The SSAP is now LIVE! You can now register for the MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program course sign up for your SSAP credentialing exam. Don't miss out!

Register Today!

What is the SSAP?

Most organizations have invested tremendous resources into operational security technologies, but little, if anything, into securing their workforce. The human risk element has become an immense challenge for organizations in managing their cyber stability.  

Organizations now seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only that expertise, but also identifies you as a leading expert in this growing field. The SSAP credential signifies, documents, and certifies that the holder has met the requirements to elevate and measure the overall security behavior of the workforce and an expert in this growing field.

Thumbnail

Organizations and government realize that technology alone cannot effectively manage all risk. Senior leaders and key stakeholders are starting to turn to experts to help them manage their human risk.  The SSAP Credentialing course is the way to demonstrate that expertise, leveraging over 25 years of SANS experience in cyber security strategy and training.

Lance Spitzner , Course instructor of MGT 433: How to Build, Maintain, and Measure a Mature Awareness Program

Just getting started? Build and mature your awareness program with SANS EndUser Training. Our customizable mix of training content addresses relevant threats and teaches security concepts that are critical to your workplace. 

SANS EndUser Training Suite

Who is the SANS Security Awareness Professional for?

Over the span of nearly a decade, the SANS MGT 433 course has seen over 1,500 students, including many repeat participants looking to capitalize on the SANS commitment to continually enhance course content, community, and overall corporate mission.  

The SSAP credential is intended for security awareness specialists seeking a deeper expertise in their field, using their skills and background to make a lasting impact related to adversarial risk. These individuals might include:

  • CISOs
  • Security Awareness Officers
  • Training Officers
  • Governance and Compliance
  • InfoSec Professionals
  • Incident Communications
  • Security Managers
  • Training Subject Matter Experts
  • Corporate Communications

The SSAP is the most effective, comprehensive way to accelerate your career and advancement opportunities in the field of managing human risk. Sign up to be one of the first security awareness specialists to receive your credential.

Get your Badge

Areas Covered in the MGT 433 SSAP

Anyone involved in understanding, managing, measuring, or communicating human risk should consider acquiring the SSAP. At the completion of  taking  the course MGT 433 and obtaining your SSAP, you will come away with valuable and actionable skills including:

  • How to gain and maintain leadership advocacy for your program.
  • How to identify target groups and deploy role-based training.
  • How to effectively engage and communicate to your workforce, including addressing specific role challenges, generational sensitivities, and nationalities or languages.
  • The ability to sustain your security awareness program, including implementing advanced programs, such as gamification or ambassador programs.
  • A full concept of the five stages of the Security Awareness Maturity Model and how to use it as the benchmark for your awareness program.
  • How to measure the impact of your awareness program, track reduction in human risk, and communicate the program's value to leadership.
  • Key models for learning theory, behavioral change, and cultural analysis.

Can't get get to a MGT 433 course in person? Want to learn at your own pace? MGT 433 can be taken anytime, anywhere. Consider taking the course through our engaging, 24/7 e-learning platform, SANS OnDemand.

Get MGT 433 OnDemand

This training will assist me and my team with putting a much better security awareness program in place. The maturity model is a great resource."
 

James Pomeroy , Seim Johnson, LLP

Soup to nuts, this class covers the entire designing, building, deploying and measuring of an effective security awareness program." 

Chris Sorensen , GE Capital

The 'Who' and 'What' of training and awareness is just what I needed to take back home."

David Nix , Department of Energy

How to Acquire Your SSAP

2

Hours to complete the exam

1

Proctored exam at a Pearson VUE location (a practice exam included)

50

Questions

$ 599

To take the exam

MGT 433 Course Details

The MGT 433 course spans over an intense two-days. It teaches key concepts and skills needed to effectively secure the human element by establishing a mature security awareness program. This course will help you develop a program that goes beyond just compliance, by changing peoples' behaviors and create a secure culture.

Thumbnail

Course content in MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program is based on lessons learned from hundreds of security awareness programs from around the world. You will learn not only from your instructor, but also from extensive interaction with your peers. You will develop your own custom security awareness plan that you can implement as soon as you return to your organization through a series of hands-on labs and exercises.

Day one of the MGT 433 Course will address:

MGT 433 Lance
  • The five stages of the Security Awareness Maturity Model
  • The three variables of risk and their role in awareness
  • Why humans are so vulnerable and the latest methods cyber attackers use to exploit these vulnerabilities
  • The learning continuum: awareness, training, and education
  • Steps to gaining and maintaining leadership support
  • How to develop and leverage an effective Advisory Board
  • B.J. Fogg Behavior Model and how it applies to your overall strategy of changing workforce behavior
  • Developing a strategic plan based on three key questions: Who, What, and How
  • Who: Identifying the different targets of your awareness program. Whose behaviors do you want to change? NOTE: This section includes an interactive group lab where you identify and analyze key target groups in your organization
  • What: Identifying and prioritizing the top human risks to your organization and the behaviors that will most effectively manage those risks. NOTE: This section includes two interactive labs, one conducting a qualitative risk analysis for your organization and a second lab on behavioral management by defining key learning objectives

In the second day of this course, participants will work collectively to understand:

large audience attending SANS Security Awareness MGT433 course
  • How: How will you communicate your program and train your workforce. This includes defining why cybersecurity is important to your organization, different training modalities and the most successful strategies to engage people.
  • The effective use of imagery, to include imagery within diverse or international environments
  • Top tips for effective translation / localization
  • The two different communication methods: primary and reinforcement, and the advantages / disadvantages of each
  • How to effectively develop and provide instructor-led training (ILT)
  • How to effectively develop and deploy online / computer based training (CBT)
  • Different reinforcement methods, including newsletters, fact sheets, posters, internal social media, hosted speaker events, hacking demos, escape rooms, lunch-n-learns and numerous other training activities. NOTE: This section includes an interactive lab combining a cultural analysis, communication methods, and different training modalities
  • Long term sustainment for effective culture impact, to include gamification and ambassador programs
  • Design, deploy, and leverage metrics to measure the impact of your awareness program, including how to effectively establish a global phishing program and measure culture. Note: This section includes an interactive lab in identifying and defining the top security awareness metrics specific to your program.
  • Walking through the final planning and execution steps, to include documenting a comprehensive project plan

Earn your Badge

Upon completion of the MGT 433 course and passing SSAP exam, individuals will receive a specialized digital badge, which includes information on when your SSAP was obtained and the particular skills acquired. This badge can be prominently displayed on professional networking pages, portfolios, signatures and on résumés to indicate this professional career enhancement. 

Thumbnail

This credential expires after 4 years. In order to renew the SSAP Credential, students must retake the exam.  

Why SANS Security Awareness?

Drawing on over 25 years of experience in cyber security strategy and training, we leverage our fleet of the world’s best cyber threat experts and learning behavior professionals, making SANS the best choice for security awareness training. We'll help you create a best-in-class cyber security awareness training program, get leadership support for your program, connect with the community, and change user behavior.

Why SANS?
Get a Demo
Thumbnail

The SSAP is perfect for those looking to get into or develop, expand and perfect their expertise in the growing field of security awareness and managing human risk."

Lance Spitzner , Course Instructor of MGT 433: How to Build, Maintain, and Measure a Mature Awareness Program

Signing up for your MGT433 course? Add on the SSAP credential exam to deepen your expertise in this growing field. Register now!

Sign up for the SSAP

Benefits for Your Employer

By acquiring the SSAP, you gain valuable skills that help you grow your career. But what are the benefits to your employer? 

This credential will demonstrate to your organization: 

  1. You possess all the necessary knowledge and skill to build any size security awareness program. This includes launching new or compliance-based programs up to advanced, mature awareness programs covering all relevant threats and risks.
  2. That you have a baseline of “awareness program excellence.” SANS courseware and certifications is known throughout the cybersecurity industry as being the most-trusted and leading source of security training. Employers who provide this credential to employees can rely on the training they receive – it’s constantly updated, and covers practical, useful information that those building awareness programs can implement immediately.
Thumbnail