LDR512: Security Leadership Essentials for Managers

GIAC Security Leadership (GSLC)
GIAC Security Leadership (GSLC)
  • In Person (5 days)
  • Online
30 CPEs

Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, cloud security, application security, DevSecOps, generative AI (GenAI) security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.

Course Authors:

What You Will Learn

Leading Security Initiatives to Manage Information Risk

Take this security management course to learn the key elements of any modern security program. LDR512 covers a wide range of security topics across the entire security stack. Learn to quickly grasp critical information security issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, cloud security, application security, DevSecOps, generative AI (GenAI) security, and security operations.

The training course uses the Cyber42 leadership simulation game to put you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work. Throughout the class you will participate in twenty-three Cyber42 activities.

"This is an excellent primer for management types. I come from a technical background and can see the value there plain as day." - Matt Zaycer, Pilot Flying J

What Is Security Management?

Security management is all about managing information risk. This means that you need the appropriate level of technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. Being an effective security leader requires you to get up to speed quickly on information security issues and terminology to build a modern security program. Creating a high performing security team means that you can anticipate what security capabilities need to built to enable the business and mitigate threats.

Business Takeaways

This course will help your organization:

  • Develop leaders that know how to build a modern security program
  • Anticipate what security capabilities need to built to enable the business and mitigate threats
  • Create higher performing security teams

Skills Learned

  • Make sense of different cybersecurity frameworks
  • Understand and analyze risk
  • Decipher the pros and cons of different reporting relationships
  • Manage and lead technical teams and projects
  • Build a vulnerability management program
  • Inject security into modern DevOps workflows
  • Strategically leverage a SIEM
  • Lead a Security Operations Center (SOC)
  • Change behavior and build a security-aware culture
  • Effectively manage security projects
  • Enable modern security architectures and the cloud
  • Build security engineering capabilities using automation and Infrastructure as Code (IaC)
  • Understand and secure generative AI (GenAI) services
  • Get up to speed quickly on information security issues and terminology
  • Establish a minimum standard of security knowledge, skills, and abilities
  • Speak the same language as technical security professionals

Hands-On Security Manager Training

This leadership focused security training course uses case scenarios, group discussions, team-based exercises, in-class games, and a security leadership simulation to help students absorb both technical and management topics. About 60-80 minutes per day is dedicated to these learning experiences using the Cyber42 leadership simulation game.

This leadership simulation game is a continuous tabletop exercise where students play to improve security culture, manage budget and schedule, and improve security capabilities at a fictional organization. This puts you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work.

  • Section 1: Cyber42 Watt's Warehouse Company Overview, Calibration Lab, Round 1 Initiative Selection, Events 1-3: Whither Watt's Warehouse, Institutionalizing Security, Board Briefing
  • Section 2: Cyber42 Round 1 Events 4-6: Network Security Implementation, End User Security, To Serve and Protect
  • Section 3: Cyber42 Round 2 Initiative Selection, Round 2 Events 7-10: Industry Breach, Shadow IT, Security Misconfiguration, Miracle on DevOps Way
  • Section 4: Cyber42 Round 3 Initiative Selection, Round 3 Events 11-14: Patching Problems, Let It Be Known!, Tough Negotiations, Managing Resistance
  • Section 5: Cyber42 Round 4 Initiative Selection, Round 4 Events 15-18: New Guy in Town, Cost Cutting, Ransomware Response, Opportunity Knocks

"Cyber42 was an amazing game and experience. Not only building connection with our peers, but also creating a rich dialogue. More importantly, the sharing and decision analysis really helped us learn the materials more effectively." - Jay Bhalodia, Microsoft

"Labs reinforce everything you learn during the lessons and makes the teams think on how to proceed." - German Regalado, CNRMC

"It's a fun game. It makes me think through the process before making a decision. There is a lot to consider." - Peter H., Law Enforcement

Syllabus Summary

  • Section 1 - Governance to plan your security program
  • Section 2 - Architecture to design your security capabilities
  • Section 3 - Engineering to build your security capabilities
  • Section 4 - Build and lead the team, process, and culture
  • Section 5 - Run operations to manage and mitigate attacks

Additional Free Resources

What You Will Receive

  • Electronic courseware containing the entire course content
  • Printed course books
  • Access to the Cyber42 security leadership simulation game
  • MP3 audio files of the complete course lecture

What Comes Next?

Syllabus (30 CPEs)

Download PDF
  • Overview

    The course starts with a tour of the information that effective security managers and leaders must know to function in the modern security environment. This includes an understanding of the different types of cybersecurity frameworks available to structure your security team and program. Risk is central to effective information security management, so we'll discuss key risk concepts in order to lay the foundation for effective risk assessment and management. Security policy is a key tool that security managers use to manage risk. We'll cover approaches to policy to help you plan and manage your policy process. Finally, we'll discuss security functions, reporting relationships, and roles and responsibilities to give the advancing manager a view into effective security team and program structure.

    • Cyber42 Watt's Warehouse Company Overview
    • Calibration Lab
    • Cyber42 Round 1 Initiative Selection
    • Cyber42 Round 1 Event #1: Whither Watt's Warehouse
    • Cyber42 Round 1 Event #2: Institutionalizing Security
    • Cyber42 Round 1 Event #3: Board Briefing
    • Security Frameworks
      • Control, Program, and Risk Frameworks
    • Understanding Risk
      • Risk Concepts
      • Calibration
      • Risk Assessment and Management
    • Security Policy
      • Purpose of Policy
      • Risk Appetite Statement
      • Policy Planning
      • Managing Policy
    • Program Structure
      • Reporting Relationships
      • Three Lines of Defense
      • Roles and Responsibilities
      • Security Functions
  • Overview

    Section Two provides coverage of traditional and modern security architectures focused on technical topics. This includes a thorough discussion of network security that is modeled around the various layers of the network stack. As modern attacks are also focused on the computing devices we cover malware and attack examples along with corresponding host security controls for the endpoint and server. The cloud is a major initiative that is changing the way organizations operate and design their controls. To get ready for these initiatives, we provide an overview of Amazon Web Services (AWS) to serve as a reference point and discuss key cloud security issues. As the rapid rise of cloud adoption has led to identity becoming the new perimeter we also provide an overview of key Identity and Access Management (IAM) risks and capabilities. The cloud, the rise of mobile devices, and other factors are highlighting weaknesses in traditional, perimeter-oriented security architecture which leads into a discussion of the Zero Trust Model.

    • Cyber42 Round 1 Event #4: Network Security Implementation
    • Cyber42 Round 1 Event #5: End User Security
    • Cyber42 Round 1 Event #6: To Serve and Protect
    • Security Architecture Overview
      • Models and Trends
      • Security Architecture Frameworks
      • Cyber Defense Matrix
    • Network Security
      • Layer 1 and 2
        • Overview and Attacks
      • Layer 3
        • VPNs and IPSec
      • Layer 4
        • TCP and UDP
      • Application Layer
        • Proxies, NGFW, IDS/IPS, NSM
    • Host Security
      • Malware and Attack Examples
      • Host Security Controls
        • EPP, EDR, HIDS/HIPS, FIM, Allowlisting, Sandboxing
    • Cloud Security
      • Cloud Security Fundamentals
      • AWS Security Reference Architecture
      • AWS Overview
      • Cloud Security Attack Example and Controls
      • Cloud Security Tools
        • CSPM, CWPP, CASB
      • Cloud Security Models
        • Cloud Security Alliance (CSA) Guidance, Well-Architected Frameworks, Cloud Apoption Frameworks
    • Identity and Access Management (IAM)
      • Authentication Factors
      • Authentication and Access Attacks
      • IAM Security Capabilities
    • Zero Trust
      • Principles and Best Practices
      • Zero Trust Network Access (ZTNA)
      • Variable Trust
  • Overview

    Section Three focuses on security engineering best practices. This includes building an understanding of cryptography concepts, encryption algorithms, and applications of cryptography which are foundational elements of building any secure system. Since encrypting data alone is not sufficient, we discuss the distinction between privacy and security to give managers a primer on key privacy concepts. Managers must also be knowledgeable about software development processes, issues, and application vulnerabilities. We cover application security and leading development processes built on DevSecOps. Current engineering approaches also include modern Infrastructure as Code (IaC) approaches and tools to automate consistent deployment of standard configurations. Finally, generative AI (GenAI) has led to the growth of AI usage and newer Large Language Model (LLM) application architectures which need to be secured.

    • Cyber42 Round 2 Initiative Selection
    • Cyber42 Round 2 Event #7: Industry Breach
    • Cyber42 Round 2 Event #8: Shadow IT
    • Cyber42 Round 2 Event #9: Security Misconfiguration
    • Cyber42 Round 2 Event #10: Miracle on DevOps Way
    • Security Engineering
      • Overview
    • Data Protection
      • Cryptography Concepts
        • Confidentiality, Integrity, Authentication, Non-Repudiation
      • Encryption Algorithms
        • Symmetric, Asymmetric, Key Exchange, Hashing, Digital Signature
      • Encryption Applications
        • TLS, PKI, Blockchain, Quantum
    • Privacy Primer
      • Privacy and Security
      • Requirements and Regulations
      • Privacy Engineering
    • Application Security
      • Secure SDLC
      • Application Attacks
        • OWASP Top Ten
      • Application Security Tools
        • SAST, SCA, DAST, WAF, RASP
    • DevSecOps
      • DevOps Toolchain and Pipeline
      • Continuous Integrations and Continuous Delivery (CI / CD)
      • Infrastructure as Code (IaC)
      • Container Security
    • Generative AI and Large Language Models (GenAI and LLMs)
      • Innovations in Artificial Intelligence
        • Transformer Architecture
      • LLM Application Architecture
        • AWS Generative AI Security Scoping Matrix
      • LLM Attacks
        • OWASP Top Ten for LLMs
        • MITRE ATLAS
        • Overreliance, Prompt Injection, Sensitive Information Disclosure, Model Theft, Training Data Poisoning, Excessive Agency, Jailbreaking
      • GenAI Security Controls
        • NIST AI Risk Management Framework (RMF)
        • AI Security Policy
        • AI Security Tools and Mitigations
  • Overview

    Section Four covers what managers need to know about leading security initiatives. Every security leader should know how to build a vulnerability management program and the associated process to successfully find and fix vulnerabilities. Additionally, security awareness is a huge component of any security program that helps drive activities to change human behavior and create a more risk-aware and security-aware culture. To implement new initiatives, security leaders must also develop negotiation skills and conduct thorough analysist of vendors. Finally, for any project or initiative, security leaders must also be able to drive effective project execution. Having a well-grounded understanding of the management and leadership practices makes it easier to move your projects forward.

    • Cyber42 Round 3 Initiative Selection
    • Cyber42 Round 3 Event #11: Patching Problems
    • Cyber42 Round 3 Event #12: Let It Be Known!
    • Cyber42 Round 3 Event #13: Tough Negotiations
    • Cyber42 Round 3 Event #14: Managing Resistance
    • Vulnerability Management
      • PIACT Process
      • Prioritizing Vulnerabilities
        • Common Vulnerability Scoring System (CVSS)
      • Finding and Fixing Vulnerabilities
      • Communicating and Managing Vulnerabilities
    • Security Awareness
      • Maturity Model
      • Human Risks
    • Negotiations Primer
      • Negotiations Strategies
    • Vendor Analysis
      • Product Analysis and Selection
      • Analytical Hierachy Process (AHP)
    • Managing and Leading Teams
      • Managing Projects
      • Leading Teams
      • Going From Good to Great
  • Overview

    Section Five focuses on detection and response capabilities. This includes gaining appropriate visibility via logging, monitoring, and strategic thinking about a security information and event management (SIEM) system. Once implemented, the logs in a SIEM are a core component of any Security Operations Center (SOC). We'll discuss the key functions of a SOC along with how to manage and organize your organization's security operations. The incident response process is discussed in relation to identifying, containing, eradicating, and recovering from security incidents. This leads into a discussion of longer-term business continuity planning and disaster recovery. Managers must also understand physical security controls that, when not implemented appropriately, can cause technical security controls to fail or be bypassed.

    • Cyber42 Round 4 Initiative Selection
    • Cyber42 Round 4 Event #15: New Guy in Town
    • Cyber42 Round 4 Event #16: Cost Cutting
    • Cyber42 Round 4 Event #17: Ransomware Response
    • Cyber42 Round 4 Event #18: Opportunity Knocks
    • Logging and Monitoring
      • SIEM Deployment Best Practices
    • Security Operations Center (SOC)
      • SOC Functional Components
      • Models and Structure
      • Tiered vs. Tierless SOCs
      • Managing and Organizing a SOC
    • Incident Handling
      • PICERL Process
      • Incident Handling Lifecycle
    • Contingency Planning
      • Business Continuity Planning (BCP)
      • Disaster Recovery (DR)
    • Physical Security
      • Issues and Controls

GIAC Security Leadership

The GIAC Security Leadership (GSLC) certification validates a practitioner's understanding of governance and technical controls focused on protecting, detecting, and responding to security issues. GSLC certification holders have demonstrated knowledge of data, network, host, application, and user controls along with key management topics that address the overall security lifecycle.

  • Building a security program that meets business needs
  • Managing security operations and teams
  • Managing security projects and the lifecycle of the program
More Certification Details


This security management course covers the core areas of security leadership and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, the recommended starting point is the SEC301: Introduction to Information Security course. While SEC301 is not a prerequisite, it will provide the introductory knowledge to maximize the experience with LDR512.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
  • A laptop or mobile device with the latest web browser is required to play the Cyber42 leadership simulation game.
  • The Cyber42 game used in this course is hosted in the cloud. Students must have a computer that does not restrict access to the ranges.io web site. Corporate machines may have a VPN, intercepting proxy, or egress firewall filter that causes connection issues communicating with certain web sites. Students must be able to configure or disable these services to access the Cyber42 game.

If you have additional questions about the laptop specifications, please contact support.

Author Statement

"This course covers all the topics I should have known before I started my first security management job. I was thrust into a leadership position and realized I had to convey security concepts in ways that non-technical people could understand. At the same time, I needed a broad view of everything in the security program and the different domains of cybersecurity. In short, I had to learn about the work of managing security. That is why this course focuses on the big picture of securing the enterprise, from governance and architecture all the way to the technical security topics that serve as the foundation for any security manager. Ultimately, the goal of the course is to ensure that you, the advancing manager, can make informed choices to improve security at your organization."

- Frank Kim

"Frank Kim is an awesome instructor! His teaching style is great and his grasp on the course material, live examples, and ability to bring people together is exceptional!!" - Arvin Bansal, Amerisource Bergen


The content makes us truly understand why and what we should be doing as a cybersecurity leader.
Saranya Mekratri
Bank of Thailand
This course continues to challenge and develop leadership capabilities to better prepare individuals to help their organizations thrive within the cyberspace.
Christopher Burk
Southern California Edison
For a Security Manager, this class is spot on!
George Chetupuzha

    Register for LDR512

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.