The SANS Security Awareness Professional (SSAP)

Organizations seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only this expertise, but also signifies, documents and certifies that the holder has met the requirements to elevate the overall security behavior of the workforce.

Who is the SSAP for?

The SSAP is the most effective, comprehensive way for security awareness specialists to accelerate their careers in the field of managing human risk while making a lasting impact on the security of their organization. These individuals include:

CISOs and Security Leaders • Security Awareness Officers • Training Officers • Governance and Compliance • InfoSec Professionals • Incident Communications Security Managers • Training Subject Matter Experts • Corporate Communications • Culture and Organizational Change Specialists

Areas covered in the SSAP

The first step to achieving your SSAP is taking the two-day SANS MGT433 course on building mature awareness programs. In this course, you’ll learn how to:

  • Gain and maintain leadership advocacy for your security awareness program. Identify and document target groups and deploy relevant training.
  • Effectively engage and communicate across the organization, addressing culture, role and generational challenges, nationalities and languages.
  • Sustain your security awareness program, including implementing advanced programs, such as ambassador programs.
  • Understand and use the five stages of the Security Awareness Maturity Model as a benchmark for your awareness program success.
  • Measure the impact of your awareness program, track reduction in human risk and communicate the program's value to leadership.
  • Apply key models for learning theory, behavioral change and cultural analysis.

Prepping for your exam

Before attempting your SANS Security Awareness Professional (SSAP) exam you will want to properly plan and prepare before your scheduled date.

What are the SSAP exam prerequisites?

Taking the two-day SANS MGT433 course is a prerequisite for the SSAP credential exam. You must take MGT433 to be eligible for the SSAP.
Is there a practice exam?

You will receive access to one practice test to help prepare for the credential exam. Due to the fact that MGT433 is a two-day course, there is no option to purchase a second practice test.

When do I get answers to my practice test?

During the practice tests, each time you choose a wrong answer, you will receive the correct answer and an explanation that will help to reinforce the subject matter presented in the question. The practice tests also include a counter that shows the current number of questions that you answered either correctly or incorrectly and how many questions are left in the test.

Should I bundle my course and exam?

We highly recommend you bundle the exam when you register for the MGT433 course. The bundled rate is $629. The price will increase to $1,219 if you register for the exam at a later time.

Where will I take my exam?The exam process is the same as you would for any GIAC exam. You must take an exam at a proctored Pearson VUE testing center or proctored virtually online. You have four months to take the exam after purchase.

Taking your exam

Once you have completed the MGT433 course, taken your practice exam and feel ready to take the exam, know what to expect.
How long is the SSAP exam?

The SSAP exam consists of 50 questions with a 2-hour time limit and a passing score of 78%. SSAP credential exam content is supported by the SANS MGT433 course material and requires you to apply your understanding of the material to analyze the concepts being tested on.

Is the SSAP exam open book?GIAC’s Open Book Policy applies to the SSAP exam. We suggest creating an index of key course material, which you may print and bring into the exam with you.
How long do I have to take the SSAP exam?

SSAP credential attempts are valid for 4 months (120 days) from the date of activation in your account. If you need additional time to complete your SSAP attempt, 45-day extensions are available for $419.

After your exam

After completing and passing your SSAP exam, you will receive your SSAP Digital Badge. You may also elect to take it again.
How will I receive my Digital Badge?Upon earning the SSAP credential, you will receive an invitation to claim a Digital Badge, which is your only representation of your achievement. There are no printed certificates.
How long is my SSAP credential valid?

Your SSAP credential is valid for 4 years. In order to maintain your credential, you will need to pay a renewal fee and retake the current version of the credential exam.

Can I re-take my exam?

If you fail your SSAP attempt, you will have the option to purchase a retake for $629.

More Questions?Contact info@sans.org with any question on earning the SSAP credential.

How the SSAP benefits your employer

By acquiring the SSAP, you gain valuable skills that help you grow your career. But what are the benefits to your employer?

This credential will demonstrate to your organization:

  1. You possess all the necessary knowledge and skill to build any size security awareness program — from new or compliance-based programs to advanced, mature awareness programs covering all relevant threats and risks.
  2. You have a baseline of “awareness program excellence.” SANS courseware and certifications are considered as the most-trusted and leading source of security training throughout the cybersecurity industry. It’s constantly updated, covers practical, useful information that can be implemented immediately and ensuresorganizations can rely on the training employees receive.

Earn Your Badge

Upon completing the MGT 433 course and passing the SSAP exam, you will receive a specialized digital badge, which includes information on when your SSAP was obtained and the particular skills acquired. This badge can be prominently displayed on professional networking pages, portfolios, signatures and on resumes to indicate this professional career enhancement. This credential expires after four years. In order to renew the SSAP Credential, students must retake the exam.

Why SANS Security Awareness

Drawing on over 25 years of experience in cybersecurity strategy and training, we leverage our fleet of the world’s best cyberthreat experts and learning behavior professionals, making SANS Security Awareness the best choice for security training. We'll help you create a best-in-class cyber-security awareness training program, gain leadership support for your program, connect with the community and, most importantly, change human behavior.