Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!

SANS Management Curriculum - Developing Cyber Leaders

Introducing the SANS Management Triads

In an effort to help our students find the right path, SANS Management Curriculum has created two cybersecurity leadership triads that align to help create stronger, more well-rounded cybersecurity leaders.

Learn More


Security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. The Management Curriculum develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.


Cybersecurity requires engagement from all levels of leadership throughout an organization. The key difference between these different levels is the amount of technical knowledge and business knowledge that is required to succeed. Technology knowledge is invariably greater as you move down the pyramid while business knowledge increases as you move up the pyramid. Roles and titles will vary across organizations of different sizes and industries but the amount of technical knowledge that an engineer or analyst requires is vastly different from that which a CISO or even a VP of Security might require. However, as a security leader or manager we are in a difficult situation. We need to have enough technical acumen to understand our team, resolve technical disagreements, and weigh in on appropriate technical direction. At the same time, we must have enough business understanding to convey technical security topics in ways that non-technical leaders can understand and translate business drivers to our teams in ways that they in turn can understand. That is the focus of this curriculum. To give security managers both the technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives.


With corporations in need of protecting against an endless and increasing onslaught of information security threats, technology management skills alone are no longer sufficient. Today it is about technology, business strategy, and people. Cybersecurity leaders need to be up to speed on information security issues from a technical standpoint, understand how to implement security planning into the broader business objectives, and be able to build a longer lasting security and risk-based culture. Adjusting employees' and leadership's way of thinking about security in order to prioritize and act to prevent today's most common cybersecurity attacks requires organizational change that affects the foundational culture of the organization. A transformational cybersecurity leader will be able to strategize and apply concepts, management tools, and methodologies in order to analyze the current situation, identify target state, perform a gap analysis, and develop a comprehensive roadmap that includes employees at all levels of the organization in every type of job role. The SANS Management Transformational Cybersecurity Leader triad ensures a cyber security manager is proficient in all three key pillars by providing a complete, curated package of education to support you along your path to becoming the strongest cybersecurity leader possible in today's dynamic, online world.


As cyber attacks become more common and more expensive, many organizations are making a foundational shift to view operations from the point of view of an adversary, in order to protect their most sensitive information. Despite vulnerability tools and programs being available for several decades, breaches still happen regularly from known vulnerabilities. With a wide range of technologies in use requiring more time and knowledge to manage, a global shortage of cybersecurity talent, an unprecedented migration to cloud, and legal and regulatory compliance often increasing and complicating the matter more, it's no wonder we've seen frustration in the eyes of information assurance engineers, auditors, SOC analysts, and cybersecurity managers who are trying to make a difference in their organizations by better defending their data systems. Some organizations even wonder if they will ever succeed at properly protecting their information. Do not give up! The SANS Operational Cybersecurity Executive triad is here to help you build, grow, and sharpen your cyber defense team! The combination of these courses will help you understand security controls as well as how to implement and audit them, improve your ability to create an effective, comprehensive vulnerability management model that helps guide which threats need attention and how to continually mature your security operations, in turn saving you time, money, and hours of frustration.


Do you need to get up to speed on leading and building a world-class cybersecurity team?

The SANS Management Curriculum is here to help. Our management courses cover key technical and leadership skills that all modern cybersecurity leaders need to have. We teach you how to speak the same language as those you are working with, manage security for your organization in a way that incorporates business, technical, and operational drivers, develop yourself from a manager into a leader, motivate employees, manage IT projects, leverage functionality available for vulnerability management within the cloud, and more. Check out our full line up of courses below.


MGT512: Security Leadership Essentials for Managers

Associated Certification: GSLC: GIAC Security Leadership

Security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics.

Learn More

MGT414: SANS Training Program for CISSP® Certification

Associated Certification: GISP: GIAC Information Security Professional

SANS MGT414: SANS Training Program for CISSP® Certification is an accelerated review course that is specifically designed to prepare students to successfully pass the CISSP® exam.MGT414 focuses solely on the 8 domains of knowledge as determined by (ISC)2 that form a critical part of CISSP® exam.

Learn More

MGT525: IT Project Management, Effective Communication, and PMP® Exam Prep

Associated Certification: GCPM: GIAC Certified Project Manager

SANS MGT525: IT Project Management, Effective Communication, and PMP® Exam Prep is offered by The SANS Institute, a PMI® Registered Education Provider (R.E.P.). R.E.P.s provide the training necessary to earn and maintain the Project Management Professional (PMP)® and other professional credentials. PMP is a registered mark of Project Management Institute, Inc. This course has been recently updated to fully prepare you for the 2020 PMP® exam changes.

Learn More

MGT415: A Practical Introduction to Cyber Security Risk Management

In this course students will learn the practical skills necessary to perform regular risk assessments for their organizations. The ability to perform risk management is crucial for organizations hoping to defend their systems. There are simply too many threats, too many potential vulnerabilities that could exist, and simply not enough resources to create an impregnable security infrastructure.

Learn More

SEC440: Critical Security Controls: Planning, Implementing, and Auditing

This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS). These Critical Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations.

Learn More


MGT514: Security Strategic Planning, Policy, and Leadership

Associated Certification: GSTRT: GIAC Strategic Planning, Policy, and Leadership

As security professionals we have seen the landscape change. Cybersecurity is now more vital and relevant to the growth of your organization than ever before. As a result, information security teams have more visibility, more budget, and more opportunity. However, with this increased responsibility comes more scrutiny.

Learn More

MGT516: Managing Security Vulnerabilities: Enterprise & Cloud     NEW

Vulnerabilities are everywhere. There are new reports of weaknesses within our systems and software every time we turn around. Directly related to this is an increase in the quantity and severity of successful attacks against these weaknesses. Managing vulnerabilities in any size organization is challenging. Enterprise environments add scale and diversity that overwhelm many IT security and operations organizations. Add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, and security may seem unachievable.

Learn More

SEC566: Implementing & Auditing the Critical Security Controls

Associated Certification: GCCC: GIAC Critical Controls Certification

Cybersecurity attacks are increasing and evolving so rapidly that it is more difficult than ever to prevent and defend against them. Does your organization have an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches? This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS).

Learn More

MGT551: Building and Leading Security Operations Centers     BETA

MGT551 is a course designed to teach students how to build and operate a security operations center. The 2-day course contains 3 main sections - building the SOC, operating the SOC, and continuously improving the SOC, each containing research and best practice in the related areas. Throughout the course I plan to include 6 hands-on labs using open-source SOC tools that will demonstrate the concepts taught and give students an idea of the outstanding possibilities available with purely free tools.

Learn More


AUD507: Auditing & Monitoring Networks, Perimeters, and Systems

Associated Certification: GSNA: GIAC Systems and Network Auditor

Performing IT security audits at the enterprise level can be a daunting task. How should you determine which systems to audit first? How do you assess the risk to the organization related to information systems and business processes? What settings should you check on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? How do you turn this into a continuous monitoring process? The material covered in this course will answer all of these questions and more.

Learn More

LEG523: Law of Data Security and Investigation

Associated Certification: GLEG: GIAC Law of Data Security & Investigations

New law on privacy, e-discovery, and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the cybersecurity team. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies, and insurance security questionnaires.

Learn More

MGT433: How to Build, Maintain, and Measure a Mature Awareness Program

Associated Certification: SSAP SANS Security Awareness Professional

Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the most common target for cyber attackers. The most effective way to secure the human element is to establish a mature security awareness program that goes beyond just compliance, changes peoples' behaviors and ultimately creates a secure culture.

Learn More

MGT521: Driving Cybersecurity Change     NEW

Cybersecurity is no longer just about technology it is ultimately about organizational change. Change in not only how people think about security but what they prioritize and how they act, from the Board of Directors on down. Organizational change is a field of management study that enables organizations to analyze, plan, and then improve their operations and structures by focusing on people and culture.

Learn More


Cyber42 is a security leadership simulation game where students play to improve the security culture, manage the budget and schedule, improve security capabilities, and effectively handle the vulnerability management at a fictional organization. This puts students in real-world scenarios that spur discussion and critical thinking of situations that they will encounter at work. Originally designed for MGT512, this game is also being added to MGT516 in December 2020 and MGT514 in Q1-21.



Test drive world-class SANS training for FREE. See our top SANS Instructors in action, evaluate course subject matter and difficulty level, and try out the features of our battle-tested OnDemand platform with about an hour of free content. These free management course demos are designed to take under 30 minutes to complete. They contain takeaway lessons that you can immediately apply to your day-to-day work.

Browse Course Demos  


SANS Information Security Webcasts are live web broadcasts combining knowledgeable speakers with presentation slides. SANS offers several types of webcasts designed to provide valuable information and enhance your security education. Below are links to a few Management specific webcasts. For more, please visit www.sans.org/webcasts.


SANS has an active blog, searchable by topic area. Below are links directly to a few of our favorites for management. To read more blogs on Security Management, Legal, and Audit, please visit here.


The SANS Management Curriculum faculty has compiled a list of books highly recommended for leadership and management. There is a wide range of topics and styles from leadership, to technical, to fables, presenting, writing, inspiring others, and more.

Browse Books  

While these resources below have been designed for specific courses, they are available and useful for many courses and people in cybersecurity management and leadership.


Download our free posters, created by SANS authors and instructors to provide useful information in an easy-to-follow visual format.


The ultimate recognition to elite Cybersecurity professionals. Hundreds of SANS Institute students have stepped up to the challenge and conquered. They've mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of the SANS Challenge Coins, an award given to a select portion of the thousands of students that have taken SANS courses.


Connect with us to stay on top of the latest and greatest information and happenings in the SANS Management and cybersecurity leadership world.

Twitter: @secleadership
LinkedIn: SANS Security Leadership