Your organizations information is at risk. Learn how to protect it at SANS Minneapolis - August 12-17.

Cyber Defence Courses

SANS is the world's largest provider of cyber security training. We have over 125,000 alumni and operate within more than 35 countries.

Many large organisations, military departments and government offices trust SANS to help them protect their digital assets. Our Cyber Defence training is:

  • Designed to protect - SANS focusses on sharing the skills needed to detect and respond to cutting edge threats.
  • Practical and skills-based - We teach deployable skills - not just theory.
  • Led by experts - SANS Instructors are respected authorities in Cyber Defence.
  • Accessible and flexible - Students can choose different modes of training including classroom sessions and Online learning options.
  • Updated regularly - All our training content is refreshed frequently to account for the latest threats and malicious tactics.

Click here to jump to our full Cyber Defence course list

Why SANS Cyber Defence Training?


SANS training is designed to be hands-on. Rather than just sharing well-known theories, our courses place a high emphasis on re-enacting an attack or defence situation.

SANS Instructors are all confirmed experts in their respective fields. They're intimately acquainted with the dominant threats organisations face, and fully understand how to deploy strong defences.

To see what previous Cyber Defence students say about training, read our Testimonials.


SANS provides students with a wide selection of courseware and supporting resources.

Highlights across the Cyber Defence Curriculum include:

Textbooks - Courseware textbooks are written by SANS security experts. They're an invaluable resource for rehearsing what's been learned, and preparing for a GIAC open-book examination.

Toolsets - Courses are hands-on and focus on using the industry's dominant tools. If a classroom session draws on an open source application, we provide students with a copy. If the tool is commercial, we provide a trial version.

Virtual machines - Many lab exercises take place in virtualised environments. We provide students with a duplicate of the environment so they can recreate the exercise.

Cheat sheets and posters - To help students deploy what they've learned, we provide additional printed resources.

All Courses - Studying for Cyber Defence

Training Delivery

To ensure our training is accessible to all, SANS offers different routes to taking a Cyber Defence Course.

We hold Training Events which are classroom style training sessions led by a SANS Instructor and open to all. Students have the additional opportunity to win a Cyber Defence Coin at a Training Event.

If flexibility is needed, students can take SANS training Online. Our learning programme allows students to study on a laptop or tablet, at their own pace, and in their own time.

If an organisation has more than 25 students who need training, we can arrange for a SANS Instructor to deliver a course in an organisation's HQ or training centre through our Private Training option.

Questions about SANS Training? Read our FAQs here.


Many SANS Cyber Defence Training courses are aligned with GIAC Certifications. The Global Information Assurance Certification is an accreditation body that certifies the skills of cyber security professionals.

GIAC Certifications are recognised globally. Professionals who possess them are actively sought by corporate, government and military employers.

SANS Cyber Defence Courses

SANS Cyber Defence Curriculum courses fall into three categories - Core, Advanced and Specialist.

SANS Core Cyber Defence Courses

For those just beginning a career in Cyber Security, SEC301 provides a focussed and efficient path to understanding the discipline's core, foundational principles.

SANS' most popular course is SEC401: Security Essentials Bootcamp. A cyber defender's core mission is protecting an organisation's critical assets and infrastructure. This course teaches these invaluable skills.

SANS Advanced Cyber Defence Courses

SANS SEC501 builds on key skills from SEC401. This course focusses on preventing, detecting and reacting to attacks - quickly. By the end of SEC501 students will be able to build a fully defensible enterprise network.

Those looking to specialise further in network protection should explore SEC502. It teaches engineering perimeter protection so a network will be better equipped to withstand attacks.

SEC503 teaches how to identify anomalous network traffic and to fix the issue before it becomes a problem.

SEC505 is for students who work in an environment where Windows is the dominant operating system. This course teaches operating system and application hardening techniques.

Linux and Unix-like operating systems often form the backbone of enterprise networks. SEC506 teaches how to reduce Linux/Unix's attack surfaces through, for example, disabling unnecessary services.

SANS Specialist Cyber Defence Courses

SEC511 teaches the current best practice in relation to modern security architectures, and the techniques used by adversaries to penetrate systems.

SEC440 is designed to help master Critical Security Controls, as outlined by the Council on CyberSecurity. These are the bedrock of a reliable audit process. Audit skills can be further enhanced by taking SEC566.

SEC550 is founded on DARPA's Active Defense Harbinger Distribution Linux environment. Using ADHD, students learn how to interfere with hackers' reconnaissance and how to retaliate and compromise an attacker.

Finally, MGT414 provides an opportunity to prepare for a CISSP Certification Examination.

Cyber Defence Curriculum
Course Certification
Level 1 SEC301: Introduction to Cyber Security GISF
Level 2 SEC401: Security Essentials Bootcamp Style GSEC
Level 3 SEC501: Advanced Security Essentials - Enterprise Defender GCED
SEC503: Intrusion Detection In-Depth GCIA
SEC505: Securing Windows and PowerShell Automation GCWN
SEC506: Securing Linux/Unix GCUX
Specialty Courses SEC440: Critical Security Controls: Planning, Implementing, and Auditing
SEC511: Continuous Monitoring and Security Operations GMON
SEC550: Active Defense, Offensive Countermeasures and Cyber Deception
SEC555: SIEM with Tactical Analytics GCDA
SEC566: Implementing and Auditing the Critical Security Controls - In-Depth GCCC
MGT414: SANS Training Program for CISSP® Certification GISP

Training Events Offering Cyber Defence Courses
Event Dates Register
SANS Paris July 2019 Jul 01 - Jul 06, 2019  
SANS Munich July 2019 Jul 01 - Jul 06, 2019  
SANS London July 2019 Jul 08 - Jul 13, 2019  
SANS Riyadh July 2019 Jul 28 - Aug 01, 2019  
SANS London August 2019 Aug 05 - Aug 10, 2019  
SANS Prague August 2019 Aug 12 - Aug 17, 2019  
SANS Amsterdam August 2019 Aug 19 - Aug 24, 2019  
SANS Copenhagen August 2019 Aug 26 - Aug 31, 2019  
SANS Munich September 2019 Sep 02 - Sep 07, 2019  
SANS Brussels September 2019 Sep 02 - Sep 07, 2019  
SANS Oslo September 2019 Sep 09 - Sep 14, 2019  
SANS Dubai September 2019 Sep 14 - Sep 19, 2019  
SANS Paris September 2019 Sep 16 - Sep 21, 2019  
SANS Bahrain September 2019 Sep 21 - Sep 26, 2019  
SANS London September 2019 Sep 23 - Sep 28, 2019  
SANS DFIR Europe 2019 Sep 30 - Oct 06, 2019  
SANS Cardiff September 2019 Sep 30 - Oct 05, 2019  
SANS Riyadh October 2019 Oct 05 - Oct 10, 2019  
SANS Doha October 2019 Oct 12 - Oct 17, 2019  
SANS London October 2019 Oct 14 - Oct 19, 2019  
SANS Cairo October 2019 Oct 19 - Oct 24, 2019  
SANS Amsterdam October 2019 Oct 28 - Nov 02, 2019  
SANS London November 2019 Nov 11 - Nov 16, 2019  
SANS Gulf Region 2019 Nov 16 - Nov 28, 2019  
SANS Munich November 2019 Nov 18 - Nov 23, 2019  
SANS SEC401 Madrid November 2019 (in Spanish) Nov 18 - Nov 23, 2019  
SANS Security Operations London 2019 Dec 02 - Dec 07, 2019  
SANS Frankfurt December 2019 Dec 09 - Dec 14, 2019  
Online Training: SANS OnDemand
Private Training
Event Dates Register
Private Training Course of Your Choice Your Choice