New SANS Courses
New Courses in Development 2021
Blue Team Operations
SEC513: Modern Linux Security for the Enterprise and Cloud
The concept for this class is to expand from securing a limited number of Linux-based systems, often done manually one system at a time, to securing hundreds or thousands of Linux-based systems and containers, commonly found in today’s enterprise and cloud-based environments.
SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
This class is for those that already have a firm foundation in the world of OSINT and are looking to go deeper into many of its technical collection areas.
SEC388: Introduction to Cloud Computing and Security
This course is designed for anyone who needs to fill a skills gap when it comes to Cloud, and either a decision-making or hands-on role, in an organization planning to move to or already operate in the cloud.
Digital Forensics & Incident Response
FOR528: Ransomware for Incident Responders
FOR528 teaches students how to deal with the specifics of ransomware in order to prepare for, detect, hunt, response to, and deal with the aftermath of ransomware. The class includes multiple hunting methods, a hands-on approach to learning using real-world data, and a full-day CTF-style capstone to help students solidify their learning.
FOR532: Enterprise Memory Forensics In-Depth
This course focuses on memory forensics from acquisition to detailed analysis, from analyzing one machine to many machines all at once. It'll cover Windows, Mac and Linux memory forensics as well as cloud memory acquisition.
FOR548: eDiscovery - Tactics for Conquering the Data Minefield
FOR548 teaches students the controls put in place to govern the
eDiscovery process, where and how the data is stored and how best to
satisfy the collection requirements imposed upon them and their
FOR608: Enterprise-Class Incident Response & Threat Hunting
This course focuses on building critical and in-depth knowledge of collecting, analyzing, and correlating host- and network-based forensic artifacts from enterprise-scale networks.
FOR710: Reverse-Engineering Malware: Advanced Code Analysis
This course continues where FOR610 leaves off, helping students who have already attained intermediate-level malware analysis capabilities take their reversing skills to the next level.
Industrial Control Systems
ICS418: ICS Security Essentials for Managers
The ICS418 course fills the identified gap amongst leaders working across critical infrastructure and operational technology environments. It equips ICS managers with the experience and tools to address the business, and industry pressures to manage cyber threats and defenses to prioritize the business, and the safety and reliability of industrial control systems operations. ICS leaders will leave the course with a firm understanding of the drivers and constraints that exist in cyber-physical environments and will obtain a nuanced understanding of how to manage the people, processes, and technologies throughout their organizations. ICS418 empowers new and established ICS Security Managers.
SEC446: Hardware Assisted Hacking
Tightly packed with tips, techniques, and hands-on procedures, this course teaches the foundations of both hardware theory and hardware practice, as well as how they relate to hardware and software security.
SEC556: IoT Penetration Testing
This course will immerse students into the interfaces commonly observed in IoT devices and provide a process and testing framework (IoTA) to evaluate these devices within many layers of the OSI model.
SEC565: Red Team Operations
This course prepares operators to emulate adversaries and threats in a professional manner to test a target organization's people, process, and technology from a holistic perspective.
SEC598: Purple Team Tactics - Security Automation for Offense and Defense
Learn how to break down an organization's security issues and define solutions to locally automate secure configurations, set a desired state configuration, deploy infrastructure as code in different environments, and detect and respond to security incidents in an automated manner.
SEC661: ARM Exploit Development
This course prepares students to interact with and write exploits against software running in ARM environments, the most widely used architecture in IoT.
SEC670: Red Team Ops - Windows Tool Development
Learn the essential building blocks for developing custom offensive tools through required programming, APIs used, and mitigations for techniques.
MGT416: Vendor Risk Management & Data Privacy
This course will provide an overview of the key elements that are required to properly implement and deliver a successful Vendor Risk and Data Privacy program.