SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Your Cybersecurity Roadmap to Closing the Skills Gap
For aspiring and current cybersecurity professionals exploring cybersecurity careers, bridging the cybersecurity skills gap is the key to unlocking the most exciting and in-demand cybsersecurity career opportunities. The 2024 SANS | GIAC Research Report highlights that the industry urgently needs a qualified cybersecurity workforce with a blend of strong fundamentals and hands-on experience. By enrolling in a structured cybersecurity program and earning certifications aligned with top roles, you can stand out in a highly competitive cybersecurity job market and advance into strategic, technical, or leadership positions.
Whether you're pursuing a technical path as a security analyst, engineer, or officer, or eyeing a security career in leadership, threat intelligence, or risk management, there are clearly defined career pathways that help you move forward confidently.
Download the "20 Coolest Cybersecurity Careers" poster to explore pathways to these rewarding roles and discover how you can chart your journey to becoming a top-tier cybersecurity professional.
Threat Hunter (Threat/Warning Analyst)
A Threat Hunter applies new threat intelligence against existing evidence to identify attackers that have evaded real-time detection mechanisms. This role requires several skills, including threat intelligence, system and network forensics, and investigative development processes. Threat hunting shifts incident response from a reactive investigative process to a proactive approach, uncovering adversaries or their footprints using emerging intelligence. Their work often reveals adversaries who have remained undetected for extended periods, helping organizations address long-term security threats.
- Slide 1 of 9
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508Digital Forensics and Incident Response
- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 2 of 9
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR572Digital Forensics and Incident Response
- GIAC Network Forensic Analyst (GNFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 3 of 9
FOR578: Cyber Threat Intelligence
FOR578Digital Forensics and Incident Response
- GIAC Cyber Threat Intelligence (GCTI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 4 of 9
FOR608: Enterprise-Class Incident Response & Threat Hunting
FOR608Digital Forensics and Incident Response
- GIAC Enterprise Incident Responder (GEIR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 5 of 9
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
FOR610Digital Forensics and Incident Response
- GIAC Reverse Engineering Malware (GREM)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 48 Hands-On Labs
- Slide 6 of 9
SEC504: Hacker Tools, Techniques, and Incident Handling
Major Updates SEC504Offensive Operations
- GIAC Certified Incident Handler Certification (GCIH)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 44 Hands-On Labs
- Slide 7 of 9
SEC541: Cloud Security Threat Detection
SEC541Cloud Security
- GIAC Cloud Threat Detection (GCTD)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 8 of 9
ICS515: ICS Visibility, Detection, and Response
ICS515Industrial Control Systems Security
- GIAC Response and Industrial Defense (GRID)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 9 of 9
ICS612: ICS Cybersecurity In-Depth
ICS612Industrial Control Systems Security
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 31 Hands-On Labs
Red Teamer (Adversary Emulation Specialist)
As a Red Teamer, your challenge is to approach problems and situations from an adversary’s perspective. The primary goal is to strengthen the Blue Team by testing and measuring the organization’s detection and response policies, procedures, and technologies. Red Teamers provide a comprehensive assessment of an organization’s preparedness for a sophisticated attack by testing not just the defenses, but also the defenders themselves.
- Slide 1 of 8
SEC504: Hacker Tools, Techniques, and Incident Handling
Major Updates SEC504Offensive Operations- GIAC Certified Incident Handler Certification (GCIH)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 44 Hands-On Labs
- Slide 2 of 8
SEC542: Web App Penetration Testing and Ethical Hacking
Major Updates SEC542Offensive Operations
- GIAC Web Application Penetration Tester (GWAPT)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 3 of 8
SEC560: Enterprise Penetration Testing
SEC560Offensive Operations
- GIAC Penetration Tester (GPEN)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 4 of 8
SEC565: Red Team Operations and Adversary Emulation
SEC565Offensive Operations
- GIAC Red Team Professional (GRTP)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 5 of 8
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
SEC660Offensive Operations
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 6 of 8
SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
SEC670Offensive Operations
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 27 Hands-On Labs
- Slide 7 of 8
SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
SEC699Offensive Operations
- 5 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 29 Hands-On Labs
- Slide 8 of 8
SEC760: Advanced Exploit Development for Penetration Testers
SEC760Offensive Operations
- 5 Days (Instructor-Led)
- 40 CPEs / 40 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
Digital Forensics Analyst
Digital Forensic Analyst uses advanced forensic skills to examine a wide range of digital media involved in investigations. This role requires expertise in evidence collection, as well as computer, smartphone, cloud, and network forensics. Analysts must also possess an investigative mindset. These experts analyze compromised systems or digital media to uncover the facts of what occurred. Digital evidence often contains footprints that physical forensic data or crime scene cannot provide.
- Slide 1 of 8
FOR498: Digital Acquisition and Rapid Triage
FOR498Digital Forensics and Incident Response
- GIAC Battlefield Forensics and Acquisition (GBFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 2 of 8
FOR500: Windows Forensic Analysis
FOR500Digital Forensics and Incident Response
- GIAC Certified Forensic Examiner (GCFE)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 3 of 8
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508Digital Forensics and Incident Response- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 4 of 8
FOR509: Enterprise Cloud Forensics and Incident Response
Major Updates FOR509Digital Forensics and Incident Response
- GIAC Cloud Forensics Responder (GCFR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 5 of 8
FOR518: Mac and iOS Forensic Analysis and Incident Response
FOR518Digital Forensics and Incident Response
- GIAC iOS and macOS Examiner (GIME)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 6 of 8
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR572Digital Forensics and Incident Response- GIAC Network Forensic Analyst (GNFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 7 of 8
FOR585: Smartphone Forensic Analysis In-Depth
FOR585Digital Forensics and Incident Response
- GIAC Advanced Smartphone Forensics (GASF)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 8 of 8
SEC501: Advanced Security Essentials - Enterprise Defender
SEC501Cyber Defense
- GIAC Certified Enterprise Defender (GCED)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 25 Hands-On Labs
Purple Teamer
In this role, you bring a deep understanding of both defensive (“Blue Team”) and offensive (“Red Team”) cybersecurity practices. Your responsibilities include organizing and automating adversary technique emulations, identifying potential new log sources and use cases to enhance SOC detection coverage, and recommending security controls to improve resilience against adversarial techniques. Additionally, you play a crucial role in fostering effective communication and collaboration between traditional defensive and offensive roles.
- Slide 1 of 4
SEC504: Hacker Tools, Techniques, and Incident Handling
Major Updates SEC504Offensive Operations- GIAC Certified Incident Handler Certification (GCIH)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 44 Hands-On Labs
- Slide 2 of 4
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
SEC599Offensive Operations
- GIAC Defending Advanced Threats (GDAT)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 25 Hands-On Labs
- Slide 3 of 4
SEC598: AI and Security Automation for Red, Blue, and Purple Teams
Major UpdatesAI-FOCUSED SEC598Offensive Operations, Artificial Intelligence
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 25 Hands-On Labs
- Slide 4 of 4
SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
SEC699Offensive Operations- 5 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 29 Hands-On Labs
Malware Analyst
Malware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. They delve deep into malicious software to understand the nature of the threat—how it infiltrated, the vulnerabilities it exploited, and actions, intentions, and potential impact. Whether extracting signatures for improved detection or generating threat intelligence to share across the industry, malware analysts are an indispensable investigative resource.
- Slide 1 of 5
FOR518: Mac and iOS Forensic Analysis and Incident Response
FOR518Digital Forensics and Incident Response- GIAC iOS and macOS Examiner (GIME)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 2 of 5
FOR585: Smartphone Forensic Analysis In-Depth
FOR585Digital Forensics and Incident Response- GIAC Advanced Smartphone Forensics (GASF)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 3 of 5
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
FOR610Digital Forensics and Incident Response- GIAC Reverse Engineering Malware (GREM)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 48 Hands-On Labs
- Slide 4 of 5
FOR710: Reverse-Engineering Malware: Advanced Code Analysis
FOR710Digital Forensics and Incident Response
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 12 Hands-On Labs
- Slide 5 of 5
SEC501: Advanced Security Essentials - Enterprise Defender
SEC501Cyber Defense- GIAC Certified Enterprise Defender (GCED)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 25 Hands-On Labs
Chief Information Security Officer (CISO) (Executve Cyber Leadership)
The CISO leads efforts to identify, develop, implement, and maintain processes that reduce information and IT risks across the organization. This role responds to incidents, establishing appropriate standards and controls, managing security technologies, and guiding the development, implementation, and enforcement of policies and procedures. The CISO is often responsible for information-related compliance initiatives, such as supervising efforts to achieve ISO/IEC 27001 certification for part or all of the organization. The CISO's influence typically extends across the entire organization, shaping its security posture and strategic priorities. Their leadership is essential to protecting the organization and aligning its security strategy with its overall mission and goals.
- Slide 1 of 9
LDR512: Security Leadership Essentials for Managers
LDR512Cybersecurity Leadership
- GIAC Security Leadership (GSLC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 2 of 9
LDR514: Security Strategic Planning, Policy, and Leadership
LDR514Cybersecurity Leadership
- GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 32 Hands-On Labs
- Slide 3 of 9
LDR516: Strategic Vulnerability and Threat Management
Major Updates LDR516Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 4 of 9
LDR520: Emerging Trends for Cyber Leaders: AI and Cloud
Major Updates LDR520Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 13 Hands-On Labs
- Slide 5 of 9
LDR521: Security Culture for Leaders
Major Updates LDR521Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 6 of 9
LDR551: Building and Leading Security Operations Centers
LDR551Cybersecurity Leadership
- GIAC Security Operations Manager (GSOM)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 19 Hands-On Labs
- Slide 7 of 9
LDR553: Cyber Incident Management
LDR553Cybersecurity Leadership
- GIAC Cyber Incident Leader (GCIL)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 28 Hands-On Labs
- Slide 8 of 9
SEC566: Implementing and Auditing CIS Controls
Major Updates SEC566Cybersecurity Leadership
- GIAC Critical Controls Certification (GCCC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 26 Hands-On Labs
- Slide 9 of 9
ICS418: ICS Security Essentials for Leaders
ICS418Industrial Control Systems Security
- 12 CPEs / 12 Hours (Self-Paced)
- Labs: 12 Hands-On Labs
Blue Teamer - All-Around Defender (Cyber Defense Analyst)
This role, which may go by various titles depending on the organization, requires a broad range of tasks and knowledge. The all-around defender, or Blue Teamer, often serves as the primary security contact in smaller organizations, taking on responsibilities such as engineering and architecture, incident triage and response, security tool administration, and more. This role is crucial, particularly in small to mid-size organizations that lack the budget for a full-fledged security team with specialized roles.
- Slide 1 of 5
SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations
Major Updates SEC450Cyber Defense
- GIAC Security Operations Certified (GSOC)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 2 of 5
SEC503: Network Monitoring and Threat Detection In-Depth
SEC503Cyber Defense
- GIAC Certified Intrusion Analyst (GCIA)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 37 Hands-On Labs
- Slide 3 of 5
SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
SEC511Cyber Defense
- GIAC Continuous Monitoring Certification (GMON)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 18 Hands-On Labs
- Slide 4 of 5
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
SEC530Cyber Defense
- GIAC Defensible Security Architecture (GDSA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 5 of 5
SEC555: Detection Engineering and SIEM Analytics
SEC555Cyber Defense
- GIAC Certified Detection Analyst (GCDA)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 18 Hands-On Labs
Security Architect (NICE) and Engineer
Security Architects and Engineers design, implement, and optimize a combination of network-centric and data-centric controls to balance prevention, detection, and response. These professionals take a holistic look at enterprise defense, building security into every layer of the organization. They balance business and technical requirements while adhering to security policies and procedures to implement defensible security architectures. A Security Architect and Engineer is a versatile Blue Teamer and cyber defender who possesses an arsenal of skills to protect an organization’s sensitive data—from endpoints to the cloud and across networks and applications.
- Slide 1 of 4
SEC503: Network Monitoring and Threat Detection In-Depth
SEC503Cyber Defense- GIAC Certified Intrusion Analyst (GCIA)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 37 Hands-On Labs
- Slide 2 of 4
SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
SEC511Cyber Defense- GIAC Continuous Monitoring Certification (GMON)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 18 Hands-On Labs
- Slide 3 of 4
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
SEC530Cyber Defense- GIAC Defensible Security Architecture (GDSA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 4 of 4
SEC549: Cloud Security Architecture
SEC549Cloud Security
- GIAC Cloud Security Architecture and Design (GCAD)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
Cyber Defense Incident Responder/Law Enforcement Counterintelligence Forensics Analyst
While preventing breaches is the ultimate goal, one unwavering truth in information security is that a sufficiently determined attacker will eventually succeed. When a breach is identified, incident responders are called into action to locate the attackers, minimize damage, and remove them from the environment. This role requires quick thinking, solid technical and documentation skills, and the ability to adapt to evolving attacker methodologies.
- Slide 1 of 11
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508Digital Forensics and Incident Response- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 2 of 11
FOR509: Enterprise Cloud Forensics and Incident Response
Major Updates FOR509Digital Forensics and Incident Response- GIAC Cloud Forensics Responder (GCFR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 3 of 11
FOR518: Mac and iOS Forensic Analysis and Incident Response
FOR518Digital Forensics and Incident Response- GIAC iOS and macOS Examiner (GIME)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 4 of 11
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR572Digital Forensics and Incident Response- GIAC Network Forensic Analyst (GNFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 5 of 11
FOR578: Cyber Threat Intelligence
FOR578Digital Forensics and Incident Response- GIAC Cyber Threat Intelligence (GCTI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 6 of 11
FOR608: Enterprise-Class Incident Response & Threat Hunting
FOR608Digital Forensics and Incident Response- GIAC Enterprise Incident Responder (GEIR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 7 of 11
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
FOR610Digital Forensics and Incident Response- GIAC Reverse Engineering Malware (GREM)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 48 Hands-On Labs
- Slide 8 of 11
FOR710: Reverse-Engineering Malware: Advanced Code Analysis
FOR710Digital Forensics and Incident Response- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 12 Hands-On Labs
- Slide 9 of 11
SEC402: Cybersecurity Writing: Hack the Reader
SEC402Cybersecurity Leadership
- 12 CPEs / 12 Hours (Self-Paced)
- Slide 10 of 11
SEC504: Hacker Tools, Techniques, and Incident Handling
Major Updates SEC504Offensive Operations- GIAC Certified Incident Handler Certification (GCIH)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 44 Hands-On Labs
- Slide 11 of 11
ICS515: ICS Visibility, Detection, and Response
ICS515Industrial Control Systems Security- GIAC Response and Industrial Defense (GRID)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
Cybersecurity Analyst/Engineer (Systems Security Analyst)
As one of the highest-paid roles in the cybersecurity field, this position requires advanced skills and expertise. Cybersecurity Analysts/Engineers must excel in threat detection, analysis, and protection. This role plays a vital part in safeguarding an organization’s data and maintaining its integrity. With cyber attackers constantly using new tools and strategies, cybersecurity analysts and engineers must stay informed about emerging threats and techniques to mount a strong defense.
- Slide 1 of 15
SEC401: Security Essentials - Network, Endpoint, and Cloud
SEC401Cyber Defense
- GIAC Security Essentials (GSEC)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 2 of 15
SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations
Major Updates SEC450Cyber Defense- GIAC Security Operations Certified (GSOC)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 3 of 15
SEC501: Advanced Security Essentials - Enterprise Defender
SEC501Cyber Defense- GIAC Certified Enterprise Defender (GCED)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 25 Hands-On Labs
- Slide 4 of 15
SEC503: Network Monitoring and Threat Detection In-Depth
SEC503Cyber Defense- GIAC Certified Intrusion Analyst (GCIA)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 37 Hands-On Labs
- Slide 5 of 15
SEC504: Hacker Tools, Techniques, and Incident Handling
Major Updates SEC504Offensive Operations- GIAC Certified Incident Handler Certification (GCIH)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 44 Hands-On Labs
- Slide 6 of 15
SEC510: Cloud Security Engineering and Controls
SEC510Cloud Security
- GIAC Public Cloud Security (GPCS)
- 5 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 52 Hands-On Labs
- Slide 7 of 15
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
SEC530Cyber Defense- GIAC Defensible Security Architecture (GDSA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 8 of 15
SEC540: Cloud Native Security and DevSecOps Automation
SEC540Cloud Security
- GIAC Cloud Security Automation (GCSA)
- 5 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 9 of 15
SEC549: Cloud Security Architecture
SEC549Cloud Security- GIAC Cloud Security Architecture and Design (GCAD)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 10 of 15
SEC555: Detection Engineering and SIEM Analytics
SEC555Cyber Defense- GIAC Certified Detection Analyst (GCDA)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 18 Hands-On Labs
- Slide 11 of 15
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508Digital Forensics and Incident Response- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 12 of 15
FOR509: Enterprise Cloud Forensics and Incident Response
Major Updates FOR509Digital Forensics and Incident Response- GIAC Cloud Forensics Responder (GCFR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 13 of 15
LDR551: Building and Leading Security Operations Centers
LDR551Cybersecurity Leadership- GIAC Security Operations Manager (GSOM)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 19 Hands-On Labs
- Slide 14 of 15
ICS410: ICS/SCADA Security Essentials
ICS410Industrial Control Systems Security
- GIAC Global Industrial Cyber Security Professional (GICSP)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 15 Hands-On Labs
- Slide 15 of 15
ICS456: Essentials for NERC Critical Infrastructure Protection
ICS456Industrial Control Systems Security
- GIAC Critical Infrastructure Protection (GCIP)
- 5 Days (Instructor-Led)
- 31 CPEs / 31 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
OSINT Investigator/Analyst
These resourceful professionals gather requirements from their customers and use open-sources intelligence (OSINT), primarily from internet resources, to collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets. Their mission is to gather, analyze, and report objective findings, providing with valuable insights to inform decision-making. They are the “finders of things” and “knowers of secrets.”
- Slide 1 of 3
SEC497: Practical Open-Source Intelligence (OSINT)
SEC497Cyber Defense
- GIAC Open Source Intelligence (GOSI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 29 Hands-On Labs
- Slide 2 of 3
SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
SEC587Cyber Defense
- GIAC Strategic OSINT Analyst (GSOA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 28 Hands-On Labs
- Slide 3 of 3
FOR578: Cyber Threat Intelligence
FOR578Digital Forensics and Incident Response- GIAC Cyber Threat Intelligence (GCTI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
Technical Director (Information Systems Security Manager)
The Technical Director defines technological strategies in collaboration with development teams, assesses risk, establishes standards and procedures to measure progress, and participates in creating and strengthening the cybersecurity team. With an ever-growing array of technologies requiring specialized management, a global shortage of cybersecurity talent, an unprecedented shift to cloud environments, and increasingly complex legal and regulatory compliance requirements, the Technical Director plays a key role in ensuring the organization’s operational success.
- Slide 1 of 6
LDR512: Security Leadership Essentials for Managers
LDR512Cybersecurity Leadership- GIAC Security Leadership (GSLC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 2 of 6
LDR514: Security Strategic Planning, Policy, and Leadership
LDR514Cybersecurity Leadership- GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 32 Hands-On Labs
- Slide 3 of 6
LDR516: Strategic Vulnerability and Threat Management
Major Updates LDR516Cybersecurity Leadership- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 4 of 6
LDR551: Building and Leading Security Operations Centers
LDR551Cybersecurity Leadership- GIAC Security Operations Manager (GSOM)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 19 Hands-On Labs
- Slide 5 of 6
SEC566: Implementing and Auditing CIS Controls
Major Updates SEC566Cybersecurity Leadership- GIAC Critical Controls Certification (GCCC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 26 Hands-On Labs
- Slide 6 of 6
ICS418: ICS Security Essentials for Leaders
ICS418Industrial Control Systems Security- 12 CPEs / 12 Hours (Self-Paced)
- Labs: 12 Hands-On Labs
Cloud Security Analyst
The Cloud Security Analyst oversees cloud security and day-to-day operations. This role contributes to designing, integrating, and testing tools for security management, recommending configuration improvements, assessing the organization’s overall cloud security posture, and providing technical expertise to guide organizational decisions.
- Slide 1 of 6
SEC502: Cloud Security Tactical Defense
SEC502Cloud Security
- GIAC Cloud Security Essentials (GCLD)
- 5 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 41 Hands-On Labs
- Slide 2 of 6
SEC510: Cloud Security Engineering and Controls
SEC510Cloud Security- GIAC Public Cloud Security (GPCS)
- 5 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 52 Hands-On Labs
- Slide 3 of 6
SEC541: Cloud Security Threat Detection
SEC541Cloud Security- GIAC Cloud Threat Detection (GCTD)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 4 of 6
SEC401: Security Essentials - Network, Endpoint, and Cloud
SEC401Cyber Defense- GIAC Security Essentials (GSEC)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 5 of 6
SEC588: Cloud Penetration Testing
Major Updates SEC588Offensive Operations
- GIAC Cloud Penetration Tester (GCPN)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 6 of 6
FOR509: Enterprise Cloud Forensics and Incident Response
Major Updates FOR509Digital Forensics and Incident Response- GIAC Cloud Forensics Responder (GCFR)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
Intrusion Detection/SOC Analyst (Cyber Defense Analyst)
Security Operations Center (SOC) Analysts collaborate with security engineers and SOC managers to implement prevention, detection, monitoring, and active response measures. They work closely with incident response teams to address security issues quickly and effectively. With an eye for detail and a focus on anomalies, SOC analysts excel at seeing things that others miss.
- Slide 1 of 6
SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations
Major Updates SEC450Cyber Defense- GIAC Security Operations Certified (GSOC)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 2 of 6
SEC503: Network Monitoring and Threat Detection In-Depth
SEC503Cyber Defense- GIAC Certified Intrusion Analyst (GCIA)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 37 Hands-On Labs
- Slide 3 of 6
SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
SEC511Cyber Defense- GIAC Continuous Monitoring Certification (GMON)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 18 Hands-On Labs
- Slide 4 of 6
SEC555: Detection Engineering and SIEM Analytics
SEC555Cyber Defense- GIAC Certified Detection Analyst (GCDA)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 18 Hands-On Labs
- Slide 5 of 6
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508Digital Forensics and Incident Response- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 6 of 6
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR572Digital Forensics and Incident Response- GIAC Network Forensic Analyst (GNFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
Security Awareness Officer (Security Awareness and Communication Manager)
Security Awareness Officers work alongside their security team to identify their organization’s top human risks and the behaviors that manage them. They develop and manage continuous programs to train and communicate with the workforce to promote secure behaviors. In highly mature programs, this role not only impacts workforce behavior but also creates a strong security culture across the organization. Human error has become one of the top drivers of incidents and breaches today, however, many organizations still focus solely on technical solutions. This role is pivotal in bridging the gap by addressing the human side of cybersecurity and is arguably one of the fastest-growing and most impactful fields in cybersecurity today.
- Slide 1 of 3
LDR433: Managing Human Risk
LDR433Cybersecurity Leadership
- SANS Security Awareness Professional (SSAP)
- 3 Days (Instructor-Led)
- 18 CPEs / 18 Hours (Self-Paced)
- Labs: 7 Hands-On Labs
- Slide 2 of 3
LDR521: Security Culture for Leaders
Major Updates LDR521Cybersecurity Leadership- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 3 of 3
LDR512: Security Leadership Essentials for Managers
LDR512Cybersecurity Leadership- GIAC Security Leadership (GSLC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
Vulnerability Researcher and Exploit Developer (Vulnerability Assessment Analyst)
In this role, you will work to find zero-day vulnerabilities—previously unknown weaknesses—in a wide range of applications and devices used by organizations and consumers. A Vulnerability Researcher and Exploit Developer’s missions is to find vulnerabilities before adversaries do. Without the expertise to research and find these types of vulnerabilities before the adversaries, the potential consequences can be devastating.
- Slide 1 of 3
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
SEC660Offensive Operations- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 2 of 3
SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
SEC670Offensive Operations- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 27 Hands-On Labs
- Slide 3 of 3
SEC760: Advanced Exploit Development for Penetration Testers
SEC760Offensive Operations- 5 Days (Instructor-Led)
- 40 CPEs / 40 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
Application Pen Tester (Secure Software Accessor)
Application Penetration Testers probe the security integrity of an organization’s applications and defenses by evaluating the attack surface of web-based services, client-side applications, servers-side processes, and more. By mimicking the tactics of a malicious attacker, they work to bypass security barriers and identify vulnerabilities that could lead to unauthorized access, sensitive data exposure, or exploitation through techniques like pivoting and lateral movement.
- Slide 1 of 6
SEC542: Web App Penetration Testing and Ethical Hacking
Major Updates SEC542Offensive Operations- GIAC Web Application Penetration Tester (GWAPT)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 2 of 6
SEC560: Enterprise Penetration Testing
SEC560Offensive Operations- GIAC Penetration Tester (GPEN)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 3 of 6
SEC575: iOS and Android Application Security Analysis and Penetration Testing
SEC575Offensive Operations
- GIAC Mobile Device Security Analyst (GMOB)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 4 of 6
SEC588: Cloud Penetration Testing
Major Updates SEC588Offensive Operations- GIAC Cloud Penetration Tester (GCPN)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 24 Hands-On Labs
- Slide 5 of 6
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
SEC660Offensive Operations- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 6 of 6
SEC760: Advanced Exploit Development for Penetration Testers
SEC760Offensive Operations- 5 Days (Instructor-Led)
- 40 CPEs / 40 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
ICS/OT Security Assessment Consultant (ICS/SCADA Security Engineer)
This role combines offensive security operations with expertise in critical process control environments essential to modern life. Industrial Control Systems/Operational Technology (ICS/OT) Security Consultants discover vulnerabilities in industrial control systems and work with asset owners and operators to mitigate risks, ensuring essential systems are protected against adversarial exploitation.
- Slide 1 of 5
SEC560: Enterprise Penetration Testing
SEC560Offensive Operations- GIAC Penetration Tester (GPEN)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 30 Hands-On Labs
- Slide 2 of 5
ICS410: ICS/SCADA Security Essentials
ICS410Industrial Control Systems Security- GIAC Global Industrial Cyber Security Professional (GICSP)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 15 Hands-On Labs
- Slide 3 of 5
ICS456: Essentials for NERC Critical Infrastructure Protection
ICS456Industrial Control Systems Security- GIAC Critical Infrastructure Protection (GCIP)
- 5 Days (Instructor-Led)
- 31 CPEs / 31 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 4 of 5
ICS515: ICS Visibility, Detection, and Response
ICS515Industrial Control Systems Security- GIAC Response and Industrial Defense (GRID)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 5 of 5
ICS612: ICS Cybersecurity In-Depth
ICS612Industrial Control Systems Security- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 31 Hands-On Labs
DevSecOps Engineer
A DevSecOps engineer develops automated security capabilities and integrates them into the DevOps pipeline using cutting-edge tools and processes. This role encompasses leadership in key areas such as vulnerability management, monitoring and logging, security operations, security testing, and application security, ensuring security is embedded throughout the software development lifecycle.
- Slide 1 of 4
SEC502: Cloud Security Tactical Defense
SEC502Cloud Security- GIAC Cloud Security Essentials (GCLD)
- 5 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 41 Hands-On Labs
- Slide 2 of 4
SEC510: Cloud Security Engineering and Controls
SEC510Cloud Security- GIAC Public Cloud Security (GPCS)
- 5 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 52 Hands-On Labs
- Slide 3 of 4
SEC522: Application Security: Securing Web Applications, APIs, and Microservices
SEC522Cloud Security
- GIAC Certified Web Application Defender (GWEB)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 21 Hands-On Labs
- Slide 4 of 4
SEC540: Cloud Native Security and DevSecOps Automation
SEC540Cloud Security- GIAC Cloud Security Automation (GCSA)
- 5 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
Media Exploitation Analyst (Cyber Crime Investigator)
Media Exploitation Analysts use digital forensic skills to analyze a wide range of media involved in investigations. If you’re passionate about investigating computer crimes and recovering file systems that have been hacked, damaged, or used in crime, this role could be your ideal career path. In this position, you will assist in the forensic examinations of computers and media from various sources to develop forensically sound evidence.
- Slide 1 of 6
FOR498: Digital Acquisition and Rapid Triage
FOR498Digital Forensics and Incident Response- GIAC Battlefield Forensics and Acquisition (GBFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 2 of 6
FOR500: Windows Forensic Analysis
FOR500Digital Forensics and Incident Response- GIAC Certified Forensic Examiner (GCFE)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
- Slide 3 of 6
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508Digital Forensics and Incident Response- GIAC Certified Forensic Analyst (GCFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 35 Hands-On Labs
- Slide 4 of 6
FOR518: Mac and iOS Forensic Analysis and Incident Response
FOR518Digital Forensics and Incident Response- GIAC iOS and macOS Examiner (GIME)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 23 Hands-On Labs
- Slide 5 of 6
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR572Digital Forensics and Incident Response- GIAC Network Forensic Analyst (GNFA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hands-On Labs
- Slide 6 of 6
FOR585: Smartphone Forensic Analysis In-Depth
FOR585Digital Forensics and Incident Response- GIAC Advanced Smartphone Forensics (GASF)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 22 Hands-On Labs
Start your cybersecurity career today
Cybersecurity is booming, and investing in your skills now can unlock incredible career opportunities. There’s never been a better time to pursue a career in cybersecurity. With demand for cybersecurity professionals outpacing supply, this field continues to offer strong career opportunities despite shifting economic trends. The right training and certifications can set you apart and help you stand out in a competitive market.
Whether you’re just starting out, advancing your career, or staying ahead of new threats, SANS courses deliver immediate value.
Are you new to cybersecurity, looking for a career change, or just want to enhance your skillset?
Get Started in 3 Easy Steps!
- Join the SANS Community – Gain access to our New2Cyber resources, cutting edge cybersecurity news, training, and free tools that can't be found elsewhere. Check out what we have available.
- Explore the Skills Roadmap – Plan your ideal career path with SANS.
- Contact Us – We’re here to help support you in your cybersecurity journey.
Your future in cybersecurity starts here.
