Two More Days to Get a $400 Amazon Gift Card with qualifying OnDemand course purchase! Don't Miss Out!

Stay Sharp: Europe 2020 - Live Online

Virtual, Central European Time | Mon, Nov 23 - Tue, Nov 24, 2020

MGT521: Driving Cybersecurity Change - Establishing a Culture of Protect, Detect and Respond Beta

Mon, November 23 - Tue, November 24, 2020

Course Syllabus  ·  12 CPEs  ·  Laptop Not Needed
Instructor: Russell Eubanks

Build and Measure a Strong Security Culture to Secure Your Workforce.

MGT521: Leading Cybersecurity Change: Building a Security-Based Culture WILL PREPARE YOU TO:

  • More effectively communicate to your Board of Directors and executives, collaborate with your peers, and engage your workforce
  • Explain what culture is, its importance to cybersecurity, and how to map and measure both your organization's overall culture and security culture
  • Align your cybersecurity culture to your organization's strategy, including how to leverage different security frameworks and maturity models
  • Explain what organizational change is, identify different models for creating change, and learn how to apply those models
  • Enable and secure your workforce by integrating cybersecurity into all aspects of your organization's culture
  • Dramatically improve both the effectiveness and impact of large-scale security initiatives
  • Create and effectively communicate business cases to leadership and gain their support for your security initiatives and security in general
  • Leverage numerous templates and resources from the Digital Download Package and Community Forum that are part of the course and which you can then build on right away


Cybersecurity management is no longer just about technology. It is ultimately about organizational change - change not only in how people think about security but in what they prioritize and how they act, from the Board of Directors to every corner of the organization. Organizational change is a field of management study that enables leaders to analyze, plan, and then improve their operations and structures by focusing on people and culture.

Drawing on real-world lessons from around the world, the SANS MGT521 course will teach you how to leverage the principles of organizational change in order to develop, maintain, and measure a security-driven culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply the concepts of organizational change to a variety of different security initiatives and quickly learn how to embed security into your organization's culture.


The course is recommended for more senior and/or more experienced cybersecurity managers, officers, and awareness professionals. If you are new to cybersecurity, we recommend some of SANS's more basic courses, such as SEC301, SEC401, or MGT433.



This five-session course includes 17 interactive labs that walk you through exercises and apply the lessons learned to a variety of typical real-world situations and challenges. Many of the labs are carried out as teams, ensuring that you learn not only from the course materials but from other students and their experiences. Culture is a very human and global challenge, and as such we want to expose you to as many different situations and perspectives as possible. No Laptop Required. "Labs" are group case studies with no computers needed.


  • Digital Download Package: A collection of templates, checklists, matrices, reports, and other resources that will help you in your cybersecurity career. This package is continually updated and is based on resources that real cybersecurity leaders have used in developing their own cybersecurity cultures. Why reinvent the wheel when you can reuse or reshape what has worked for others!
  • Community Forum: An opportunity to join the private, invitation-only Community Forum dedicated to the human element. The forum currently has over 1,500 active members!


For those of you who are looking to get involved in this field, or are already involved but looking to grow, consider reading this blog on how to develop your career path.


MGT512: Security Leadership Essentials for Managers

MGT514: Security Strategic Planning, Policy, and Leadership

Course Syllabus

Russell Eubanks
Mon Nov 23rd, 2020
9:00 AM - 12:15 PM CET
1:30 PM - 5:00 PM CET


Day 1 begins by demonstrating how security is ultimately about organizational change, technology alone will no longer solve the problem. We explain what culture is and how it applies to cybersecurity, how to change culture by leveraging different change management frameworks, and how to motivate the desire for change.

  • Exercise 01 - Understanding Your Security Culture
  • Exercise 02 - Marketing Password Managers
  • Exercise 03 - Developing Personas of Developers
  • Exercise 04 - Marketing DevSecOps

CPE/CMU Credits: 6

  • Human Side of Security
  • Case Study - Equifax Congressional Report
  • Defining Culture
  • Mapping Organizational Culture
  • Defining and Mapping Security Culture
  • Identifying Desired Security Culture
  • Defining and Leveraging Change Management Frameworks
    • ADKAR
    • Kotter 8 Steps
  • Project Charters

Russell Eubanks
Tue Nov 24th, 2020
9:00 AM - 12:15 PM CET
1:30 PM - 5:00 PM CET


Day 2 focuses on enabling change. Communicating with people and engaging and motivating them is half the battle. We also have to enable people to change. This begins by making security as easy as possible. Far too often the policies, processes and procedures we create are complex, intimidating or difficult to follow. We have to prioritize and simplify, then engage and effectively train the workforce on its own terms to enable this change. In this course section, we will structure a plan that facilitates organizational change, leading to a more secure culture. We'll also track, measure, and communicate the impact of that change.

  • Exercise 05 - Learning Objectives
  • Exercise 06 - Incident Response
  • Exercise 07 - Vulnerability Management Charter

CPE/CMU Credits: 6

  • Safety: Survive vs. Thrive
  • Start With Why

    • WIIFM
  • Know Your Audience

    • Marketing Personas
  • Marketing Change

    • AIDA Marketing Model
  • Motivating Global Change

    • Security Ambassadors
  • Incentivizing Change

    • Recognition
  • Motivating Stakeholders

    • Stakeholder Support Matrix

Additional Information

  • Chief Information Security Officers
  • Chief Risk Officers/Risk Management Leaders
  • Security Awareness/Communications Managers
  • Senior Security Managers Who Lead Large-scale Security Initiatives
  • Information Security Managers, Officers, and Directors
  • Information Security Architects and Consultants
  • Aspiring Information Security Leaders
  • Business Continuity/Disaster Recover Leaders
  • Privacy/Ethics Officers
  • Three to five years of experiences in cybersecurity
  • Having taken the SANS MGT433, MGT512, or MGT514 courses, while not required, will be helpful

Author Statement

"For far too long, cybersecurity has been perceived as purely a technical challenge. Organizations and leaders are now realizing that we also have to address the human side of cybersecurity management. From securing your workforce's behavior to engaging and training developers, IT staff, and other departments, security today depends on your ability to engage and partner with others. In other words, your security culture is becoming just as important as your technology. MGT521 will provide the frameworks, roadmaps, and skills you need to successfully embed a comprehensive, organization-wide cybersecurity culture. In addition, the course will provide you the resources to measure and communicate the impact to members of your leadership, ensuring their long-term support."

- Lance Spitzner and Russell Eubanks

"Lance has the best knowledge and experience to share in this field." - Lindsay O'Bannon, Deloitte Global