The SANS Cybersecurity Leadership Curriculum, through world-class training and GIAC Certifications, develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.

Senior Security Leader

Daily focus is on developing, leading, and growing the security program. Includes titles such as CISO, VP, Senior Manager, Director, or Officer.
  • Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the primary attack vector for cyber attackers. The most effective way to manage your organization's human risk is to establish a mature security awareness program that goes beyond compliance, changes people's behaviors, and ultimately creates a secure culture. This two-day intensive course, to include five interactive labs, will teach you the key concepts and skills needed to do just that, whether you are establishing a new program or maturing an existing one.

    Certification:
     SANS Security Awareness Professional (SSAP)

    • The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

      Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)

      • Cybersecurity leadership is no longer just about technology. It is ultimately about organizational change - change not only in how people think about cybersecurity but in what they prioritize and how they act, from the Board of Directors to every corner of the organization. Students will learn how to build, manage, and measure a strong cybersecurity culture by leveraging the latest in organizational change models and real-world lessons learned. In addition, students will apply everything they learn through a series of 16 interactive labs and case studies.

      • While the cloud environment may appear similar to running a traditional IT environment on the premises, the cloud solutions protection requirements are in fact very different because the traditional network perimeter is no longer the best line of defense, and the threat vectors are not the same. Effective defense of the organizations cloud environment requires significant planning and governance by a well-informed management team. This course provides the information security leaders need to drive a secure cloud model and leapfrog on security to leverage the security capabilities in the cloud. We will walk through the key aspects of managing cloud transition and ensuring security in the continuous operations post-migration that are common across organizations on the same journey. Nine scenario-based labs are include

      • If you are worried about leading or supporting a major cyber incident, then this is the course for you. MGT553: Cyber Incident Management focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine (9) case studies for hands-on learning.

      • New law on privacy, e-discovery and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the cybersecurity team. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies, and records management procedures.

        Certification:
        GIAC Law of Data Security & Investigations (GLEG)

        Security Manager

        Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
        • Performing IT security audits at the enterprise level can be an overwhelming task. Its difficult to know where to start and which controls should be audited first. Audits often focus on things that are not as important, wasting precious time and resources. Management is left in the dark about the real risk to the organization's mission. Operations staff cannotuse the audit report to reproduce or remediate findings. AUD507 gives the student the tools, techniques and thought processes required to perform meaningful risk assessments and audits. Learn to use risk assessments to recommend which controls should be used and where they should be placed. Know which tools will help you focus your efforts and learn how to automate those tools for maximum effectiveness.

          Certification: GIAC Systems and Network Auditor (GSNA)
          • MGT415 will provide students with an introduction to thinking practically about risk management and teach the skills necessary to perform risk assessments. Not only will students learn foundational concepts of risk, but they will be given templates and tools that they can take back to their office immediately after class to perform risk assessments. Throughout the class students will learn introductory concepts of Governance, Risk, and Compliance (GRC) that they can use to mature their cyber security programs.

          • Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the primary attack vector for cyber attackers. The most effective way to manage your organization's human risk is to establish a mature security awareness program that goes beyond compliance, changes people's behaviors, and ultimately creates a secure culture. This two-day intensive course, to include five interactive labs, will teach you the key concepts and skills needed to do just that, whether you are establishing a new program or maturing an existing one.

            Certification:
            SANS Security Awareness Professional (SSAP)
          • Security managers need both technical knowledge and management skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. This course empowers you to become an effective security manager and get up to speed quickly on information security issues and terminology. You won't just learn about security, you will learn how to manage and lead security teams and programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.


            Certification:
             GIAC Security Leadership (GSLC)

          • Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable. This course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 16 Cyber42 and lab exercises

          • While the cloud environment may appear similar to running a traditional IT environment on the premises, the cloud solutions protection requirements are in fact very different because the traditional network perimeter is no longer the best line of defense, and the threat vectors are not the same. Effective defense of the organizations cloud environment requires significant planning and governance by a well-informed management team. This course provides the information security leaders need to drive a secure cloud model and leapfrog on security to leverage the security capabilities in the cloud. We will walk through the key aspects of managing cloud transition and ensuring security in the continuous operations post-migration that are common across organizations on the same journey. Nine scenario-based labs are included.

          • Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value.

            Certification: GIAC Certified Project Manager (GCPM)

            • Information technology is so tightly woven into the fabric of modern business that cyber risk has become business risk. SOC teams are facing more pressure than ever before to help manage this risk by identifying and responding to threats across a diverse set of infrastructures, business processes, and users. Furthermore, SOC managers are in the unique position of having to bridge the gap between business processes and the highly technical work that goes on in the SOC. MGT551 students will learn how to design their defenses around their unique organizational requirements and risk profile. We will give you the tools to build an intelligence-driven defense, measure progress towards your goals, and develop more advanced processes like threat hunting, active defense, and continuous SOC assessment. 15 Hands-On Exercises

              Certification:
               GIAC Security Operations Manager (GSOM)

              • High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using vetted cybersecurity frameworks and standards. Students will specifically learn how to navigate security control requirements defined by the Center for Internet Security's (CIS) Controls (v7.1 / 8.0), the NIST Cybersecurity Framework (CSF) the Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, ISO/IEC 27000, and other frameworks into a cohesive strategy to defend their organization while complying with industry standards.

                Certification:
                 GIAC Critical Controls Certification (GCCC)