SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThe new NIS2 directive that went into force on January 2023 is going to impact a wide array of organisations as national governments strive to create national legislation by October 17th of 2024. SANS and our instructors have created this hub to serve as a source of information on all you need to know about this new directive as well as resources, infographics, checklists you can use to help prepare yourself and your organisation for this new NIS2 directive.
Catch-up on this Q&A webcast session with SANS’ Brian Correia and ENISA’s Senior Cyber Policy Expert, Jurgita Skritaitė which took place on 13th May 2025. In this session we covered:
SANS recently conducted a survey on global organisations' awareness and preparedness for implementing measures as a result of the new EU regulation NIS2. Our newly released white paper not only highlights findings on organizational readiness and awareness, but also offers insights into modern threat capabilities and provides actionable recommendations for effective compliance strategies and training requirements. We also hosted a webinar on October 28th during which co-author Bojan Zdrnja took viewers through the report findings and SANS recommendations.
The NIS Directive, adopted in 2016, was the first EU-wide legislation on cybersecurity. Its main goal was to establish a common level of security for network and information systems across the European Union. The NIS2 Directive is an updated and more comprehensive version of the NIS Directive, aiming to address the shortcomings of the original legislation and to adapt to the evolving digital landscape. We’ve listed the most important differences between these two directives in a useful infographic.
Industries & Entities considered essential | Industries & Entities considered important |
---|---|
Energy | Digital providers |
Transport | Postal and courier services |
Banking | Waste management |
Financial market infrastructure | Food |
Healthcare | Chemicals |
Drinking water | Research |
Digital infrastructure | Manufacturing |
Managers of ICT services | |
Wastewater | |
Government services | |
Aerospace |
Essential entities:
Important entities:
An organisation is large based on the following criteria:
An organisation is medium-sized based on the following criteria:
The European Cybersecurity Skills Framework (ECSF) is a practical tool to support the identification and articulation of tasks, competencies, skills and knowledge associated with the roles of European cybersecurity professionals. To enable you to see which skills are required for these roles and what courses and exercises might help you obtain these skills, we have created an easy-to-use mapping tool for you to discover your potential next training opportunity.
Join ENISA, the European Union’s Agency for Cybersecurity, to learn how to prepare for NIS2 incident reporting and security measure requirements, what it means for organizations doing business in the EU, and the skills needed for compliance across critical sectors.
Part A - General introduction to the NIS2
• Main pillars of the NIS2 Directive
• Requirements for companies in critical sectors
• NIS2 Incident reporting and security measures
Part B - Cybersecurity skills for the NIS2
• ENISA cybersecurity skills framework
• Mapping skills to the NIS2
Marnix Dekker, Head of Sector NIS answers your questions to make sure you are as best prepared as possible to comply with the new requirements by October 17th, 2024.
These new regulations reinforce a crucial tenet that we at the SANS Institute have long embraced: effective cybersecurity starts with skilled people first.
SANS offers a variety of solutions that will help you prepare and comply with this new directive. Ranging from skill and risk assessments to cross-company security awareness training or individual role-based training and certification, we have a solution for your challenges.
SANS Training and GIAC Certifications helps organisations develop and validate the required capabilities needed to comply to NIS2
Gauge your organisation’s understanding of how to prevent cyber security attacks and provide better evidence of the effectiveness of your security awareness program.
Culturally relevant, effective, and easy to implement, SANS’ EndUser Training solutions help build a truly mature security awareness program and security posture.
Each role requires a very specific skill-set. SANS offers industry-leading training for each role within your cybersecurity team.
Presented in an immersive, interactive environment, stakeholders must enact each step in their crisis management plan in response to a simulated cyberattack. Program participants practice and prepare for a real-life cyber event.
In collaboration with our expert Faculty members, SANS is able to set-up in-depth exercises tailored to your industry and/or situation to help you prepare for NIS2 whether you operate within critical infrastructure, government, or other sectors.
In this case study, explore how ISS, a global facility services provider, collaborates with SANS to enhance its cybersecurity capabilities across 28 countries. The video delves into the challenges of unifying diverse IT and security departments and highlights the critical role of ongoing training to adapt to rapid technological and criminal developments. Through firsthand accounts, learn about the implementation of the SANS maturity model, the strategic benefits of SANS training programs, and how ISS is leveraging this partnership to boost corporate resilience and attract top talent in cybersecurity. Discover the pivotal role of human factors in cybersecurity and how ISS is strengthening its defenses not just technologically, but also through skilled and certified personnel.
NIS2 is just one of many recent regulations that will have global repercussions. The recent US SEC ruling on Incident Reporting and Management oversight and the DOD 8140.3 ruling, all have implications for organisations and government instances on a global level.