The SANS Cybersecurity Leadership Curriculum, through world-class training and GIAC Certifications, develops cyber leaders who have the practical skills to build and lead security teams, communicate with technical and business leaders alike, and develop capabilities that build your organization's success.
Senior Security Leader
LDR514: Security Strategic Planning, Policy, and Leadership (Certification: GSTRT)
The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.
Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
LDR519: Cybersecurity Risk Management and Compliance™
LDR519: Cybersecurity Risk Management and Compliance, addresses a significant problem in the cybersecurity domain: the challenge of effectively managing and mitigating cybersecurity risks while ensuring regulatory compliance. This problem is increasingly relevant due to the complex and evolving nature of cyber threats, which can significantly impact organizational operations, data security, and overall business continuity. This comprehensive course delves into threat modeling, safeguard frameworks, and risk analytics to equip you with the skills needed to manage cybersecurity risks effectively. Learn to prioritize threats, select appropriate safeguards, and ensure regulatory compliance. Gain practical insights through multiple real-world case studies and SANS Cyber42 simulations that enhance your understanding of cybersecurity governance and program management. Join us to master the art of risk management and compliance, and secure your organization's digital future.
LDR520: Cloud Security for Leaders™
This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.
LDR521: Security Culture for Leaders™
This Security Culture for Leaders course will teach and enable today's cybersecurity leaders to build, manage, and measure a strong security culture. Cybersecurity leadership is no longer just about technology. It is ultimately about culture - not only what people think and feel about security but how they act, from the Board of Directors to every corner of the organization. As a result of this cyber security culture course, students will not only create an engaged and far more secure workforce, but also lead more effective and successful security initiatives. In addition, students will apply everything they learn through a series of 12 interactive team labs, numerous case studies and the Cyber42 leadership simulation capstone.
LDR553: Cyber Incident Management™ (Certification: GCIL)
If you are worried about leading or supporting a major cyber incident, then this is the course for you. You cannot predict or pick when your organization will face a major cyber incident, but you can choose how prepared you are when it happens. While there are broad technical aspects to cyber incidents there is also a myriad of other activities that generally fall to executives, managers, legal, press, and human relations staff. These include communicating both internally and externally, considering the battle rhythm, and a look at methodologies for tracking information gathered and released to the public. This cyber incident management training course focuses on the challenges facing leaders and incident commanders as they work to bring enterprise networks back online and get business moving again.
Certification: GIAC Cyber Incident Leader (GCIL)
Security Manager
LDR419: Performing A Cybersecurity Risk Assessment™
Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. Understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the practical, hands-on skills they need to perform such risk assessments.
LDR512: Security Leadership Essentials for Managers™ (Certification: GSLC)
Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.
Certification: GIAC Security Leadership (GSLC)
LDR516: Building and Leading Vulnerability Management Programs™
Vulnerability, patch, and configuration management are not new enterprise security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage security vulnerability capabilities effectively. The quantity of outstanding vulnerabilities for most enterprise organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new security vulnerabilities in their infrastructure and applications. When you add in the cloud, and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, enterprise security may seem unachievable. This vulnerability management training course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 21 Cyber42 and 15 lab exercises.
LDR520: Cloud Security for Leaders™
This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.
LDR525: Managing Cybersecurity Initiatives & Effective Communication™ (Certification: GCPM)
Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value. 35 Exercises.
Certification: GIAC Certified Project Manager (GCPM)
LDR551: Building and Leading Security Operations Centers™ (Certification: GSOM)
If you are a SOC manager or leader looking to unlock the power of proactive, intelligence-informed cyber defense, then LDR551 is the perfect course for you! In a world where IT environments and threat actors evolve faster than many teams can track, position your SOC to defend against highly motivated threat actors. Highly dynamic modern environments require a cyber defense capability that is forward-looking, fast-paced, and intelligence-driven. This SOC manager training course will guide you through these critical activities from start to finish and teach you how to design defenses with your organization's unique risk profile in mind. Walk away with the ability to align your SOC activities with organizational goals. 17 hands-on exercises + Cyber42 interactive leadership simulations.
Certification: GIAC Security Operations Manager (GSOM)
SEC566: Implementing and Auding CIS Controls™ (Certification: GCCC)
High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using vetted cybersecurity frameworks and standards. Students will specifically learn how to navigate security control requirements defined by the Center for Internet Security's (CIS) Controls (v7.1 / 8.0), the NIST Cybersecurity Framework (CSF) the Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, ISO/IEC 27000, and other frameworks into a cohesive strategy to defend their organization while complying with industry standards.
Certification: GIAC Critical Controls Certification (GCCC)
Transformational Leader
LDR512: Security Leadership Essentials for Managers™ (Certification: GSLC)
Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, cloud security, application security, DevSecOps, generative AI (GenAI) security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.
Certification: GIAC Security Leadership (GSLC)
LDR514: Security Strategic Planning, Policy, and Leadership™ (Certification: GSTRT)
The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 9 case scenarios, and responded to 20 Cyber42 events.
Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)
LDR521: Security Culture for Leaders™
Are you struggling to get everyone in your organization to care about and buy into cybersecurity? Do you feel like you are battling an uphill battle regarding cybersecurity with both your executive leadership and your workforce? Learn how to engage and transform your organization into cybersecurity's biggest believers and supporters by institutionalizing a strong security culture. In addition, students will apply everything they learn through a series of eleven interactive team labs, numerous case studies, and the chance to earn the LDR521 Challenge Coin in the Cyber42 leadership simulation capstone.
Operational Leader
LDR516: Building and Leading Vulnerability Management Programs™
Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable. This course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 16 Cyber42 and lab exercises
LDR551: Building and Leading Security Operations Centers™ (Certification: GSOM)
If you are a SOC manager or leader looking to unlock the power of proactive, intelligence-informed cyber defense, then LDR551 is the perfect course for you! In a world where IT environments and threat actors evolve faster than many teams can track, position your SOC to defend against highly motivated threat actors. Highly dynamic modern environments require a cyber defense capability that is forward-looking, fast-paced, and intelligence-driven. This SOC manager training course will guide you through these critical activities from start to finish and teach you how to design defenses with your organization's unique risk profile in mind. Walk away with the ability to align your SOC activities with organizational goals. 17 hands-on exercises + Cyber42 interactive leadership simulations.
Certification: GIAC Security Operations Manager (GSOM)
SEC566: Implementing and Auditing CIS Controls™ (Certification: GCCC)
High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using a vetted cybersecurity control standard. Students will specifically learn how to implement, manage, and assess security control requirements defined by the Center for Internet Security's (CIS) Controls. Students will gain direct knowledge of the CIS Controls and ecosystem of tools to implement CIS controls across organizations complex networks, including cloud assets. 17 Lab Exercises and a program management simulation.
Certification: GIAC Critical Controls Certification (GCCC)
Cyber Risk Officer
LDR512: Security Leadership Essentials for Managers™ (Certification: GSLC)
Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, cloud security, application security, DevSecOps, generative AI (GenAI) security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.
Certification: GIAC Security Leadership (GSLC)
LDR519: Cybersecurity Risk Management and Compliance™
LDR519: Cybersecurity Risk Management and Compliance, addresses a significant problem in the cybersecurity domain: the challenge of effectively managing and mitigating cybersecurity risks while ensuring regulatory compliance. This problem is increasingly relevant due to the complex and evolving nature of cyber threats, which can significantly impact organizational operations, data security, and overall business continuity. This comprehensive course delves into threat modeling, safeguard frameworks, and risk analytics to equip you with the skills needed to manage cybersecurity risks effectively. Learn to prioritize threats, select appropriate safeguards, and ensure regulatory compliance. Gain practical insights through multiple real-world case studies and SANS Cyber42 simulations that enhance your understanding of cybersecurity governance and program management. Join us to master the art of risk management and compliance, and secure your organization's digital future.
LDR553: Cyber Incident Management™ (Certification: GCIL)
If you are worried about leading or supporting a major cyber incident, then this is the course for you. LDR553: Cyber Incident Management focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine (9) case studies for hands-on learning.
Certification: GIAC Cyber Incident Leader (GCIL)
SANS Cybersecurity Leadership Triads
In an effort to help our students find the right path, we have created an over-arching pyramid and two cybersecurity management triads that align to help create stronger, more well-rounded cybersecurity leaders.
SANS.edu Graduate Certificate in Cybersecurity Management
Prepare to design, deploy, and manage enterprise information security environments — and effectively lead cybersecurity teams.
- Designed for working InfoSec professionals
- 15-credit-hour program combining leadership and technical skills
- Includes 5 industry-recognized GIAC certifications