World-Class, Expert-Led Cybersecurity Training. Purpose-Built for the AI Era.

SANS Surge 2026: Featured Keynote - Securing Your AI Transformation

AI is the most transformational technology of our generation. It is where conflict will occur. And it's our job to secure it. Come to this session and learn the trends, techniques, and tools to do just that.

Inside the New SEC573: AI-Powered Python for Security Automation

SEC573 has been updated for the AI era. Join Mark Baggett for a first look at how Python, LLMs, and MCP are transforming security automation, making tool building faster, more accessible, and far more powerful for defenders and offensive operators alike.

Detection Engineering That Scales: Practical Strategies for Resilient, Maintainable Security Operations

Join SANS Senior Instructor Erik Van Buggenhout, Splunk’s Director of Product Management Tim Nary, and NVISO Detection Engineering SME Stamatis Chatzimangou as they explore effective detection engineering.

Vibe Hacking: AI-Driven C2 Operations with MCP

Command and Control doesn’t have to be command-heavy. This hands-on workshop shows how to use AI and the Model Context Protocol (MCP) to interact with Empire C2 through natural language, streamlining red team operations and reducing friction during engagements.

SANS 2026 SOC, SIEM, SOAR Forum

Security teams are under increasing pressure to detect, respond, and adapt at the speed of today’s evolving threats. The SANS 2026 SOC, SIEM, SOAR Forum brings together practitioners, architects, and leaders to share real-world experiences, lessons learned, and proven practices for advancing Security Operations.

Trust Your Vendors, Do You?

Organizations rely on third-party vendors to operate and scale, but blind reliance introduces risk. Learn why vendor risk matters, lessons from real breaches, and how to build a modern, continuous TPRM program aligned to NIS2, DORA, and GDPR.

Infosec Rock Star: 5 Critical Skills for Infosec Professionals

Technical Skills are Essential, But Geek will only get you so far

What Are We Growing? Trust, Identity, and Education in the Age of Generative AI

Generative AI has changed the ground on which our organisations operate. Convincing messages appear instantly. Identity can be convincingly faked. Information is abundant, but wisdom seems in short supply.

Not Ready for a Pen Test? Attackers Don't Care

Organizations often delay penetration testing because they feel unprepared, fear the results, or believe compliance and tooling alone equal security. This talk challenges those assumptions head-on.

Agile Incident Response: How Leading Teams Execute Fast

The first minutes of an incident determine containment or crisis. Join this SANS virtual roundtable to learn how leading teams align across SOC, cloud, OT, and leadership to execute faster under pressure.

Securing Branch and OT Environments with Agentless Segmentation

In this SANS First Look webcast, we explore how Zscaler’s Zero Trust Branch (ZTB) introduces a new, streamlined approach to securing branch and OT environments.

2026 SANS State of Identity Threats & Defenses Survey Insights Event: How Identity Became the New Security Perimeter—And What’s Next

Overview Identity has become the new battleground. From SaaS to cloud to legacy Active Directory, it is now the central control point—and attackers know it.

Help Me Red Team Operators. You're My Only Hope.

SEC665: Advanced Red Team Operations is here. Attend this workshop for a deep dive into the brand-new course - exploring its syllabus, advanced tooling, security product internals, and kernel driver reversing, all culminating in a live lab demo built for seasoned operators.

Leadership Summit Solutions Track 2026

As organizations face increasing uncertainty, evolving threats, and shifting regulations, cybersecurity leaders are being challenged to lead with both vision and adaptability. This Solutions Track session focuses on translating those leadership challenges into actionable strategies—providing frameworks, proven approaches, and decision-making tools for professionals at every level who are responsible for driving security initiatives and organizational resilience.

Don't Trust AI – Verify It: A Practical Discussion About AI in the SOC

Buzz about AI agents is everywhere in security. But in the SOC, trust remains the biggest barrier to adoption. Trust that AI actually brings value instead of mere vendor hype. Trust that AI SOC tools aren’t being used to replace analysts.

AI-Human Collaboration in Modern SOCs

In this SANS webcast, Mathias Fuchs examines whether human-only security operations can realistically keep up in an era of AI-enabled attacks, shrinking budgets, and a widening cybersecurity workforce gap.

Getting Started with Prompt Injection

Discover how attackers exploit prompt injection to bypass AI safeguards and learn the defensive strategies needed to secure modern AI systems.

Using MITRE ATT&CK as an Operational Framework: Prioritizing, Testing, and Sustaining Defense

Join SANS Instructor Chris Crowley and Tidal Cyber Co-Founder and Chief Innovation Officer Frank Duff to explore how to move beyond theory and operationalize MITRE ATT&CK across your environment.

Where AI Actually Helps in DFIR and Where It Still Lies to You

This session aims to examine where AI is genuinely adding value in DFIR today, including triage assistance, query generation, and analyst acceleration in platforms such as the AI-enabled SANS SIFT Workstation.

AI-Assisted Threat Intelligence for Adversary Emulation

Threat intelligence is critical to effective adversary emulation. In this hands-on workshop, you'll learn how to analyze real-world threat reports, map adversary techniques to MITRE ATT&CK, and use AI-assisted workflows to accelerate TTP extraction and red team planning.