Over 45 Cyber Security Courses at SANS 2018 in Orlando! Save up to $200 thru 2/28.

Cyber Defence Courses

SANS is the world's largest provider of cyber security training. We have over 125,000 alumni and operate within more than 35 countries.

Many large organisations, military departments and government offices trust SANS to help them protect their digital assets. Our Cyber Defence training is:

  • Designed to protect - SANS focusses on sharing the skills needed to detect and respond to cutting edge threats.
  • Practical and skills-based - We teach deployable skills - not just theory.
  • Led by experts - SANS Instructors are respected authorities in Cyber Defence.
  • Accessible and flexible - Students can choose different modes of training including classroom sessions and Online learning options.
  • Updated regularly - All our training content is refreshed frequently to account for the latest threats and malicious tactics.

Click here to jump to our full Cyber Defence course list

Why SANS Cyber Defence Training?


SANS training is designed to be hands-on. Rather than just sharing well-known theories, our courses place a high emphasis on re-enacting an attack or defence situation.

SANS Instructors are all confirmed experts in their respective fields. They're intimately acquainted with the dominant threats organisations face, and fully understand how to deploy strong defences.

To see what previous Cyber Defence students say about training, read our Testimonials.


SANS provides students with a wide selection of courseware and supporting resources.

Highlights across the Cyber Defence Curriculum include:

Textbooks - Courseware textbooks are written by SANS security experts. They're an invaluable resource for rehearsing what's been learned, and preparing for a GIAC open-book examination.

Toolsets - Courses are hands-on and focus on using the industry's dominant tools. If a classroom session draws on an open source application, we provide students with a copy. If the tool is commercial, we provide a trial version.

Virtual machines - Many lab exercises take place in virtualised environments. We provide students with a duplicate of the environment so they can recreate the exercise.

Cheat sheets and posters - To help students deploy what they've learned, we provide additional printed resources.

All Courses - Studying for Cyber Defence

Training Delivery

To ensure our training is accessible to all, SANS offers different routes to taking a Cyber Defence Course.

We hold Training Events which are classroom style training sessions led by a SANS Instructor and open to all. Students have the additional opportunity to win a Cyber Defence Coin at a Training Event.

If flexibility is needed, students can take SANS training Online. Our learning programme allows students to study on a laptop or tablet, at their own pace, and in their own time.

If an organisation has more than 25 students who need training, we can arrange for a SANS Instructor to deliver a course in an organisation's HQ or training centre through our Private Training option.

Questions about SANS Training? Read our FAQs here.


Many SANS Cyber Defence Training courses are aligned with GIAC Certifications. The Global Information Assurance Certification is an accreditation body that certifies the skills of cyber security professionals.

GIAC Certifications are recognised globally. Professionals who possess them are actively sought by corporate, government and military employers.

SANS Cyber Defence Courses

SANS Cyber Defence Curriculum courses fall into three categories - Core, Advanced and Specialist.

SANS Core Cyber Defence Courses

For those just beginning a career in Cyber Security, SEC301 provides a focussed and efficient path to understanding the discipline's core, foundational principles.

SANS' most popular course is SEC401: Security Essentials Bootcamp. A cyber defender's core mission is protecting an organisation's critical assets and infrastructure. This course teaches these invaluable skills.

SANS Advanced Cyber Defence Courses

SANS SEC501 builds on key skills from SEC401. This course focusses on preventing, detecting and reacting to attacks - quickly. By the end of SEC501 students will be able to build a fully defensible enterprise network.

Those looking to specialise further in network protection should explore SEC502. It teaches engineering perimeter protection so a network will be better equipped to withstand attacks.

SEC503 teaches how to identify anomalous network traffic and to fix the issue before it becomes a problem.

SEC505 is for students who work in an environment where Windows is the dominant operating system. This course teaches operating system and application hardening techniques.

Linux and Unix-like operating systems often form the backbone of enterprise networks. SEC506 teaches how to reduce Linux/Unix's attack surfaces through, for example, disabling unnecessary services.

SANS Specialist Cyber Defence Courses

SEC511 teaches the current best practice in relation to modern security architectures, and the techniques used by adversaries to penetrate systems.

SEC440 is designed to help master Critical Security Controls, as outlined by the Council on CyberSecurity. These are the bedrock of a reliable audit process. Audit skills can be further enhanced by taking SEC566.

SEC550 is founded on DARPA's Active Defense Harbinger Distribution Linux environment. Using ADHD, students learn how to interfere with hackers' reconnaissance and how to retaliate and compromise an attacker.

Finally, MGT414 provides an opportunity to prepare for a CISSP Certification Examination.

Cyber Defence Curriculum
Course Certification
Level 1 SEC301: Intro to Information Security GISF
Level 2 SEC401: Security Essentials Bootcamp Style GSEC
Level 3 SEC501: Advanced Security Essentials - Enterprise Defender GCED
SEC503: Intrusion Detection In-Depth GCIA
SEC505: Securing Windows and PowerShell Automation GCWN
SEC506: Securing Linux/Unix GCUX
Specialty Courses SEC440: Critical Security Controls: Planning, Implementing, and Auditing
SEC480: Top 4 Mitigation Strategies: Implementing & Auditing
SEC511: Continuous Monitoring and Security Operations GMON
SEC550: Active Defense, Offensive Countermeasures and Cyber Deception
SEC555: SIEM with Tactical Analytics GCDA
SEC566: Implementing and Auditing the Critical Security Controls - In-Depth GCCC
MGT414: SANS Training Program for CISSP® Certification GISP

Training Events Offering Cyber Defence Courses
Event Dates Register
SANS London March 2018 Mar 05 - Mar 10, 2018  
SANS Paris March 2018 Mar 12 - Mar 17, 2018  
SANS Munich March 2018 Mar 19 - Mar 24, 2018  
SANS Abu Dhabi 2018 Apr 07 - Apr 12, 2018  
SANS Zurich 2018 Apr 16 - Apr 21, 2018  
SANS London April 2018 Apr 16 - Apr 21, 2018  
SANS Riyadh April 2018 Apr 28 - May 03, 2018  
SANS Amsterdam May 2018 May 28 - Jun 02, 2018  
SANS London June 2018 Jun 04 - Jun 12, 2018  
SANS Oslo June 2018 Jun 18 - Jun 23, 2018  
SANS London July 2018 Jul 02 - Jul 07, 2018  
SANS Prague 2018 Aug 20 - Aug 25, 2018  
SANS Amsterdam September 2018 Sep 03 - Sep 08, 2018  
SANS Munich September 2018 Sep 16 - Sep 22, 2018  
SANS London September 2018 Sep 17 - Sep 22, 2018  
Online Training: SANS OnDemand
Private Training
Event Dates Register
Private Training Course of Your Choice Your Choice