SANS 2026

Sun, Mar 29 - Fri, Apr 3, 2026
49 Courses
2 NetWars Tournaments
English

Hyatt Regency Orlando & Virtual (ET)

9801 International Drive, Orlando, FL 32819

Jump to:

Event Highlights
Courses
Schedule
Location

Transform Your Career in Just Six Days with Intensive Cybersecurity Training

Boost your cybersecurity skills at SANS 2026! Immerse yourself in a week of immersive, distraction-fee, industry-leading training tailored to elevate your capabilities, whether you’re new to the field or looking to deepen your advanced expertise. Benefit from direct mentorship by top experts in the field through practical labs and real-world strategies, experiencing insights that only in-person engagement can provide.

Interact with esteemed SANS faculty and fellows, and access exclusive sessions available only to onsite attendees. Connect with a vibrant community of like-minded professionals, engage in enriching networking events and benefit from community-building efforts that are structured to enhance your professional network and forge impactful, enduring relationships.

SANS Live Training: Arrive Curious. Leave Invincible.

Innovative Courses, Industry-Leading Instructors

Choose from over 50 courses tailored for every practitioner, from foundational skills to cutting-edge innovations, that dive deep into topics like:

Incident Response
Hacker Tools and Techniques
ICS/SCADA Security Essentials
Cyber Threat Intelligence
AI/Machine Learning

and many more!

Plus, enjoy bonus after-class extras like expert-led talks and networking events that extend value far beyond the classroom.

Your evolution begins here. Join SANS and transform your future.

Students Say

Slide 1 of 4
SANS creates a one-of-a-kind learning experience providing world-class training and fascinating opportunities to network and gain new perspectives from your peers!
Justin E.U.S. Federal Agency
Slide 2 of 4
The instruction at SANS is top-notch. I have been to several SANS training courses and they never disappoint. The instructors bring real life experiences and show the students how the material can be applied.
Thomas SeckJohns Hopkins APL
Slide 3 of 4
The labs are giving me a chance to see the course content first hand and interact with it. It's doing a good job of letting me play with it and really seeing how the tools and methodologies work.
Ryan MoellerEureka Strategic Consulting
Slide 4 of 4
SANS training keeps individuals up-to-date with relevant cyber security information. I can now apply the skills learned towards further maturing my program.
Nicholas MarriottPfizer

Event Highlights

Exclusive Industry Leading @Night Talks & Keynote Presentations

Hear from SANS expert instructors, during our keynote session and during SANS@Night talks for the latest techniques.

Learn More

NetWars Tournament

Put your skills to the test in an adrenaline-pumping competition! Join your classmates in this exclusive challenge included free with your course registration.

Learn More

Large Group of People Participating in Netwars Tournament

Welcome Reception

Kick off your week of world-class cybersecurity training at the Welcome Reception! This is your chance to connect face-to-face with fellow practitioners, industry experts, and SANS Faculty in a relaxed, open-air setting. Enjoy delicious bites and a selection of beverages —adult and otherwise —as you ease into an exciting week of learning and networking.

Free OnDemand Extended Access with Course Purchase—Automatically Included ($999 Value!)

Here’s what happens when you register for a course at this event: OnDemand extended access is automatically added to your account at no extra cost. No forms, no follow-up steps. Once the event concludes, the bundle appears directly in your SANS portal—ready when you are.

Important Dates

Refund Deadline:: March 12, 2026
Hotel Group Discount Deadline:: March 19, 2026

Courses

Looking for Group Training? Contact Sales

Showing 10 of 49

Filter by:

SEC503: Network Monitoring and Threat Detection In-Depth

SEC503Cyber Defense

GIAC Certified Intrusion Analyst
6 Days
46 CPEs
Andrew Laman

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC401: Security Essentials - Network, Endpoint, and Cloud

SEC401Cyber Defense

GIAC Security Essentials
6 Days
46 CPEs
Bryan Simon

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC504: Hacker Tools, Techniques, and Incident Handling

SEC504Offensive Operations

GIAC Certified Incident Handler
6 Days
38 CPEs
Joshua Wright

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC501: Advanced Security Essentials - Enterprise Defender

SEC501Cyber Defense

GIAC Certified Enterprise Defender
6 Days
38 CPEs
Ross Bergman

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

FOR508Digital Forensics and Incident Response

GIAC Certified Forensic Analyst
6 Days
36 CPEs
Carlos Cajigas

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC542: Web App Penetration Testing and Ethical Hacking

SEC542Offensive Operations

GIAC Web Application Penetration Tester
6 Days
36 CPEs
Timothy McKenzie

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC560: Enterprise Penetration Testing

SEC560Offensive Operations

GIAC Penetration Tester
6 Days
36 CPEs
Jeff McJunkin

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

FOR610Digital Forensics and Incident Response

GIAC Reverse Engineering Malware
6 Days
36 CPEs
Michael Murr

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC301: Introduction to Cyber Security

SEC301Cyber Defense

SEC673: Advanced Information Security Automation with Python

GIAC Information Security Fundamentals
5 Days
30 CPEs
Rich Greene

Starts 29 Mar 2026 at 8:30 AM ET
$3,000 USD (Course)
$499 USD (Certification)
*Prices exclude applicable local taxes

View course details

SEC617: Wireless Penetration Testing and Ethical Hacking

SEC617Offensive Operations

GIAC Assessing and Auditing Wireless Networks
6 Days
36 CPEs
Larry Pesce

Starts 29 Mar 2026 at 8:30 AM ET
$8,780 USD (Course)
$999 USD (Certification)
*Prices exclude applicable local taxes

View course details

Schedule

Keynotes & Talks

Learn from industry leaders sharing key security insights.

Social & Community Events

Network and collaborate with cybersecurity professionals.

NetWars Tournaments

Hands-on competitions to test and sharpen your cybersecurity skills.

Showing 1 of 14

Filter by:

Select day:

SANS 2026 Welcome Reception

Kick off your SANS 2026 experience in style at the Welcome Reception!

This high-energy, can’t-miss event is your first opportunity to connect with fellow cybersecurity professionals, renowned SANS faculty, and industry peers from around the globe. Spark meaningful conversations about today’s most pressing cybersecurity trends, expand your professional network, and start shaping your training goals for the week ahead—or simply unwind and enjoy the moment.

Whether you’re here to collaborate, explore, or recharge, this reception sets the stage for a week of deep, immersive learning. Refreshing beverages (adult and otherwise) and delicious bites will be served.

06:30PM - 08:00PM EDT

In-Person

Lunch and Learn: Why SIEM Migrations Fail: You Don’t Have a Tool Problem, You Have a Data Problem

You invested heavily in your SIEM. Now it's expensive, noisy, and you're not sure it's catching what matters. So you migrate to a new platform, rebuild your detections, and two years later find yourself in exactly the same place. Sound familiar? The uncomfortable truth is that your SIEM isn't the problem—your data is. SIEMs are wrappers around data and process. Switch the wrapper without fixing what's inside, and you've just bought yourself an expensive reset button. This talk reframes data collection as a first-class security operations problem. We'll show how leading teams design detection starting from threat scenarios, not from whatever logs happen to be available.

Attendees will learn:

Threat-informed data sourcing: How to use threat modeling to identify which data sources actually matter for the threats you face—and which fields within those sources you need
ROI-driven decisions: A practical framework for calculating the return on investment of data sources and detections, so you can justify costs and cut noise
Coverage analysis: Methods to understand and communicate your detection coverage gaps to stakeholders
Data quality fundamentals: Why "we have the logs" doesn't mean you can detect anything, and how to measure and improve log quality
Building a sustainable program: Moving from one-time fixes to continuous improvement

We'll ground this in real-world case studies, including how missing Zoom authentication logs enabled North Korean operatives to remain undetected, and other examples where the data problem became visible only during incident response—when it was too late. You'll leave with a practical playbook for treating data collection as the strategic capability it is, not an afterthought to your next SIEM purchase.

*Sponsored by Beacon Security

12:30PM - 01:15PM EDT

Presented by

Gal Tal-Hochberg

Co-Founder and CEO

In-Person

Lunch and Learn: Leveraging Cyber Threat Intelligence for Offensive Intelligence

This lunch & learn explains how Offensive Cyber Threat Intelligence (Off CTI) improves defender awareness by extending visibility beyond the firewall to identify adversary infrastructure, stolen credentials, vulnerabilities, and campaign indicators before they affect the enterprise—think of it as preventive incident response. By using reconnaissance, threat actor profiling, malware ecosystem analysis, and external attack surface discovery, Off CTI helps defenders anticipate attacks, prioritize vulnerabilities, and stop kill chains early.

Attendees will see how intelligence from deep and dark web sources—combined with offensive techniques—can improve detection, speed up incident response, and strengthen proactive defense across complex environments.

Presented by Shawn Loveland, COO

*Sponsored by Resecurity

12:30PM - 01:15PM EDT

In-Person

Lunch and Learn: Hunting Threats in DNS: Detecting Hidden Infrastructure and Attacks

Threat actors work hard to remain hidden, but much of their infrastructure and activity is exposed through DNS, often more than attackers realize. This session explores how DNS can be used to discover, track, and identify malicious infrastructure used in real-world attack campaigns. Drawing on years of DNS threat research, we'll examine tactics attackers use every day, including domain lookalikes, traffic distribution systems (TDS), domain hijacking, parked-domain abuse, and residential proxies. Attendees will gain practical insights into how DNS can help defenders detect and disrupt threats earlier in the attack lifecycle.

*Sponsored by Infoblox

Presented by Brent Eskridge, Staff Threat Researcher, Infoblox

12:30PM - 01:15PM EDT

In-Person

Featured Keynote: Chopping AI Down to Size: Paul Bunyan’s Guide to Thriving in Cyber Careers

There is an old American legend about a larger-than-life lumberjack, Paul Bunyan, whose mighty axe carved forests and shaped the frontier. As the story goes, Paul faced off against a steam-powered saw that threatened to outpace his manual brute force effort. With his trusty ox, Babe, by his side, he tackled the challenge head-on. He challenged the innovators to a contest, swinging his axe with all his might. Despite his heroic effort, the machine edged him out by a quarter-inch, and Paul walked away, humbled but not broken.

07:00PM - 08:00PM EDT

Presented by

Mark Baggett

Fellow

In-Person & Virtual

Live-Online Registration

Special Event: SANS Solutions Expo

Step into the SANS Solutions Expo and experience innovation in action. This special event brings together leading cybersecurity vendors and solution providers to showcase the latest tools, technologies, and services designed to strengthen and modernize your security program. Whether you're evaluating new platforms, exploring emerging technologies, or looking for practical solutions you can implement right away, the Solutions Expo is your chance to connect directly with the experts behind today’s most impactful security innovations.

08:00AM - 03:30PM EDT

In-Person

SANS@Night: Am I Prompting Right? A Hitchhikers Guide to Mastering LLMs and Vibe Coding

In this presentation: Jean-Francois Maes will take you on a journey of how LLMs work, why you are likely using it wrong if you're using it like Google search and how to implement patterns to get better results both in daily conversation as well as vibe coding.

06:45PM - 07:45PM EDT

Presented by

Jean-François Maes

Certified Instructor

In-Person & Virtual

Live-Online Registration

SANS@Night: The 2026 Cybersecurity Toolkit Refresh: SANS Policies and CRF Updates

The 2026 Cybersecurity Toolkit Refresh brings a major set of free, practical updates to two widely adopted resources in the community: the SANS Policy Templates and the Cybersecurity Risk Foundation (CRF) frameworks.

This session focuses on what’s new in the spring 2026 releases—updated SANS policies, refreshed CRF safeguards, expanded threat and governance models, and new supporting tools designed to help teams mature faster without adding complexity. Whether you're already using these resources or discovering them for the first time, the emphasis is simple: everything discussed in this talk is freely available, ready to download, and put into practice as soon as you get home from this event.

06:45PM - 07:45PM EDT

Presented by

James Tarala

Senior Instructor

In-Person & Virtual

Live-Online Registration

SANS Unplugged

A relaxed evening reception designed to bring together OnDemand students, SANS instructors, course authors, and staff—for real conversation, shared stories, and new professional connections. It's where solo study becomes shared community.

Enjoy light bites, drinks, and open access to:

Meaningful networking with peers, mentors, and industry leaders
Exclusive NetWars tournament access and SANS @Night Talks
A special 20% discount on your next SANS course—OnDemand, In-Person, or Live Online

We can't wait to welcome you to SANS Unplugged.

05:00PM - 06:00PM EDT

Presented by

Lance Spitzner

Senior Instructor

In-Person

SANS@Night: From Reactive to Resilient: Transform Cybersecurity Through Leadership and Insight

In an era of rapid digital transformation like the use of AI and quantum computing, cybersecurity and risk has become a critical concern for organizations worldwide. As cyber threats grow in complexity and sophistication, leaders must not only stay informed about emerging trends but also proactively manage risks and influence organizational culture to build resilience.

06:00PM - 07:00PM EDT

Presented by

My-Ngoc Nguyen

Principal Instructor

In-Person & Virtual

Live-Online Registration

Tournament: Core NetWars

Registration: All students who register for a 4–6 day course will be eligible to play NetWars for free. Registration for this event will be through your SANS Account Dashboard the week of the event.

About Core NetWars: The most comprehensive of the NetWars ranges, this ultimate multi-disciplinary cyber range powers up the most diverse cyber skills. This range is ideal for advancing your cybersecurity prowess in today's dynamic threat landscape. The winning team and the top five solo players from every Core NetWars tournament throughout the year are offered a chance to compete in the annual SANS Core NetWars Tournament of Champions.

06:30PM - 09:30PM EDT

In-Person

Tournament: ICS NetWars

About ICS NetWars: Focused on factory machinery operations, this experience brings players onto the factory floor, exposing them to the challenges of detecting and defending physical equipment and manufacturing components from cyberattacks.

06:30PM - 09:30PM EDT

In-Person

Tournament: Core NetWars

06:30PM - 09:30PM EDT

In-Person

Tournament: ICS NetWars

06:30PM - 09:30PM EDT

In-Person

Hyatt Regency Orlando

Hotel Special Rates and Reservations

A special discounted rate of $249 S/D plus applicable taxes will be honored based on space availability. A limited number of Government Per Diem rooms at the prevailing rate are available with proper ID.

All rates include the resort fee for a savings of $48 per day. The resort fee provides a $10 Daily F&B credit, two bottles of water in room daily, two I-Ride Trolley tickets daily to the International Drive area, 15% discount on spa services, daily access to 24hr fitness center, and complimentary group fitness classes, bike rentals, and pool activities (floats, rafts, etc.) offered in both pools. SANS attendees will also receive $5.00 discount off self-parking daily or overnight.

These rates are only available through Thursday, March 19, 2026. Please Note: fees before taxes are listed on the price above the ‘Select & Book’ button.

Overflow Government block: A limited number of Government Per Diem rooms at the prevailing rate are available with proper ID at SpringHill Suites Orlando Convention Center/International Drive Area. Self-parking is complimentary and a complimentary breakfast buffet is available. The hotel is located approximately 1.1 miles away from Hyatt Regency Orlando where the event will take place. Link to Directions. This rate is only available through March 19, 2026. To make a reservation, please contact Dariel Chirino at 407-363-4603 or dchirino@aurohotels.com and reference SANS.

Book A Regular Reservation Book A Per Diem Government Reservation

3 Reasons To Stay At The Event Venue

Ultimate Convenience
Eliminate the hassle of daily commutes and wasted travel time. You’ll have everything you need—from your training to dining and amenities - all in one centralized, convenient location.
Seamless Networking Opportunities
Stay where the action is! Maximize your chances to connect with fellow cybersecurity professionals and industry leaders - from impromptu conversations in the lobby to exclusive after-hours events.
All Day, All Event Access
SANS live training events include bonus sessions exclusively at the venue. Staying on-site ensures you won’t miss these opportunities to grow your network and engage with peers beyond the conference agenda.

Business People Shaking Hands and Smiling

Travel Information

To purchase specially priced Walt Disney World® Meeting/Convention Theme Park tickets, please click the link below or call 407-566-5600. Tickets are valid 7 days before, during, and 7 days after the meeting dates. To enter a park, both a park reservation and valid ticket on the same day are required. To make park reservations, you will need to sign-into an existing Disney® Account or create a new one and link each ticket. Park reservations are subject to availability – please check the Park Availability Calendar. For details on making a park reservation, please visit Disney Park Pass Experience Updates. Whether it’s your first visit or your 100th, we recommend reviewing the Walt Disney World® Resort Experience Updates.

Valet Parking: - Overnight guests (with in-and-out privileges): $56.00 - Day visitors, 24 hours per day (no in/out privileges): $56.00 Self-Parking: - Overnight guests (with in-and-out privileges): $45.00* - Day visitors, 30 minutes-24 hours per day (no in-and-out privileges): $45.00* *SANS attendees will receive a $5.00 discount off self-parking daily or overnight. Rates listed are prevailing and subject to change. Alternative Parking Options SANS recommends researching nearby parking facilities for more affordable options. Some popular parking apps that can help you locate and reserve space during your training are SpotHero, ParkMobile, and ParkWhiz. Distance from Nearby Airport Orlando International Airport (MCO): Approximately 12.6 miles.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS 2026

Share

Transform Your Career in Just Six Days with Intensive Cybersecurity Training

Innovative Courses, Industry-Leading Instructors

Students Say

Event Highlights

Exclusive Industry Leading @Night Talks & Keynote Presentations

NetWars Tournament

Welcome Reception

Free OnDemand Extended Access with Course Purchase—Automatically Included ($999 Value!)

Courses

GIAC Certification Exam Attempt

OnDemand Access

Netwars Tournaments

SEC503: Network Monitoring and Threat Detection In-Depth

Quick view

SEC401: Security Essentials - Network, Endpoint, and Cloud

Quick view

SEC504: Hacker Tools, Techniques, and Incident Handling

Quick view

SEC501: Advanced Security Essentials - Enterprise Defender

Quick view

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Quick view

SEC542: Web App Penetration Testing and Ethical Hacking

Quick view

SEC560: Enterprise Penetration Testing

Quick view

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Quick view

SEC301: Introduction to Cyber Security

Quick view

SEC617: Wireless Penetration Testing and Ethical Hacking

Quick view

Schedule

Keynotes & Talks

Social & Community Events

NetWars Tournaments

SANS 2026 Welcome Reception

Lunch and Learn: Why SIEM Migrations Fail: You Don’t Have a Tool Problem, You Have a Data Problem

Lunch and Learn: Leveraging Cyber Threat Intelligence for Offensive Intelligence

Lunch and Learn: Hunting Threats in DNS: Detecting Hidden Infrastructure and Attacks

Featured Keynote: Chopping AI Down to Size: Paul Bunyan’s Guide to Thriving in Cyber Careers

Special Event: SANS Solutions Expo

SANS@Night: Am I Prompting Right? A Hitchhikers Guide to Mastering LLMs and Vibe Coding

SANS@Night: The 2026 Cybersecurity Toolkit Refresh: SANS Policies and CRF Updates

SANS Unplugged

SANS@Night: From Reactive to Resilient: Transform Cybersecurity Through Leadership and Insight

Tournament: Core NetWars

Tournament: ICS NetWars

Tournament: Core NetWars

Tournament: ICS NetWars

Hyatt Regency Orlando

3 Reasons To Stay At The Event Venue

Ultimate Convenience

Seamless Networking Opportunities

All Day, All Event Access

Travel Information

Discount Disney Tickets

Hyatt Regency Orlando

Venue Parking Details

Save On United Flights To SANS Events

Save on Delta Flights to SANS Events

SEC503: Network Monitoring and Threat Detection In-Depth

Quick view

SEC401: Security Essentials - Network, Endpoint, and Cloud

Quick view

SEC504: Hacker Tools, Techniques, and Incident Handling

Quick view

SEC501: Advanced Security Essentials - Enterprise Defender

Quick view

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Quick view

SEC542: Web App Penetration Testing and Ethical Hacking

Quick view

SEC560: Enterprise Penetration Testing

Quick view

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Quick view