Lance Spitzner

Lance Spitzner has over 25 years of security experience in cyber threat research, security architecture, and security culture and training. He played a pivotal role in pioneering the fields of deception and cyber intelligence by creating honeynets and founding the Honeynet Project. Lance has authored three security books, provided consultation services in 20+ countries, and has helped over 350 organizations build security behavior and culture programs to manage their human risk. Lance is both author and instructor for the SANS LDR433: Managing Human Risk and LDR521: Security Culture for Leaders courses. Lance is a frequent speaker and is active in numerous community projects. Prior to his career in information security, Mr. Spitzner served as an armor officer in the Army's Raid Deployment Force and holds an MBA from the University of Illinois.

More About Lance


Before information security, Lance served as an armor officer in the Army's Rapid Deployment Force and subsequently earned his MBA from the University of Illinois. While getting his MBA he interned for a Unix consulting company where he developed his passion for network and systems technology. He quickly became involved in security by becoming the go-to person for anything firewall related. Security was very similar to his military service, his mission was to defend environments from the bad guys. For over 20 years now, Lance has been passionate about cybersecurity. For the first ten years his work was highly technical, including working as a security architect for Sun Microsystems helping secure Sun’s largest customers around the world. His specialties included network architecture, penetration testing, forensics, cyber intelligence, honeynets and system hardening. However, for the past decade, he has focused on the human side as he feels that is where the biggest gains in cybersecurity can be made. Security is not merely a technical challenge, it is also a human challenge. Lance, who is an innate helper and people-person, has always been fascinated with how the world of security and people impact each other.

The biggest challenge Lance tends to see is technical people trying to apply a technical solution to the human side of security. Managing human risk means you need to take a human approach to security. To be successful one needs to apply concepts such as motivation, behavior modeling, culture, engagement, learning theory and communication - a completely new set of soft skills that most technical people lack. Lance’s extensive background on both sides of the coin – technical and human – puts him in a unique position to bridge this gap.

Lance has taught with SANS for over two decades. In his own words: “First is SANS absolute commitment to quality, to providing the best training possible. Students and their experiences are the absolute priority. Second is SANS’ commitment to community, to ensuring that we work together to help others. These two values are the very core of why I'm excited to wake up every morning and help make a difference.”

Lance believes the key to success in teaching is enabling students to learn as much as possible from others. Because of this, Lance’s classes are as interactive as possible. While he feels he has a tremendous amount of knowledge and experiences to share, so do his students. He works hard to create a trusted environment where everyone feels comfortable sharing and learning from each other. Ultimately for us to be successful as a whole, we have to be a community that works together.

One of the greatest highlights of Lance’s career - and what he gets the most excited about - are the annual Security Awareness Summits. This is when a community of hundreds of security professionals come together to learn, share, and improve as a community. Lance absolutely loves the idea of others working together for a common cause, and this is what the Security Awareness Summits are all about. In many ways the summits are helping establish the roadmap and framework of how human risk will be managed for years to come.

Lance is a frequent presenter, serial tweeter and blogger, and works on numerous community security projects. He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. When not in front of a computer, Lance enjoys anything that involves the outdoors and does NOT involve a command prompt, in particularly, woodworking, blacksmithing, hiking and beekeeping.

Listen to Lance teaching in his latest webcast "Leveraging Organizational Change to Build a Strong Security Culture".



Ransomware: Leadership Perspective, May 2021


Rekt Casino Hack Assessment Transformational Series – Pulling It All Together, Feb 2021

Rekt Casino Hack Assessment Transformational Series – Feeble Security Culture Disconnected from Business Objectives, Feb 2021

New Five Day Security Culture Course, Nov 2020

Leveraging the Security Awareness Planning Kit, July 2020

What Most Security Teams Don't Know But Should - Rethinking Human Risk Metrics, July 2020

Leveraging Organizational Change to Build a Strong Security Culture, June 2020

Making and Keeping Work at Home Operations Safe and Productive, May 2020

Security Leadership: Managing in Turbulent Times, presented by SANS Summits, May 2020

Driving Cybersecurity Change – Establishing a Culture of Protect, Detect and Respond Highlights, April 2020

Secure Video Conferencing - What to Train Your Workforce On, April 2020

Securing Your Kids Online, March 2020

Deployment Kit for Securing Your Workforce at Home, March 2020

Leading Change for CISOs, June 2019

For more webcasts prior to 2019, please refer to the SANS Webcast Archive.


Cybersecurity: The Human Perspective, SECURE 2019

Behind the Mask, RSAC 2019


Security Awareness Roadmap: Managing Your Human Risk poster

2021 Security Awareness Report (TM): Managing Human Risk

Security Your Remote Workforce: A Coronavirus Guide for Business

Honeypots: Tracking Hackers

Know Your Enemy

The 3 C's of Security Awareness


SSA Work-From-Home Deployment Kit