What is the SSAP?

Organizations seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only this expertise, but also signifies, documents and certifies that the holder has met the requirements to elevate the overall security behavior of the workforce.


Who is the SANS SSAP for?

The SSAP is the most effective, comprehensive way for security awareness specialists to accelerate their careers in the field of managing human risk while making a lasting impact on the security of their organization. These individuals include:

CISOs and Security Leaders  •  Security Awareness Officers  •  Training Officers  •  Governance and Compliance  •  InfoSec Professionals  •  Incident Communications Security Managers  •  Training Subject Matter Experts  •  Corporate Communications  •  Culture and Organizational Change Specialists


Areas covered in the SSAP

The first step to achieving your SSAP is taking the two-day SANS MGT433 course on building mature awareness programs. In this course, you’ll learn how to: 

  • Gain and maintain leadership advocacy for your security awareness program. Identify and document target groups and deploy relevant training.
  • Effectively engage and communicate across the organization, addressing culture, role and generational challenges, nationalities and languages.
  • Sustain your security awareness program, including implementing advanced programs, such as ambassador programs.
  • Understand and use the five stages of the Security Awareness Maturity Model as a benchmark for your awareness program success.
  • Measure the impact of your awareness program, track reduction in human risk and communicate the program's value to leadership.
  • Apply key models for learning theory, behavioral change and cultural analysis.

Prepping for your exam

Before attempting your SANS Security Awareness Professional (SSAP) exam you will want to properly plan and prepare before your scheduled date. 


Taking the two-day SANS MGT433 course is a prerequisite for the SSAP credential exam. You must take MGT433 to be eligible for the SSAP. 

You will receive access to one practice test to help prepare for the credential exam. Due to the fact that MGT433 is a two-day course, there is no option to purchase a second practice test.

During the practice tests, each time you choose a wrong answer, you will receive the correct answer and an explanation that will help to reinforce the subject matter presented in the question. The practice tests also include a counter that shows the current number of questions that you answered either correctly or incorrectly and how many questions are left in the test.

We highly recommend you bundle the exam when you register for the MGT433 course. The bundled rate is $599. The price will increase to $1,149 if you register for the exam at a later time.

The exam must be scheduled and taken at a Pearson VUE testing center, the same as you would for any GIAC exam. You can find a Pearson VUE center near you using this search tool.

Taking your exam

Once you have completed the MGT433 course, taken your practice exam and feel ready to take the exam, know what to expect.


The SSAP exam consists of 50 questions with a 2-hour time limit and a passing score of 78%. SSAP credential exam content is supported by the SANS MGT433 course material and requires you to apply your understanding of the material to analyze the concepts being tested on.

GIAC’s Open Book Policy applies to the SSAP exam. We suggest creating an index of key course material, which you may print and bring into the exam with you.

SSAP credential attempts are valid for 4 months (120 days) from the date of activation in your account. If you need additional time to complete your SSAP attempt, 45-day extensions are available for $399.

After your exam

After completing and passing your SSAP exam, you will receive your SSAP Digital Badge. You may also elect to take it again.


Upon earning the SSAP credential, you will receive an invitation to claim a Digital Badge, which is your only representation of your achievement. There are no printed certificates.

Your SSAP credential is valid for 4 years. In order to maintain your credential, you will need to pay a renewal fee and retake the current version of the credential exam.

If you fail your SSAP attempt, you will have the option to purchase a retake for $599.

Contact info@sans.org with any question on earning the SSAP credential.

How the SSAP benefits your employer

By acquiring the SSAP, you gain valuable skills that help you grow your career. But what are the benefits to your employer? 

This credential will demonstrate to your organization: 

  1. You possess all the necessary knowledge and skill to build any size security awareness program — from new or compliance-based programs  to advanced, mature awareness programs covering all relevant threats and risks.
  2. You have a baseline of “awareness program excellence.” SANS courseware and certifications are considered as  the most-trusted and leading source of security training throughout the cybersecurity industry. It’s constantly updated, covers practical, useful information that can be implemented immediately and ensuresorganizations  can rely  on the training employees receive.

Why SANS Security Awareness?

Drawing on over 25 years of experience in cybersecurity strategy and training, we leverage our fleet of the world’s best cyberthreat experts and learning behavior professionals, making SANS Security Awareness the best choice for security training. We'll help you create a best-in-class cyber-security awareness training program, gain leadership support for your program, connect with the community and, most importantly, change human behavior.


Get started today with the MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program.