The SSAP is coming soon! The credential will be available this summer. Want to learn more about getting your SSAP? Sign up to be the first to hear when it launches.
What is the SSAP?
Most organizations have invested tremendous resources into operational security technologies, but little, if anything, into securing their workforce. The human risk element has become an immense challenge for organizations in managing their cyber stability.
Organizations now seek proven leaders who have the expertise and skills to effectively manage and measure human risk. The SANS Security Awareness Professional (SSAP) provides not only that expertise, but also identifies you as a leading expert in this growing field. The SSAP credential signifies, documents, and certifies that the holder has met the requirements to elevate and measure the overall security behavior of the workforce and an expert in this growing field.
Organizations and government realize that technology alone cannot effectively manage all risk. Senior leaders and key stakeholders are starting to turn to experts to help them manage their human risk. The SSAP Credentialing course is the way to demonstrate that expertise, leveraging over 25 years of SANS experience in cyber security strategy and training.
Just getting started? Build and mature your awareness program with SANS EndUser Training. Our customizable mix of training content addresses relevant threats and teaches security concepts that are critical to your workplace.
Who is the SANS Security Awareness Professional for?
Over the span of nearly a decade, the SANS MGT 433 course has seen over 1,500 students, including many repeat participants looking to capitalize on the SANS commitment to continually enhance course content, community, and overall corporate mission.
The SSAP credential is intended for security awareness specialists seeking a deeper expertise in their field, using their skills and background to make a lasting impact related to adversarial risk. These individuals might include:
Security Awareness Officers
Governance and Compliance
Training Subject Matter Experts
The SSAP is the most effective, comprehensive way to accelerate your career and advancement opportunities in the field of managing human risk. Sign up to learn more and how you can be the first in line to receive your credential.
Areas Covered in the MGT 433 SSAP
Anyone involved in understanding, managing, measuring, or communicating human risk should consider acquiring the SSAP. At the completion of taking the course MGT 433 and obtaining your SSAP, you will come away with valuable and actionable skills including:
- How to gain and maintain leadership advocacy for your program.
- How to identify target groups and deploy role-based training.
- How to effectively engage and communicate to your workforce, including addressing specific role challenges, generational sensitivities, and nationalities or languages.
- The ability to sustain your security awareness program, including implementing advanced programs, such as gamification or ambassador programs.
- A full concept of the five stages of the Security Awareness Maturity Model and how to use it as the benchmark for your awareness program.
- How to measure the impact of your awareness program, track reduction in human risk, and communicate the program's value to leadership.
- Key models for learning theory, behavioral change, and cultural analysis.
Can't get get to a MGT 433 course in person? Want to learn at your own pace? MGT 433 can be taken anytime, anywhere. Consider taking the course through our engaging, 24/7 e-learning platform, SANS OnDemand.
This training will assist me and my team with putting a much better security awareness program in place. The maturity model is a great resource."
Soup to nuts, this class covers the entire designing, building, deploying and measuring of an effective security awareness program."
The 'Who' and 'What' of training and awareness is just what I needed to take back home."
How to Acquire Your SSAP
Hours to complete the exam
Proctored exam at a Pearson VUE location (a practice exam included)
To take the exam
MGT 433 Course Details
The MGT 433 course spans over an intense two-days. It teaches key concepts and skills needed to effectively secure the human element by establishing a mature security awareness program. This course will help you develop a program that goes beyond just compliance, by changing peoples' behaviors and create a secure culture.
- MGT 433 Course Overview
- MGT 433 Day 1: Plan and Build
- MGT 433 Day 2: Implement, Maintain, and Measure
Course content in MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program is based on lessons learned from hundreds of security awareness programs from around the world. You will learn not only from your instructor, but also from extensive interaction with your peers. You will develop your own custom security awareness plan that you can implement as soon as you return to your organization through a series of hands-on labs and exercises.
Day one of the MGT 433 Course will address:
- The five stages of the Security Awareness Maturity Model
- The three variables of risk and their role in awareness
- Why humans are so vulnerable and the latest methods cyber attackers use to exploit these vulnerabilities
- The learning continuum: awareness, training, and education
- Steps to gaining and maintaining leadership support
- How to develop and leverage an effective Advisory Board
- B.J. Fogg Behavior Model and how it applies to your overall strategy of changing workforce behavior
- Developing a strategic plan based on three key questions: Who, What, and How
- Who: Identifying the different targets of your awareness program. Whose behaviors do you want to change? NOTE: This section includes an interactive group lab where you identify and analyze key target groups in your organization
- What: Identifying and prioritizing the top human risks to your organization and the behaviors that will most effectively manage those risks. NOTE: This section includes two interactive labs, one conducting a qualitative risk analysis for your organization and a second lab on behavioral management by defining key learning objectives
In the second day of this course, participants will work collectively to understand:
- How: How will you communicate your program and train your workforce. This includes defining why cybersecurity is important to your organization, different training modalities and the most successful strategies to engage people.
- The effective use of imagery, to include imagery within diverse or international environments
- Top tips for effective translation / localization
- The two different communication methods: primary and reinforcement, and the advantages / disadvantages of each
- How to effectively develop and provide instructor-led training (ILT)
- How to effectively develop and deploy online / computer based training (CBT)
- Different reinforcement methods, including newsletters, fact sheets, posters, internal social media, hosted speaker events, hacking demos, escape rooms, lunch-n-learns and numerous other training activities. NOTE: This section includes an interactive lab combining a cultural analysis, communication methods, and different training modalities
- Long term sustainment for effective culture impact, to include gamification and ambassador programs
- Design, deploy, and leverage metrics to measure the impact of your awareness program, including how to effectively establish a global phishing program and measure culture. Note: This section includes an interactive lab in identifying and defining the top security awareness metrics specific to your program.
- Walking through the final planning and execution steps, to include documenting a comprehensive project plan
Earn your Badge
Upon completion of the MGT 433 course and passing SSAP exam, individuals will receive a specialized digital badge, which includes information on when your SSAP was obtained and the particular skills acquired. This badge can be prominently displayed on professional networking pages, portfolios, signatures and on résumés to indicate this professional career enhancement.
This credential expires after 4 years. In order to renew the SSAP Credential, students must retake the exam.
Why SANS Security Awareness?
Drawing on over 25 years of experience in cyber security strategy and training, we leverage our fleet of the world’s best cyber threat experts and learning behavior professionals, making SANS the best choice for security awareness training. We'll help you create a best-in-class cyber security awareness training program, get leadership support for your program, connect with the community, and change user behavior.
The SSAP is perfect for those looking to get into or develop, expand and perfect their expertise in the growing field of security awareness and managing human risk."
Achieving the SSAP will ensure not only can you effectively create a roadmap for a mature awareness program, but measure and communicate the impact of that program. The credential creates opportunity for advancement and growth within your career, creating a solid baseline for security awareness program implementation and comprehension of common risks. Sign up to learn more.
Benefits for Your Employer
By acquiring the SSAP, you gain valuable skills that help you grow your career. But what are the benefits to your employer?
This credential will demonstrate to your organization:
- You possess all the necessary knowledge and skill to build any size security awareness program. This includes launching new or compliance-based programs up to advanced, mature awareness programs covering all relevant threats and risks.
- That you have a baseline of “awareness program excellence.” SANS courseware and certifications is known throughout the cybersecurity industry as being the most-trusted and leading source of security training. Employers who provide this credential to employees can rely on the training they receive – it’s constantly updated, and covers practical, useful information that those building awareness programs can implement immediately.