The SANS Security Awareness Professional (SSAP)

Organizations seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only this expertise, but also signifies, documents and certifies that the holder has met the requirements to elevate the overall security behavior of the workforce.

Who is the SSAP for?

The SSAP is the most effective, comprehensive way for security awareness specialists to accelerate their careers in the field of managing human risk while making a lasting impact on the security of their organization. These individuals include:

CISOs and Security Leaders • Security Awareness Officers • Training Officers • Governance and Compliance • InfoSec Professionals • Incident Communications Security Managers • Training Subject Matter Experts • Corporate Communications • Culture and Organizational Change Specialists

Areas covered in the SSAP

The first step to achieving your SSAP is taking the three-day SANS LDR433 course on building mature awareness programs. In this course, you’ll learn how to:

  • Gain and maintain leadership advocacy for your security awareness program. Identify and document target groups and deploy relevant training.
  • Effectively engage and communicate across the organization, addressing culture, role and generational challenges, nationalities and languages.
  • Sustain your security awareness program, including implementing advanced programs, such as ambassador programs.
  • Understand and use the five stages of the Security Awareness Maturity Model as a benchmark for your awareness program success.
  • Measure the impact of your awareness program, track reduction in human risk and communicate the program's value to leadership.
  • Apply key models for learning theory, behavioral change and cultural analysis.

Prepping for your exam

Before attempting your SANS Security Awareness Professional (SSAP) exam you will want to properly plan and prepare before your scheduled date.

How should I prepare for the SSAP exam?

By taking the three-day SANS LDR433 course.

What are the SSAP exam prerequisites?

There are no prerequisites to SSAP credential exam registration.

Register Now

Is there a practice exam?

When registered for LDR433 and the SSAP, you will receive access to one practice test to help prepare for the credential exam. LDR433 is a three-day course and there is no option to purchase a second practice test. No practice exams are included with the purchase of SSAP credential exam attempts without training.

When do I get answers to my practice test?

During the practice tests, each time you choose a wrong answer, you will receive the correct answer and an explanation that will help to reinforce the subject matter presented in the question. The practice tests also include a counter that shows the current number of questions that you answered either correctly or incorrectly and how many questions are left in the test.

Should I bundle my course and exam?

We highly recommend you bundle the exam when you register for the LDR433 course, the bundled rate is $679.

Where will I take my exam?

The exam process is the same as you would do for any GIAC exam. You must take an exam at a proctored Pearson VUE testing center or proctored virtually online. You have four months to take the exam after purchase.

Taking your exam

Once you have completed the LDR433 course, taken your practice exam and feel ready to take the exam, know what to expect.

How long is the SSAP exam?

The SSAP exam consists of 50 questions with a 2-hour time limit and a passing score of 78%. SSAP credential exam content is supported by the SANS LDR433 course material and requires you to apply your understanding of the material to analyze the concepts being tested on.

Is the SSAP exam open book?

GIAC's Open Book Policy applies to the SSAP exam. We suggest creating an index of key course material, which you may print and bring into the exam with you

How long do I have to take the SSAP exam?

SSAP credential attempts are valid for 4 months (120 days) from the date of activation in your account. If you need additional time to complete your SSAP attempt, 45-day extensions are available for $329.

After your exam

After completing and passing your SSAP exam, you will receive your SSAP Digital Badge. You may also elect to take it again.

How will I receive my Digital Badge?

Upon earning the SSAP credential, you will receive an invitation to claim a Digital Badge, which is your only representation of your achievement. There are no printed certificates.

How long is my SSAP credential valid?

Your SSAP credential is valid for four years. After that you will need to renew it to keep it current.

Can I re-take my exam?

If you fail your SSAP attempt, you will have the option to purchase a retake.

More Questions?

Contact with any questions on earning the SSAP credential.

SSAP Certification

Earn Your Badge

Upon completing the LDR433 course and passing the SSAP exam, you will receive a specialized digital badge, which includes information on when your SSAP was obtained and the particular skills acquired. This badge can be prominently displayed on professional networking pages, portfolios, signatures and on resumes to indicate this professional career enhancement.

This credential expires after four years, which you will then need to renew.

Renewing your Credential

Can I Renew the SSAP?

Absolutely. To maintain your SSAP you will need to renew it every four years.

How do I Renew the SSAP?

Renewing is a two-step process. The requirements are:

  1. Register for and attend any SANS summit after earning your SSAP and prior to it expiring.
  2. Click Renew your SSAP Credential under the My Links heading from your SANS Portal account.
  3. Pay the required renewal fee ($349) in the two-year window before your credential expires.

Where Do I Sign-up?

Once you register for and attend any SANS Summit and are within 2 years of your Credential’s expiration date, your SANS portal account will automatically be updated with a link to complete your renewal registration. Make sure you use the same email address to register for the SANS Summit as you did for the SSAP exam.

What is a SANS Summit?

SANS hosts over 13 security summits every year on numerous security topics such as Cyber Threat Intelligence, Incident Response, Cloud, Blue Teaming, Critical Infrastructure, Security Leadership and of course the annual Security Awareness summit. Each event is one to two days and brings expert practitioners from around the world to share their lessons learned. Almost any of these events you can attend for free virtually.

Why Would I Want to Attend a SANS Security Summit?

Security Awareness is no longer just about engagement, it is also about aligning with your leadership’s security priorities and enabling your organization to better manage human risk. To do this effectively, security awareness professionals need to grow their understanding of security fundamentals to include what Cyber Threat Intelligence is and how to leverage it, how to partner with your Security Operations Center, the role you play in responding to a breach, or how to better communicate to and support senior leadership and your security team. By developing new security skills not only will be you a far more effective security leader but you will grow your reputation, career opportunities and compensation.

Where Can I Find my Renewal Date?

The expiration date is displayed on your SSAP Digital Badge record.  Log into your Credly dashboard to view your digital badge.

What If I Already Attended a SANS Summit Since I Took the Exam?

If you have attended a SANS summit since earning your SSAP Credential then you are already halfway there.  Once you are within 2 years of your Credential’s expiration date, your SANS portal account will automatically be updated with a link to complete your renewal registration.

My SSAP Credential Has Expired, What Should I Do?

Please reach out to to review the options available.


For any questions about the renewal process reach out to


How the SSAP benefits your employer

By acquiring the SSAP, you gain valuable skills that help you grow your career. But what are the benefits to your employer?

This credential will demonstrate to your organization:

  1. You possess all the necessary knowledge and skill to build any size security awareness program — from new or compliance-based programs to advanced, mature awareness programs covering all relevant threats and risks.
  2. You have a baseline of “awareness program excellence.” SANS courseware and certifications are considered as the most-trusted and leading source of security training throughout the cybersecurity industry. It’s constantly updated, covers practical, useful information that can be implemented immediately and ensuresorganizations can rely on the training employees receive.

Why SANS Security Awareness

Drawing on over 25 years of experience in cybersecurity strategy and training, we leverage our fleet of the world’s best cyberthreat experts and learning behavior professionals, making SANS Security Awareness the best choice for security training. We'll help you create a best-in-class cyber-security awareness training program, gain leadership support for your program, connect with the community and, most importantly, change human behavior.