Get unparalleled cyber security training from real-world practitioners in Boston. Save $200 thru 6/26.

SANS Courses

SANS has provided cyber security training courses to governments, enterprises and cyber security professionals for more than 25 years. Our cyber security courses are designed to:

To jump to the full list of all SANS courses click here.

Real World Training

Our IT security courses are regularly updated to ensure they remain focussed on the trends and attack vectors that are prevalent - and ever developing.

All Courses

SANS Courses align with real world IT security challenges, roles and security team functions.

SANS Training is immediately beneficial - students can implement the lessons learned as soon as they return to the workplace.

Cyber Defence

SANS' Cyber Defence courses have been designed to teach the skills and knowledge necessary to keep an organisation secure.

The SANS Defence curriculum begins with SEC301 - Introduction to Information Security and progresses to cyber defence's more advanced topics.

One of SANS' most popular course, SEC401 Security Essentials is regarded as a must-have for all those looking to rapidly progress their knowledge. As a student's career progresses, or a team's structure changes, professionals can receive training in skills such as perimeter protection, intrusion detection, continuous monitoring and more.

SANS' Cyber Defence courses also span Windows, Unix and Linux.

Penetration Testing

As the number of cyber attacks increase, so does the demand for information security professionals who possess the skills to spot flaws in networks - before the attackers. SANS' Penetration Testing family of courses equips students to mitigate threats.

With comprehensive coverage of tools, techniques, and methodologies for testing networks, web apps, wireless and more, SANS thoroughly prepares students to conduct high-value penetration testing projects. Advanced courses cover Metasploit, Python, Pen Testing and advanced exploit development.

Cyber Security Management

SANS Cyber Security Training Courses for managers are designed for security officers, those new to a technical leadership role and seasoned managers.

SANS Management training helps managers speak the same language as their technical staff. It equips managers with essential knowledge about security's critical foundations: networking fundamentals, applications, policy, contingency, risk management, incident handling and more.

Digital Forensics and Incident Response

Every organisation will inevitably need to deal with cyber crime. A company might be faced with fraud, insider threats, industrial espionage, hacker attacks on a network, and adversaries looking to gather intelligence about systems and business internals.

SANS' Forensics courses teach everything students need to know in order to investigate computer related incidents successfully.

Courses in this curriculum ensure students are well versed in Incident Response, ready to manage any situation by creating incident response plans that are fit for purpose.

Industrial Control Systems

SANS ICS Courses are designed specifically for workers involved in supporting and defending industrial control systems. The ICS curriculum equips IT workers and engineers with the skills and knowledge needed to keep their systems safe and secure.

Like all SANS cyber security Courses, the ICS/SCADA courses place specific emphasis on defending against current and emerging threats. In addition, SANS has worked with key global players in this field to ensure that the courses are relevant and practical and - in the case of course ICS410 - prepare students for the GICSP certification from GIAC.

IT Audit

What's the best way to approach auditing an enterprise's security? Which systems matter? Are they correctly configured? Are there processes and policies in place? The list of questions an auditor needs to answer is extensive and critically important.

To this end, SANS' Audit courses are designed to assist in the creation of risk-driven methods for tackling the enormous task of designing an enterprise security validation programme.

Secure Software Development

The quality, quantity and importance of the data handled by applications is increasing at an exponential rate. As such defenders need to understand how to create applications that are safe by design.

SANS Software Development courses focus on teaching mitigation strategies for infrastructure, architecture and code. Examples are drawn from real-world applications that have been proven to work.

Topics covered include JavaScript, SQL, HTTP, injections, configuration and defensible applications.

SANS Numbering and Naming

SANS' Courses all have a unique alphanumeric name - SEC401, MGT512 and FOR508, for example. The first three letters relate to the security job role the course focusses on: AUD (Audit), DEV (Development), FOR (Forensics) and SEC (Security) etc.

The numeric part of the course name indicates the course's level of technical complexity. The first number SEC3, SEC4, SEC5 increases as the level of knowledge enhances. So, 3 courses are for relative beginners and 7 sessions are for the more experienced.

For those intending to follow a distinct training path, some courses are designed to follow directly on from another. Where this is the case, courses share the same second number. For example SEC560, SEC660, SEC760.

This structure is designed to help students pick courses that are right for their needs and, as their career advances, choose the next relevant course.

Course Certification
SEC301: Introduction to Cyber Security GISF
SEC401: Security Essentials Bootcamp Style GSEC
SEC402: Cybersecurity Writing: Hack the Reader
SEC440: Critical Security Controls: Planning, Implementing, and Auditing
SEC450: Blue Team Fundamentals: Security Operations and Analysis
SEC455: SIEM Design & Implementation
SEC460: Enterprise Threat and Vulnerability Assessment
SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis
SEC501: Advanced Security Essentials - Enterprise Defender GCED
SEC503: Intrusion Detection In-Depth GCIA
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling GCIH
SEC505: Securing Windows and PowerShell Automation GCWN
SEC506: Securing Linux/Unix GCUX
SEC511: Continuous Monitoring and Security Operations GMON
SEC524: Cloud Security and Risk Fundamentals
SEC530: Defensible Security Architecture and Engineering GDSA
SEC534: Secure DevOps: A Practical Introduction
SEC540: Cloud Security and DevOps Automation
SEC542: Web App Penetration Testing and Ethical Hacking GWAPT
SEC545: Cloud Security Architecture and Operations
SEC546: IPv6 Essentials
SEC550: Active Defense, Offensive Countermeasures and Cyber Deception
SEC555: SIEM with Tactical Analytics GCDA
SEC560: Network Penetration Testing and Ethical Hacking GPEN
SEC562: CyberCity Hands-on Kinetic Cyber Range Exercise
SEC564: Red Team Operations and Threat Emulation
SEC566: Implementing and Auditing the Critical Security Controls - In-Depth GCCC
SEC567: Social Engineering for Penetration Testers
SEC573: Automating Information Security with Python GPYC
SEC575: Mobile Device Security and Ethical Hacking GMOB
SEC580: Metasploit Kung Fu for Enterprise Pen Testing
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses GDAT
SEC617: Wireless Penetration Testing and Ethical Hacking GAWN
SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking GXPN
SEC760: Advanced Exploit Development for Penetration Testers
Team Based Training
Course Certification
TBT570: Team Based Training - Blue Team and Red Team Dynamic Workshop