, or like we had too much time to complete them." - Helen Bupa, IPLS

"Labs today were fun. Made me think with a focused intent." - Chad Yancey


  • Section 1: Learn the fundamentals of organizational culture, security culture and organizational change.
  • Section 2: Communicate to, engage with, and motivate your workforce so cybersecurity is perceived as a positive enabler
  • Section 3: Train and enable your workforce so cybersecurity is simple for them.
  • Section 4: Learn how to build a business case for leadership, gaining their support for your security initiatives
  • Section 5: Apply everything you have learned in a series of five case-studies, competing as teams to see which team can build the strongest cybersecurity culture.


The course is recommended for more senior and/or more experienced cybersecurity leaders, managers, officers, and awareness professionals. If you are new to cybersecurity, we recommend some of SANS's more fundamental courses, such as SEC301: Introduction to Cyber Security, SEC401: Security Essentials: Network, Endpoint, and Cloud, or LDR433: Human Risk Management.



  • Printed Course Books
  • Digital Download Package: A collection of templates, checklists, matrices, reports, and other resources that will help you in your security career. This package is continually updated and is based on resources that real security leaders have used in developing their own security cultures. Why reinvent the wheel when you can reuse or reshape what has worked for others!
  • Community Forum: An opportunity to join the private, invitation-only Community Forum dedicated to the human side of security. The forum currently has over 2,000 active professionals from around the world!


Syllabus (30 CPEs)

Download PDF
  • Overview

    Section 1 begins by demonstrating how security is no longer just about technology but also about people and culture. We then explain what culture is, why it is so important and how it applies to security. We then demonstrate how to identify and map your organization's overall culture, identify your organization's current security culture, than determine the security culture you want to achieve. We will then cover several models and the best approach on how to achieve your desired security culture.


    • 1.1: Map Your Organization's Overall Culture
    • 1.2: Survey Your Security Culture
    • 1.3: Define Your Desired Security Culture
    • 1.4: Action Your Security Culture

    • Human Side of Security
    • Case Study - Equifax Congressional Report
    • Defining Culture
    • Mapping Organizational Culture
    • Defining and Mapping Security Culture
    • Identifying Desired Security Culture
    • Change Management Frameworks
      • ADKAR
      • Kotter 8 Steps
      • CPNI's 5Es
    • Motivating and Enabling Change
  • Overview

    Section 2 focuses on motivating people and explaining the "why" of security. Far too often, security fails because security teams simply mandate what people must do and then punish those who fail to follow policy or exhibit the desired behaviors. As a result, there is a great deal of resistance from the workforce. In this section, we'll walk you through how to effectively engage and motivate your workforce, including leveraging marketing models, implementing incentive programs, and targeting both specific and global audiences. As a result security and the security team are perceived as helpful, collaborative and enablers, your first step to building a strong security culture.

    • 2.1: Password Management Deployment
    • 2.2: Developer Personas
    • 2.3: Marketing DevSecOps
    • Safety: Survive vs. Thrive
    • Start With Why
      • WIIFM
    • Know Your Audience
      • Marketing Personas
    • Marketing Change
      • AIDA Marketing Model
    • Motivating Global Change
      • Security Ambassadors
    • Incentivizing Change
      • Recognition
  • Overview

    Section 3 begins with the concept of Curse of Knowledge, the more of an expert you are at security the more likely you don't realize just how confusing and difficult security is for others. One of the most common reasons organizations have a toxic security culture is security overwhelms people. We have to enable people so security is simple for them. This begins with imparting knowledge - that is, training people and providing them with the skills to be successful. We then simplify what is expected of them by making security as easy as possible. Far too often, the policies, processes, and procedures we create are complex, intimidating, or difficult to follow. Finally, we'll cover how to track, measure, and communicate the impact of your security culture.

    • 3.1: Learning Objectives
    • 3.2: Human Sensor Network
    • 3.3: Security Culture Survey Design
    • Cognitive Biases
      • Curse of Knowledge
    • Building Knowledge
      • ADDIE Model
      • Learning Objectives
      • Kirkpatrick Evaluation Model
    • Simplifying Security
      • System 1 vs. System 2
      • Choice Overload/Defaults
      • Policy Design
    • Measuring Change
      • Capturing Metrics
      • Categorizing and Actioning on Metrics
      • Presenting Findings and Values
  • Overview

    Up to this point we have covered how to create a strong security culture within your workforce. In this section we cover how to do the same thing but with your executive leadership. A strong security culture depends on the support of your executives, but to get their support you have to speak their language. In this section we cover the key elements and frameworks for putting together a high-impact business case, including a dive into financials.

    • 4.1: Develop a Clear Business Case
    • 4.2: Create a Multi-Year Budget

    • Building Your Business Case
      • Anatomy of a Business Case
      • Executive Summary
      • Definition of the Problem
      • Comparison of Solutions
      • Recommendation
      • Moving Your Business Case Forward
    • Financing Your Business Case
      • Finance 101
      • CFO 101
    • Communicating Your Business Case
      • What to present
      • How to present
    • What Will This Make Possible?
  • Overview

    In the final section you will combine and apply everything you have learned through a series of interactive, team labs. Your mission is to work as teams to make some very tough decisions as you create a strong security culture at Linden Insurance. Each of the labs build on the previous labs, with the decisions you make in each lab impacting not only your score but what decisions you can make in future labs - just like in real life! For the capstone you will leverage the Cyber42 simulation game environment, spurring discussion and critical thinking of situations that you will encounter at work.


  • Three to five years of experiences in cyber security. This course assumes you are comfortable with the concepts of risk management.
  • In addition, LDR521 is aligned with and designed to complement and partner with both LDR512: Security Leadership Essentials for Managers and LDR514 : Security Strategic Planning, Policy, and Leadership.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

"For far too long, security has been perceived as purely a technical challenge. Organizations and leaders are now realizing that we also have to address the human side of security, to build and sustain a strong security culture. Culture not only impacts what people think and feel about security but how they act, from the Board of Directors to every corner of the organization. LDR521 will provide the frameworks, roadmaps, and skills you need to successfully embed a comprehensive, organization-wide security culture. In addition, the course will provide you the resources to measure and communicate the impact to members of your leadership, ensuring their long-term support."

- Lance Spitzner and Russell Eubanks

"Lance has the best knowledge and experience to share in this field." - Lindsay O'Bannon, Deloitte Global

"Great presenter, greater speaker. Pros: Russell got everyone involved and shared real life stories to enrich the course material."

- Sara, Federal Reserve Bank


It is a must for those working in Security Awareness, I wish I had this course three years ago.
Laura M
Excellent job, Russel! I really enjoyed your technique, caring, thoughtfulness and good vibes you brought to this class.
Christopher Jones
Trinchero Family Estates
Entertaining and thought provoking and helped me understand what actions I can take to change the culture of my company.
Kevin Nicholl
I am just so happy with this material focusing on embedding secure values into our global culture - exactly what my company needs help with NOW.
Lindsay O'Bannon
Deloitte Global
Lance was fantastic! He made the course super engaging and covered all information thoroughly, making sure to draw in and leverage student experience to make the course richer.
Anna Troutman

    Register for LDR521

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.