Major Update

LDR521: Security Culture for Leaders

  • In Person (5 days)
  • Online
30 CPEs

Are you struggling to get everyone in your organization to care about and buy into cybersecurity? Do you feel like you are battling an uphill battle regarding cybersecurity with both your executive leadership and your workforce? Learn how to engage and transform your organization into cybersecurity's biggest believers and supporters by institutionalizing a strong security culture. In addition, students will apply everything they learn through a series of eleven interactive team labs, numerous case studies, and the chance to earn the LDR521 Challenge Coin in the Cyber42 leadership simulation capstone.

What You Will Learn

What is Security Culture?

Security culture is your organization's shared attitudes, perceptions, and beliefs about cybersecurity. The more strongly your leadership and workforce believe in and buy into cybersecurity, the more likely they will prioritize security, support your initiatives, and exhibit the behaviors you want. Your organization already has a security culture. The question is, is it the culture you want?

Build and Measure a Strong Security Culture

Drawing on real-world lessons from around the world, the SANS LDR521 Security Culture for Leaders course will teach you how to build a culture where both your leadership and workforce believe in and prioritize cybersecurity. Through hands-on instruction and a series of interactive labs and exercises, you will apply organizational change concepts to various real-world security initiatives and quickly learn how to transform your security team and embed security into your organization's culture, from senior leadership on down. Apply findings from Daniel Kahneman's Nobel prize-winning research, Thayler and Sunstein's Nudge Theory, ADKAR change model and Simon Sinek's Golden Circle. Learn how Spock, Homer Simpson, the Elephant and Rider, and the Curse of Knowledge are all keys to building a strong security culture at your organization.

"This content is helping bring back concepts that get forgotten when you go from a doer to a senior leadership role. It brought back good concepts and a way to utilize them in the Security Context as well as getting leadership to think differently." - Michael Neuman

Business Takeaways

  • Security at Scale: Make your job easier by scaling both yourself and your security team. Reduce the impact of burnout on the security team you are privileged to lead.
  • Embed Security: Automatically bake security into the start of every business project and initiative in every business unit of your organization.
  • Executive Support: Get the executive leadership support you need for what is most important to you.
  • Secure your Workforce: People will exhibit the behaviors you want without telling them what they can and cannot do at work.
  • Successful Initiatives: Make your security initiatives far more successful by gaining the buy-in of key departments, such as IT, Engineering, and the Business.
  • Advocates: Transform your security team into security advocates who engage, motivate, and enable your workforce to be far more secure

Skills Learned

  • Explain what culture is, its importance to security, and how to map and measure both your organization's overall culture and your security culture.
  • Define the indicators of a strong security culture, align security with them, and embed them into your organization's existing culture. i
  • Provide a framework and guiding principles for your security team on how to lay the foundation for a strong security culture.
  • Effectively communicate the business value of security to your Board of Directors and executives, gaining their support and buy-in.
  • Engage and motivate your workforce so they prioritize cybersecurity.
  • Simplify security and remove blockers, making it exponentially easier for people to embed security into their everyday actions.
  • Dramatically improve the effectiveness and impact of your security initiatives, such as DevSecOps, cloud migration, vulnerability management, Security Operations Center, incident detection & response, and other related security projects.
  • Ability to measure your security culture, how to make those measurements actionable, and how to present the maturity and value of your security culture to leadership
  • Leverage numerous templates and resources from the Digital Download Package and Community Forum that are part of the course and which you can then build on immediately.

Hands-On Security Culture Training

The first four sections of the course leverage eleven interactive team labs, enabling you to apply the lessons learned to a variety of real-world security situations and challenges. These team labs enable you to learn from the instructor and course materials and your fellow students' expertise and experiences. Finally, the last section is a capstone event as you work through a series of case studies to see which team can create the strongest security culture. Leveraging the Cyber42 simulation game environment, you are put in real-world scenarios that spur discussion and critical thinking of situations you will encounter at work as you compete for the LDR521 Challenge coin. A Laptop with access to the internet is required for the Cyber 42 leadership simulation capstone.

"Labs are applicable to the coursework and can be used at my workplace immediately." - Jerome C., US Military

"I love the way each lab built on previous topics covered culminating in the last day where we could apply everything we learnt. Everytime we did a lab they were well explained and at no time did i feel rushed, or like we had too much time to complete them." - Helen Bupa, IPLS

"Labs today were fun. Made me think with a focused intent." - Chad Yancey

Syllabus Summary

  • Section 1: Learn the fundamentals of organizational culture, security culture, and building the culture you want.
  • Section 2: Communicate to, engage with, and motivate your workforce so they believe in and prioritize cybersecurity.
  • Section 3: Create an environment where it is simple for your workforce to embed security into work and their daily activities.
  • Section 4: Learn how to build an effective business case for leadership, gaining their support for your security initiatives
  • Section 5: Apply everything you have learned in a series of five case studies, competing as teams to see which team can build the strongest cybersecurity culture.

Notice to Students

The course is recommended for more senior and/or more experienced cybersecurity leaders, managers, officers, and awareness professionals. If you are new to cybersecurity, we recommend some SANS's more fundamental courses, such as SEC301: Introduction to Cyber Security, SEC401: Security Essentials: Network, Endpoint, and Cloud, LDR433: Human Risk Management or LDR419: Performing A Cybersecurity Risk Assessment.

Additional Free Resources

What You Will Receive

  • Printed Course Books
  • Digital Download Package: A collection of templates, checklists, matrices, reports, and other resources that will help you in building a strong security culture and your security career. This package is continually updated and based on resources that real security leaders have used to develop and grow their own security cultures. Why reinvent the wheel when you can reuse or reshape what has worked for others!
  • Community Forum: An opportunity to join the private, invitation-only Community Forum dedicated to the human side of security. The forum currently has over 2,000 active professionals from around the world!

What Comes Next

Syllabus (30 CPEs)

Download PDF
  • Overview

    Section 1 begins by demonstrating how security is no longer just about technology but also about people and culture. We then explain what culture is, why it is so important, and how it applies to security. We then demonstrate how to identify and map your organization's overall culture, identify your organization's current security culture, and then determine the security culture you want to achieve. We will then cover several models and the best approach on how to achieve your desired security culture.

    • 1.1: Map Your Organization's Overall Culture
    • 1.2: Survey Your Security Culture
    • 1.3: Define Your Desired Security Culture
    • 1.4: Action Your Security Culture
    • Human Side of Security
    • Case Study - Microsoft Cybersafety Review Board Report
    • Defining Culture
    • Mapping Organizational Culture
    • Defining and Mapping Security Culture
    • Identifying Desired Security Culture
    • Organizational Change Frameworks
    • Motivating and Enabling Change
  • Overview

    Section 2 focuses on motivating people and explaining the "why" of security. Far too often, security fails because security teams mandate what people must do and punish those who fail to follow policy or exhibit the desired behaviors. As a result, there is a great deal of resistance from the workforce. In this section, we'll walk you through how to engage and motivate your workforce effectively so they believe in and prioritize cybersecurity, including leveraging marketing models, implementing incentive programs, and targeting specific and global audiences.

    • 2.1: Developer Personas
    • 2.2: Marketing DevSecOps
    • Leveraging AI in Building Security Cultures
    • Safety: Survive vs. Thrive
    • Start With Why
      • WIIFM
    • Know Your Audience
      • Marketing Personas
    • Marketing Change
      • AIDA Marketing Model
    • Motivating Global Change
      • Security Ambassadors
    • Incentivizing Change
      • Recognition
  • Overview

    Section 3 begins with one of the most common reasons organizations have a toxic security culture - security is too hard. People want to do the right thing but don't know where to start. We have to enable people, so security is simple for them. This begins with the concept of the Curse of Knowledge: the more of an expert you are at security, the more likely you don't realize just how confusing and difficult security is for others. We address this by first imparting knowledge - training people and providing them with the skills to be successful. We then simplify what is expected of them by making security as easy as possible. Far too often, the policies, processes, and communications we create are complex, intimidating, or difficult to follow. Finally, we'll cover how to track, measure, and communicate the impact of your security culture.

    • 3.1: Learning Objectives
    • 3.2: Human Sensor Network
    • 3.3: Security Culture Survey Design
    • Cognitive Biases
      • Curse of Knowledge
    • Building Knowledge
      • ADDIE Model
      • Learning Objectives
      • Kirkpatrick Evaluation Model
    • Simplifying Security
      • System 1 vs. System 2
      • Choice Overload
      • Defaults / Automation
      • Resources
      • Policy Design
    • Measuring Change
      • Capturing Metrics
      • Categorizing and Actioning on Metrics
      • Presenting Findings and Values
  • Overview

    Up to this point, we have covered creating a strong security culture within your workforce. This section covers how to do the same thing but with your executive leadership. A strong security culture depends on the support of your executives, but to get their support, you have to speak their language. This section covers the key elements and frameworks for creating a high-impact business case, including a dive into the financial statements of several organizations.

    • 4.1: Develop a Clear Business Case
    • 4.2: Create a Multi-Year Budget

    • Building Your Business Case
      • Anatomy of a Business Case
      • Executive Summary
      • Definition of the Problem
      • Comparison of Solutions
      • Recommendation
      • Moving Your Business Case Forward
    • Financing Your Business Case
      • Finance 101
      • CFO 101
    • Communicating Your Business Case
      • What to present
      • How to present
    • What Will This Make Possible?
  • Overview

    In the final section, you will combine and apply everything you have learned through a series of interactive team labs. Your mission is to work as a team to make tough decisions as you create a strong security culture at the fictional company, Linden Insurance. Each of the labs builds on the previous labs, with the decisions you make in each lab impacting not only your score but what decisions you can make in future labs - just like in real life! For the capstone, you will leverage the Cyber42 simulation game environment, spurring discussion and critical thinking about situations you will encounter at work. Each member of the winning team will take home the highly coveted LDR521 Challenge Coin!


  • Three to five years of experience in cybersecurity. This course assumes you are comfortable and experienced with risk management concepts.
  • In addition, LDR521 is aligned with and designed to complement and partner with both LDR512: Security Leadership Essentials for Managers and LDR514: Security Strategic Planning, Policy, and Leadership.

Laptop Requirements

A laptop or mobile device with the latest web browser is required to play the Cyber42 leadership simulation game.

The Cyber42 game used in this course is hosted in the cloud. Students must have a computer that does not restrict access to the website. Corporate machines may have a VPN, intercepting proxy, or egress firewall filter that causes connection issues when communicating with certain websites. Students must be able to configure or disable these services to access the Cyber42 game.

If you have additional questions about the laptop requirements, please contact support.

Author Statement

"For far too long, security teams have struggled with the human side of cybersecurity. Security culture is not nearly as hard as many believe; you have to approach the challenge differently than most people are used to; instead of fighting human nature, this course is all about aligning with human nature. LDR521 arms you with the knowledge, skills, and resources to institutionalize a strong security culture so your organization believes in and prioritizes cybersecurity. In addition, the course will provide you the resources to measure and communicate the impact to members of your leadership, ensuring their long-term support."

- Lance Spitzner and Russell Eubanks

"Lance has the best knowledge and experience to share in this field." - Lindsay O'Bannon, Deloitte Global

"Great presenter, greater speaker. Pros: Russell got everyone involved and shared real life stories to enrich the course material."

- Sara, Federal Reserve Bank


It is a must for those working in Security Awareness, I wish I had this course three years ago.
Laura M
Excellent job, Russel! I really enjoyed your technique, caring, thoughtfulness and good vibes you brought to this class.
Christopher Jones
Trinchero Family Estates
Entertaining and thought provoking and helped me understand what actions I can take to change the culture of my company.
Kevin Nicholl
I am just so happy with this material focusing on embedding secure values into our global culture - exactly what my company needs help with NOW.
Lindsay O'Bannon
Deloitte Global
Lance was fantastic! He made the course super engaging and covered all information thoroughly, making sure to draw in and leverage student experience to make the course richer.
Anna Troutman

    Register for LDR521

    Learn about Group Pricing

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.