Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Offensive Security Tester

Return To SAP HomepageJoin The SANS Community
SAP

Role Description 

Pentesters play a crucial role as a proactive defense mechanism, using offensive security techniques to identify vulnerabilities before adversaries can exploit them. Their work helps organizations safeguard critical business information, maintain operational continuity, and build trust with customers and stakeholders by simulating real-world attacks.

BLUF 

Pentesters must build a foundation in security and infrastructure knowledge (T1), progress through penetration testing methodologies and tools (T2–T3), and ultimately master advanced offensive operations and red team leadership (T4–T5). This roadmap ensures they develop from a baseline defender into a highly skilled offensive security expert.

Development Roadmap with TKS Alignment

T1 – Novice (Foundations)

Course: SEC275 / SEC401. Aligned TKSs: 101 Security Foundations, K0689 Network Infrastructure Principles & Practices, K1016 OWASP Top Ten Vulnerabilities (introductory)

  • Slide 1 of 2

    SEC275: Foundations: Computers, Technology, & Security

    Beginner
    SEC275Cyber Defense
    SEC406: Linux Security for InfoSec Professionals
    • GIAC Foundational Cybersecurity Technologies (GFACT)
    • 38 CPEs / 38 Hours (Self-Paced)
    • Labs: 90 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 2

    SEC401: Security Essentials - Network, Endpoint, and Cloud

    Essentials
    SEC401Cyber Defense
    SEC401: Security Essentials - Network, Endpoint, and Cloud
    • GIAC Security Essentials (GSEC)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister

T2 – Practitioner (Applied Knowledge)

Course: SEC504. Aligned TKSs: K0692 Ethical Hacking Methodologies, K0956 Penetration Testing Tools & Techniques (introductory), T1313 Test Network Infrastructure, T1424 Evaluate Network Infrastructure Vulnerabilities

SEC504: Hacker Tools, Techniques, and Incident Handling

MAJOR UPDATES
AI SKILLS
Essentials
SEC504Offensive Operations
SEC504: Hacker Tools, Techniques, and Incident Handling
  • GIAC Certified Incident Handler Certification (GCIH)
  • 6 Days (Instructor-Led)
  • 38 CPEs / 38 Hours (Self-Paced)
  • Labs: 44 Hands-On Labs

View course detailsRegister

T3 – Advanced (Specialized Knowledge)

Course: SEC560. Aligned TKSs: K0691 Pen Testing Frameworks (PTES), K0956 Penetration Testing Tools & Techniques (applied), S0576 Skill in Testing Network Infrastructure Contingency & Recovery Plans, T1359 Perform Penetration Testing

SEC560: Enterprise Penetration Testing

UPDATED
Intermediate
SEC560Offensive Operations
SEC560: Enterprise Penetration Testing
  • GIAC Penetration Tester (GPEN)
  • 6 Days (Instructor-Led)
  • 36 CPEs / 36 Hours (Self-Paced)
  • Labs: 30 Hands-On Labs

View course detailsRegister

T4 – Expert (Enterprise Integration)

Course(s): SEC542, SEC588. Aligned TKSs: K1016 OWASP Top Ten Vulnerabilities (advanced exploitation), K0834 Security Operations Tactics & Techniques, K0839 Critical Infrastructure Systems & Software, S0591 Skill in Performing Social Engineering, T1214 Install Network Infrastructure Device Operating System Software

  • Slide 1 of 2

    SEC542: Web App Penetration Testing and Ethical Hacking

    MAJOR UPDATES
    Intermediate
    SEC542Offensive Operations
    SEC542: Web App Penetration Testing and Ethical Hacking
    • GIAC Web Application Penetration Tester (GWAPT)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 35 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 2

    SEC588: Cloud Penetration Testing

    MAJOR UPDATES
    Intermediate
    SEC588Offensive Operations
    SEC588: Cloud Penetration Testing
    • GIAC Cloud Penetration Tester (GCPN)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 24 Hands-On Labs

    View course detailsRegister

T5 – Expert / Mentor (Strategic Offensive Security Leadership)

Course: SEC660. Aligned TKSs: K1033 Scripting Principles & Practices (Python, Bash), S0634 Identifying Test & Evaluation Strategies (TES) Infrastructure Requirements, S0657 Skill in Implementing PKI Encryption, T1359 Penetration Testing (mentor-level refinement), T1424 Evaluating Infrastructure Vulnerabilities (executive oversight)

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

Advanced
SEC660Offensive Operations
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • 6 Days (Instructor-Led)
  • 46 CPEs / 46 Hours (Self-Paced)
  • Labs: 30 Hands-On Labs

View course detailsRegister