Free GIAC Certification attempt with associated Live Online course purchase. Offer ends tomorrow!

SEC599 vs. SEC699 FAQ

SANS currently offers two purple team courses that enable red and blue teams to collaborate and work together more effectively -- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses, and SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection.

Although the emphasis of both courses is on purple teaming, adversary emulation, and detection, there are several important differences security professionals should be aware of when evaluating which course is right for them. The purpose of this brief FAQ is to answer questions and guide you through the process of understanding the focus, differences, and similarities of the two courses.



What is the focus of SEC599?

What is the focus of SEC699?

How are the courses similar?

Both courses equally leverage the red and blue team tactics to build and understand the common adversary language and improve the state of security in the organization.

Both courses cover a variety of purple teaming tools and techniques. For example:

How are the courses different?

Although both courses emphasize purple teaming, they cover it from completely different perspectives, with varying course goals and objectives. The goal of SEC599 is to introduce students to security controls aimed at stopping, detecting, and responding to adversaries. The goal of SEC699, on the other hand, is to educate students on how adversarial techniques can be emulated and detected.

While there are no prerequisite courses for SEC599 or SEC699, students may want to ensure they have the underlying knowledge that will better ensure success in SEC599 and SEC699

Red Team Skills

Blue Team Skills

I've taken SEC599, should I take SEC699?

SEC699 was designed as the perfect follow-up/progression for people who have already taken SEC599 and are looking to go more in-depth with the tools used in professional adversary emulation for breach prevention and detection. SEC699 does not recycle SEC599 material; it is a different course with an entirely different set of slides and exercises.


Where can I get more information about each course?


I am looking for purple team resources...

Visit our purple team page for a selection of valuable resources, including information about related GIAC certifications, informative webcasts on a variety of purple team topics, and educational blogs.