Question 1

What Are The Laptop Requirements?

Accepted Answer

Important! Bring your own system configured according to these instructions.A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.Mandatory System Hardware RequirementsCPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.CRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.16GB of RAM or more is required.100GB of free storage space or more is required.At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.Mandatory Host Configuration and Software RequirementsYour host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer (Intel-based Macs only). Linux hosts are not supported in the classroom due to the variability of Linux configurations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and virtual machines. Fully update your host operating system prior to class to ensure you have the correct drivers and patches installed. Local Administrator access is required. If your organization will not permit this access for the duration of the course, arrange to bring a different laptop. Ensure that antivirus or endpoint protection software can be disabled or fully removed, and that you have the administrative privileges to do so. These products can prevent successful lab completion. Any filtering of egress traffic may prevent successful lab completion. Firewalls may need to be disabled—ensure you have the administrative privileges to do so. Download and install VMware Workstation Pro 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ (for Windows 11 hosts), or VMware Fusion Pro 12.2+ (for Intel-based macOS hosts) prior to class. On Windows hosts, VMware products may not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine before class — this may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are included in the setup documentation accompanying your course materials. Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.Your course media is delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files. Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions. Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs. If you have additional questions about the laptop specifications, please contact customer service.

Question 2

Who Should Attend SEC401 Training?

Accepted Answer

SEC401 is designed for security professionals at every stage of their career—not because the content is adjusted for different audiences, but because the foundational gaps this course addresses are not exclusive to any single experience level or job title. You should attend if: You work in information security—as a practitioner, engineer, administrator, or analyst—and want a comprehensive, current understanding of the concepts your daily work depends on. You manage security teams or security budgets and need the technical grounding to make defensible decisions, not just informed ones. You specialize in a specific security discipline—forensics, penetration testing, cloud security, incident response—and recognize that specialization built without foundational grounding has limits. You are newer to information security and want to build the foundation that every subsequent course, certification, and career decision will rest upon. You are an IT professional—engineer, administrator, or supervisor—whose responsibilities increasingly intersect with security and who needs a structured, rigorous path into the discipline.

Question 3

What Is The GIAC Security Essentials (GSEC) Certification?

Accepted Answer

The GIAC Security Essentials (GSEC) certification validates a practitioner's knowledge of information security beyond simple terminology and concepts. GSEC certification holders are demonstrating that they are qualified for hands-on IT systems roles with respect to security tasks. Defense in depth, access control and password management Cryptography: basic concepts, algorithms and deployment, and application Cloud: AWS and Azure operations Defensible network architecture, networking and protocols, and network security Incident handling and response, data loss prevention, mobile device security, vulnerability scanning and penetration testing Linux: Fundamentals, hardening and securing SIEM, critical controls, and exploit mitigation Web communication security, virtualization and cloud security, and endpoint security Windows: access controls, automation, auditing, forensics, security infrastructure, and services More Certification Details

Question 4

What Will You Get?

Accepted Answer

Coursebooks and lab workbook with over 500 pages of exercises Virtual machines pre-installed with essential tools TCP/IP reference guides MP3 audio files of complete course lectures

Question 5

What Are The Prerequisites For This Course?

Accepted Answer

The SEC401 course covers all the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, SEC275: Foundations - Computers, Technology and Security or SEC301: Introduction to Cyber Security would be the recommended starting point. While these courses are not a prerequisite for this course, they do provide the introductory knowledge to help maximize the experience with SEC401 training.

Question 6

What Learning Path Is This Course A Part Of?

Accepted Answer

The SEC401 course is a part of the “Core Techniques” Learning Path, which aims to equip security professionals with crucial information, skills, and strategies for protecting, maintaining, and securing systems.  Depending on your current or desired future role, one of these courses is a great next step in your cybersecurity journey: Security Operations Center (SOC) Analyst SEC450: Blue Team Fundamentals: Security Operations and AnalysisSEC511: Cybersecurity Engineering: Advanced Threat Detection and MonitoringIncident Handler: SEC504: Hacker Tools, Techniques, and Incident HandlingCloud Security Architect: SEC510: Cloud Security Controls and MigrationSEC540: Cloud Security and DevSecOps Automation

Question 7

What Are Cybersecurity Essentials And Why Are They Important?

Accepted Answer

Cybersecurity Essentials that are addressed in SEC401 training encompass fundamental principles and skills needed to secure networks, endpoints, and cloud environments against modern cyber threats. Key aspects covered in the course include: Defensible Network Architecture: Understanding network security helps you design resilient systems capable of identifying and thwarting network-based attacks, which is crucial for protecting critical data. Layered Security or Defense in Depth: This concept applies multiple layers of security controls to mitigate risks, especially focusing on Identity and Access Management (IAM) to control and protect user access. Vulnerability Management: Essential to maintaining cybersecurity, it involves identifying, assessing, and mitigating vulnerabilities across all networked systems, thus reducing the likelihood of exploitation by threat actors. Cloud Security and Virtualization: SEC401 training emphasizes understanding cloud computing risks and defending cloud-based assets, which is vital as more organizations shift to cloud environments. These cybersecurity essentials are critical because they establish a strong foundation to prevent, detect, and respond to cyber threats effectively. Without these foundational elements, advanced security measures can be undermined, leading to potential breaches that exploit fundamental security gaps.

Question 8

How Will This Course Benefit My Career?

Accepted Answer

A career in cybersecurity is built in layers—and the strength of every layer above depends on the integrity of the foundation below. SEC401 is that foundation. Here is what that means practically:Breadth that makes specialization more effective: SEC401 covers more than 30 information security topic areas—not to make you a generalist, but to ensure that whatever you specialize in, you understand the broader context it operates within. That contextual understanding is what separates practitioners who can solve the problem in front of them from those who can anticipate the one around the corner.Skills you can use immediately: The hands-on labs in SEC401 follow a set of real-world compromise scenarios across a fictitious global organization. Web application attacks, phishing, insider threats, cloud compromises — you will work through all of them. The SANS promise applies here directly: what you learn will be applicable when you return to work.Relevance at every experience level: SEC401 is not an entry-level course that experienced professionals outgrow. The foundational gaps this course addresses exist at every career stage—in specialists who built expertise without first building foundations, in managers who make security decisions without sufficient technical grounding, and in practitioners who learned by doing without ever learning why. A credential that signals foundational competence: SEC401 prepares you for the GIAC Security Essentials (GSEC) certification—a globally recognized credential that validates broad, foundational security knowledge. For employers, GSEC signals that a practitioner's knowledge has been tested, not assumed.Modern content in a foundational framework: Cloud security, AI, current adversarial tactics, and even topics such as post-quantum cryptography are woven throughout—because the foundation this course builds is the current one, not the one that existed a decade ago.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC401: Security Essentials

Featured Quote

Course Overview

What You’ll Learn

Business Takeaways

Meet Your Author

Bryan Simon

Course Syllabus

Section 1 Network Security and Cloud Essentials

Topics covered

Labs

Section 2Defense in Depth

Topics covered

Labs

Section 3Vulnerability Management and Response

Topics covered

Labs

Section 4Data Security Technologies

Topics covered

Labs

Section 5Windows and Azure Security

Topics covered

Labs

Section 6Containers, Linux, and Mac Security

Topics covered

Labs

Things You Need To Know

What Are The Laptop Requirements?

Who Should Attend SEC401 Training?

What Is The GIAC Security Essentials (GSEC) Certification?

What Will You Get?

What Are The Prerequisites For This Course?

What Learning Path Is This Course A Part Of?

What Are Cybersecurity Essentials And Why Are They Important?

How Will This Course Benefit My Career?

Relevant Job Roles

Data Analysis (OPM 422)

Systems Security Analyst (DCWF 461)

Database Administrator (DCWF 421)

Cyber Instructional Curriculum Developer (DCWF 711)

Technical Support Specialist (DCWF 411)

Systems Administration (OPM 451)

Systems Developer (DCWF 632)

Technology Portfolio Management (OPM 804)

Course Schedule and Pricing

GIAC Certification Attempt

OnDemand Course Access

Group and Private Pricing

Virtual (OnDemand)

SANS Security Central 2026

New Orleans, LA, US & Virtual (live)

SANS Security West 2026

San Diego, CA, US & Virtual (live)

SANS Amsterdam May 2026

Amsterdam, NL & Virtual (live)

SANS DC Metro June 2026

Arlington, VA, US & Virtual (live)

SANS Chicago 2026

Chicago, IL, US & Virtual (live)

SANS Riyadh June 2026

Riyadh, SA & Virtual (live)

SANS Paris June 2026

Paris, FR

SANS Austin 2026

Austin, TX, US & Virtual (live)

SANSFIRE 2026

Washington, DC, US & Virtual (live)

Learn Alongside Leading Cybersecurity Professionals From Around The World

Benefits of Learning with SANS