Take the first step in earning your SSAP credentials with the MGT433 prerequisite course. In this course you will learn how to build, maintain and measure a mature awareness program. Get started today!

SSAP Exam Overview

The SSAP exam was created by the GIAC Exam Development team, the same professionals behind all GIAC certifications. If you already hold a GIAC certification, we recommend you still review the information below as there are some important differences you should know about.

What is the SSAP?

Organizations seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only that expertise, but also identifies you as a leading expert in this growing field. The SSAP credential signifies, documents, and certifies that the holder has met the requirements to elevate and measure the overall security behavior of the workforce and an expert in this growing field. The SSAP is the most effective, comprehensive way to accelerate your career and advancement opportunities in the field of managing human risk.


Who is the SANS Security Awareness Professional for?

The SSAP credential is intended for security awareness specialists seeking a deeper expertise in their field, using their skills and background to make a lasting impact. These individuals include:

  • CISOs and Security Leaders
  • Security Awareness Officers
  • Training Officers
  • Governance and Compliance
  • InfoSec Professionals
  • Incident Communications
  • Security Managers
  • Training Subject Matter Experts
  • Corporate Communications
  • Culture and Organizational Change Specialists

Areas Covered in the SSAP

The first step to achieving your SSAP is taking the two-day SANS MGT433 course on building mature awareness programs.  The SSAP is based on the content from the course, to include:

  • How to gain and maintain leadership advocacy for your program.
  • How to identify and document target groups and deploy relevant training.
  • How to effectively engage and communicate to your workforce, including addressing culture, role and generational challenges, nationalities or languages.
  • The ability to sustain your security awareness program, including implementing advanced programs, such as ambassador programs.
  • A full concept of the five stages of the Security Awareness Maturity Model and how to use it as the benchmark for your awareness program.
  • How to measure the impact of your awareness program, track reduction in human risk, and communicate the program's value to leadership.
  • Key models for learning theory, behavioral change, and cultural analysis.

Have questions? We have compiled some of the most frequently asked questions and their answers to help you get started.

MGT 433 Course Details

The MGT 433 course spans over an intense two-days. It teaches key concepts and skills needed to effectively secure the human element by establishing a mature security awareness program. This course will help you develop a program that goes beyond just compliance, by changing peoples' behaviors and create a secure culture.


Course content in MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program is based on lessons learned from hundreds of security awareness programs from around the world. You will learn not only from your instructor, but also from extensive interaction with your peers. You will develop your own custom security awareness plan that you can implement as soon as you return to your organization through a series of hands-on labs and exercises.

Day one of the MGT 433 Course will address:

MGT 433 Lance
  • The five stages of the Security Awareness Maturity Model
  • The three variables of risk and their role in awareness
  • Why humans are so vulnerable and the latest methods cyber attackers use to exploit these vulnerabilities
  • The learning continuum: awareness, training, and education
  • Steps to gaining and maintaining leadership support
  • How to develop and leverage an effective Advisory Board
  • B.J. Fogg Behavior Model and how it applies to your overall strategy of changing workforce behavior
  • Developing a strategic plan based on three key questions: Who, What, and How
  • Who: Identifying the different targets of your awareness program. Whose behaviors do you want to change? NOTE: This section includes an interactive group lab where you identify and analyze key target groups in your organization
  • What: Identifying and prioritizing the top human risks to your organization and the behaviors that will most effectively manage those risks. NOTE: This section includes two interactive labs, one conducting a qualitative risk analysis for your organization and a second lab on behavioral management by defining key learning objectives

In the second day of this course, participants will work collectively to understand:

large audience attending SANS Security Awareness MGT433 course
  • How: How will you communicate your program and train your workforce. This includes defining why cybersecurity is important to your organization, different training modalities and the most successful strategies to engage people.
  • The effective use of imagery, to include imagery within diverse or international environments
  • Top tips for effective translation / localization
  • The two different communication methods: primary and reinforcement, and the advantages / disadvantages of each
  • How to effectively develop and provide instructor-led training (ILT)
  • How to effectively develop and deploy online / computer based training (CBT)
  • Different reinforcement methods, including newsletters, fact sheets, posters, internal social media, hosted speaker events, hacking demos, escape rooms, lunch-n-learns and numerous other training activities. NOTE: This section includes an interactive lab combining a cultural analysis, communication methods, and different training modalities
  • Long term sustainment for effective culture impact, to include gamification and ambassador programs
  • Design, deploy, and leverage metrics to measure the impact of your awareness program, including how to effectively establish a global phishing program and measure culture. Note: This section includes an interactive lab in identifying and defining the top security awareness metrics specific to your program.
  • Walking through the final planning and execution steps, to include documenting a comprehensive project plan

Signing up for your MGT433 course? Add on the SSAP credential exam to deepen your expertise in this growing field. Register now!

Benefits for Your Employer

By acquiring the SSAP, you gain valuable skills that help you grow your career. But what are the benefits to your employer? 

This credential will demonstrate to your organization: 

  1. You possess all the necessary knowledge and skill to build any size security awareness program. This includes launching new or compliance-based programs up to advanced, mature awareness programs covering all relevant threats and risks.
  2. That you have a baseline of “awareness program excellence.” SANS courseware and certifications is known throughout the cybersecurity industry as being the most-trusted and leading source of security training. Employers who provide this credential to employees can rely on the training they receive – it’s constantly updated, and covers practical, useful information that those building awareness programs can implement immediately.

Why SANS Security Awareness?

Drawing on over 25 years of experience in cyber security strategy and training, we leverage our fleet of the world’s best cyber threat experts and learning behavior professionals, making SANS the best choice for security awareness training. We'll help you create a best-in-class cyber security awareness training program, get leadership support for your program, connect with the community, and change user behavior.


Get started today with the MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program.