| NewSEC505: Securing Windows and PowerShell Automation | | | | | | | | |
| NewSEC564: Red Team Exercises & Adversary Emulation | | | | | | | | |
| NewFOR498: Battlefield Forensics & Data Acquisition | | | | | | | | |
| NewHOSTED: Successful Infosec Consulting | | | | | | | | |
| SEC401: Security Essentials Bootcamp Style | | | | | | | | |
| SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling | | | | | | | | |
| SEC560: Network Penetration Testing and Ethical Hacking | | | | | | | | |
| FOR500: Windows Forensic Analysis | | | | | | | | |
| SEC503: Intrusion Detection In-Depth | | | | | | | | |
| MGT512: Security Leadership Essentials For Managers | | | | | | | | |
| FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | | | | | | | | |
| MGT414: SANS Training Program for CISSP® Certification | | | | | | | | |
| FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | | | | | | | | |
| SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | | | | | | | | |
| SEC501: Advanced Security Essentials - Enterprise Defender | | | | | | | | |
| SEC566: Implementing and Auditing the Critical Security Controls - In-Depth | | | | | | | | |
| SEC617: Wireless Penetration Testing and Ethical Hacking | | | | | | | | |
| SEC301: Introduction to Cyber Security | | | | | | | | |
| LEG523: Law of Data Security and Investigations | | | | | | | | |
| SEC440: Critical Security Controls: Planning, Implementing, and Auditing | | | | | | | | |
| SEC506: Securing Linux/Unix | | | | | | | | |
| MGT514: Security Strategic Planning, Policy, and Leadership | | | | | | | | |
| MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program | | | | | | | | |
| SEC580: Metasploit Kung Fu for Enterprise Pen Testing | | | | | | | | |
| SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques | | | | | | | | |
| FOR526: Advanced Memory Forensics & Threat Detection | | | | | | | | |
| SEC450: Blue Team Fundamentals: Security Operations and Analysis | | | | | | | | |
| SEC455: SIEM Design & Implementation | | | | | | | | |
| SEC460: Enterprise Threat and Vulnerability Assessment | | | | | | | | |
| SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis | | | | | | | | |
| SEC511: Continuous Monitoring and Security Operations | | | | | | | | |
| SEC530: Defensible Security Architecture and Engineering | | | | | | | | |
| SEC534: Secure DevOps: A Practical Introduction | | | | | | | | |
| SEC540: Cloud Security and DevOps Automation | | | | | | | | |
| SEC545: Cloud Security Architecture and Operations | | | | | | | | |
| SEC555: SIEM with Tactical Analytics | | | | | | | | |
| SEC573: Automating Information Security with Python | | | | | | | | |
| SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | | | | | | | | |
| SEC760: Advanced Exploit Development for Penetration Testers | | | | | | | | |
| FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | | | | | | | | |
| FOR578: Cyber Threat Intelligence | | | | | | | | |
| FOR585: Smartphone Forensic Analysis In-Depth | | | | | | | | |
| MGT415: A Practical Introduction to Cyber Security Risk Management | | | | | | | | |
| ICS410: ICS/SCADA Security Essentials | | | | | | | | |
| Core NetWars Tournament | | | | | | | | |
| Cyber Defense NetWars Tournament | | | | | | | | |
| DFIR NetWars Tournament | | | | | | | | |
| Arcane Web and Mobile Application Vulnerabilities Instructor: Bojan Zdrnja - SANS ISC Handler | | | | | | | | |
| Catch and release: phishing techniques for the good guys Instructor: Jan Kopriva, SANS ISC Handler | | | | | | | | |
| Cloud Security Attacks and Defenses: Cybersecurity 101? Instructor: Frank Kim | | | | | | | | |
| Coalfire Penetration Testers Charged with Criminal Trespass Instructor: Benjamin Wright | | | | | | | | |
| Coffee & Donuts with the College Students | | | | | | | | |
| From the Linux Forensic Files Instructor: Hal Pomeranz | | | | | | | | |
| General Session - Welcome to SANS Instructor: Dr. Johannes Ullrich | | | | | | | | |
| Hacking the SRUM and other Devious New Ways to Interrogate Windows Instructor: Alissa Torres | | | | | | | | |
| Leveraging Caldera to the max - Additional development! Instructor: Erik Van Buggenhout | | | | | | | | |
| Modern Information Security; It's All About AppSec Instructor: Adrien de Beaupre | | | | | | | | |
| Moving Past Just Googling It: Harvesting and Using OSINT Instructor: Micah Hoffman | | | | | | | | |
| SIEMtervention - Moving SIEM from collection to detection Instructor: Justin Henderson | | | | | | | | |
| State of the Internet Panel Discussion Instructor: Dr. Johannes Ullrich, ISC Director, Marcus Sachs, and Internet Storm Center Handlers | | | | | | | | |
| The CIS Critical Controls - Security Basics (with PowerShell) on a Zero Dollar Budget Instructor: Rob Vandenbrink - SANS ISC Handler | | | | | | | | |
| The Hackers Apprentice Instructor: Mark Baggett | | | | | | | | |
| To Know or Not to Know: The Difference Between the Neutralized Incident and the Materialized Incident Instructor: Manuel Humberto Santander Pelaez, SANS ICS Handler | | | | | | | | |
| Virtuous Cycles: Rethinking the SOC for Long-term Success Instructor: John Hubbard | | | | | | | | |
| Welcome Reception & Early Check-In | | | | | | | | |
