SANS Training Roadmap Essentials ICS410 ICS/SCADA Security Essentials | GICSP

Baseline Skills Focused Job Roles Specific Skills, Specialized Roles

NEW TO CYBERSECURITY | COMPUTERS, TECHNOLOGY, AND SECURITY DESIGN, DETECTION, AND DEFENSIVE CONTROLS ADVANCED CYBER DEFENSE | HARDEN SPECIFIC DEFENSES
COMPUTER & IT
SEC275 Foundations: Computers, Technology & Security | GFACT
Focused Cyber Defense Skills Platform-Focused
FUNDAMENTALS
ADVANCED WINDOWS/
SEC501 Advanced Security Essentials – Enterprise Defender | GCED SEC505 Securing Windows and PowerShell Automation | GCWN
CYBERSECURITY GENERALIST POWERSHELL
SEC301 Introduction to Cyber Security | GISF
FUNDAMENTALS
MONITORING Topic-Focused
SEC511 Continuous Monitoring and Security Operations | GMON
These entry-level courses cover a wide spectrum of security topics and are liberally & OPERATIONS
TRAFFIC ANALYSIS SEC503 Network Monitoring and Threat Detection In-Depth | GCIA
sprinkled with real-life examples. A balanced mix of technical and managerial
SECURITY SEC530 D
 efensible Security Architecture and Engineering: Implementing
issues makes these course appealing to attendees who need to understand the ARCHITECTURE Zero Trust for the Hybrid Enterprise | GDSA SIEM SEC555 SIEM with Tactical Analytics | GCDA
salient facets of information security basics and the basics of risk management.
The detection of what is happening in your environment requires an increasingly POWERSHELL SEC586 Security Automation with PowerShell
sophisticated set of skills and capabilities. Identifying security anomalies requires SEC573 Automating Information Security with Python | GPYC
PYTHON CODING
CORE TECHNIQUES | PREVENT, DEFEND, MAINTAIN increased depth of understanding to deploy detection and monitoring tools and to SEC673 Advanced Information Security Automation with Python
interpret their output.
Every Security Professional Should Know SEC595 Applied Data Science and Machine Learning
DATA SCIENCE
for Cybersecurity Professionals | GMLE
SECURITY Open-Source Intelligence
SEC401 Security Essentials: Network, Endpoint, and Cloud | GSEC
ESSENTIALS
Open-Source Intelligence
Whether you are new to information security or a seasoned practitioner with a OSINT SEC497 Practical Open-Source Intelligence (OSINT) | GOSI
specialized focus, SEC401 will provide the essential information security skills and OSINT SEC587 Advanced Open-Source Intelligence (OSINT) Gathering & Analysis
techniques you need to protect and secure your critical information and technology
assets, whether on-premise or in the cloud. OFFENSIVE OPERATIONS | PENETRATION TESTING, OFFENSIVE SECURITY
BLUE TEAM SEC450 Blue Team Fundamentals: Security Operations and Analysis | GSOC Every Offensive Professional Should Know SPECIALIZED OFFENSIVE OPERATIONS | FOCUSED TECHNIQUES & AREAS
ATTACKER NETWORK Network, Web, and Cloud
SEC504 Hacker Tools, Techniques, and Incident Handling | GCIH SEC560 Enterprise Penetration Testing | GPEN
TECHNIQUES PEN TESTING
SEC660 Advanced Penetration Testing, Exploit Writing,
WEB APPS SEC542 Web App Penetration Testing and Ethical Hacking | GWAPT EXPLOIT DEVELOPMENT and Ethical Hacking | GXPN
All professionals entrusted with hands-on cybersecurity work should be trained to SEC760 Advanced Exploit Development for Penetration Testers
possess a common set of capabilities enabling them to secure systems, practice defense in The professional who can find weakness is often a different breed than one focused
depth, understand how attacks work, and manage incidents when they occur. To be secure, exclusively on building defenses. A basic tenet of Red Team/Blue Team deployments CLOUD PEN TEST SEC588 Cloud Penetration Testing | GCPN
you should set a high bar for the baseline set of skills in your security organization. is that finding vulnerabilities requires different ways of thinking and different tools. Specialized Penetration Testing
Offensive skills are essential for cybersecurity professionals to improve their defenses.
SOCIAL ENGINEERING SEC467 Social Engineering for Security Professionals
BLOCKCHAIN SEC554 Blockchain and Smart Contract Security
ROLE-BASED TRAINING FROM SANS SECURITY AWARENESS INCIDENT RESPONSE & THREAT HUNTING | HOST & NETWORK FORENSICS
SEC565 Red Team Operations and Adversary Emulation | GRTP
Security Essentials for IT Administrators Every Forensics and Incident Response Professional Should Know RED TEAM SEC670 Red Teaming Tools - Developing Windows
Role-based PCI DSS Compliance Training Implants, Shellcode, Command and Control
FOR500 Windows Forensic Analysis | GCFE
Protecting against cyber threats requires continuous investment in skills development. ENDPOINT FOR508 A dvanced Incident Response, Threat Hunting, SEC575 iOS and Android Application Security
FORENSICS and Digital Forensics | GCFA MOBILE
Analysis and Penetration Testing | GMOB
Short-form modular training provides various teams with a role-focused understanding FOR608 E nterprise-Class Incident Response & Threat Hunting
of evolving security concepts. PRODUCT SECURITY SEC568 Combating Supply Chain Attacks with Product Security Testing
NETWORK FOR572 A dvanced Network Forensics: Threat Hunting,
FORENSICS Analysis, and Incident Response | GNFA PEN TEST SEC580 Metasploit for Enterprise Penetration Testing
FORENSICS ESSENTIALS Whether you’re seeking to maintain a trail of evidence on host or network systems, SEC556 IoT Penetration Testing
WIRELESS & IoT
SEC617 Wireless Penetration Testing and Ethical Hacking | GAWN
Every Forensics and Incident Response Professional Should Know or hunting for threats using similar techniques, larger organizations need specialized
professionals who can move beyond first-response incident handling in order to Purple Team
BATTLEFIELD FORENSICS
FOR498 Battlefield Forensics & Data Acquisition | GBFA analyze an attack and develop an appropriate remediation and recovery plan.
& DATA ACQUISITION SEC598 Security Automation for Offense, Defense, and Cloud
SEC599 Defeating Advanced Adversaries –
DETECTION
Purple Team Tactics and Kill Chain Defenses | GDAT
ENGINEERING
CLOUD SECURITY ESSENTIALS CORE CLOUD SECURITY SEC699 Advanced Purple Teaming - Adversary
Emulation & Detection Engineering
Every Cloud Security Professional Should Know Preparation for More Focused Job Functions
ESSENTIALS SEC488 Cloud Security Essentials | GCLD PREVENTION SEC510 Attack-Driven Cloud Security Controls and Mitigations | GPCS
DIGITAL FORENSICS, MALWARE ANALYSIS,
If you are new to cybersecurity or looking to up-skill, cloud security AUTOMATION
SEC540 Cloud Security and DevSecOps Automation | GCSA & THREAT INTELLIGENCE | SPECIALIZED INVESTIGATIVE SKILLS
essentials is a requirement for today’s organizations. This course & DEVSECOPS
provides the basic knowledge required to introduce students to the cloud Specialization
MONITORING
SEC541 C loud Security Threat Detection | GCTD
security industry, as well as in-depth, hands-on practice in labs. & DETECTION CLOUD FORENSICS FOR509 Enterprise Cloud Forensics & Incident Response | GCFR
ARCHITECTURE SEC549 E nterprise Cloud Security Architecture RANSOMWARE FOR528 Ransomware and Cyber Extortion
CLOUD FUNDAMENTALS
With the massive global shift to the cloud, it becomes more critical for every organization FOR610 Reverse-Engineering Malware:
Built for professionals who need to be conversant in basic cloud security concepts, to have experts who understand the security risks and benefits that come with public MALWARE ANALYSIS Malware Analysis Tools and Techniques | GREM
principles, and terms, but who are not responsible for hands-on cloud activities. cloud use, how to navigate and take full advantage of multicloud environments, FOR710 Reverse-Engineering Malware: Advanced Code Analysis
and how to incorporate security from the start of all development projects. Threat Intelligence
INTRODUCTION SEC388 Intro to Cloud Computing and Security
FOR578 Cyber Threat Intelligence | GCTI
CYBER THREAT INTELLIGENCE
INDUSTRIAL CONTROL SYSTEMS SECURITY FOR589 Cybercrime Intelligence
ROLE-BASED TRAINING FROM SANS SECURITY AWARENESS
Every ICS Security Professional Should Know Digital Forensics & Media Exploitation
Developer Secure Code Training
ICS DEFENSE SMARTPHONES FOR585 Smartphone Forensic Analysis In-Depth | GASF
Educate everyone involved in the software development process including developers, ICS515 ICS Visibility, Detection, and Response | GRID
& RESPONSE
FOR518 Mac and iOS Forensic Analysis and
architects, managers, testers, business owners, and partners with role-focused training MAC FORENSICS
ICS ADVANCED Incident Response | GIME
that ensures your team can properly build defensible applications from the start. ICS612 ICS Cybersecurity In-Depth
SECURITY
LINUX FORENSICS FOR577 L inux Incident Response & Analysis
NERC Protection
INDUSTRIAL CONTROL SYSTEMS SECURITY SPECIALIZATION IN CLOUD SECURITY
NERC SECURITY
Every ICS Security Professional Should Know ICS456 Essentials for NERC Critical Infrastructure Protection | GCIP
ESSENTIALS Specialization for Advanced Skills & Roles
ESSENTIALS ICS410 ICS/SCADA Security Essentials | GICSP Industrial systems run the world, and the need for cyber security professionals to APPLICATION SEC522 Application Security: Securing Web Apps, APIs, and
defend them is critical. Learn the skills needed to safeguard critical infrastructure SECURITY Microservices | GWEB
for the sake of operations, national security, and the safety of human life.
INDUSTRIAL CONTROL SYSTEMS SECURITY CLOUD PEN TEST SEC588 Cloud Penetration Testing | GCPN
Every ICS Security Manager Should Know CLOUD FORENSICS FOR509 Enterprise Cloud Forensics and Incident Response | GCFR
CORE LEADERSHIP
ESSENTIALS ICS418 ICS Security Essentials for Managers CLOUD DESIGN &
Transformational Cybersecurity Leader LDR520 Cloud Security for Leaders
IMPLEMENTATION
TECHNOLOGY Learning how to convert traditional cybersecurity skills into the nuances of cloud
FOUNDATIONAL LEADERSHIP LEADERSHIP
LDR512 Security Leadership Essentials for Managers | GSLC
security is a necessity for proper monitoring, detection, testing, and defense.
Every Cybersecurity Manager Should Know SECURITY
LDR514 Security Strategic Planning, Policy, and Leadership | GSTRT
STRATEGY
CISSP® TRAINING LDR414 SANS Training Program for CISSP® Certification | GISP
SECURITY ROLE-BASED TRAINING FROM SANS SECURITY AWARENESS
SECURITY LDR521 Security Culture for Leaders
LDR433 Managing Human Risk | SSAP CULTURE
AWARENESS ICS Engineer Training
Operational Cybersecurity Executive
RISK ASSESSMENT LDR419 Performing a Cybersecurity Risk Assessment NERC CIP Compliance Training
VULNERABILITY
LDR516 Building and Leading Vulnerability Management Programs Help protect critical systems by reinforcing the behavior your engineers, system
MANAGEMENT
With an increasing number of talented technologists, organizations require operators and others who interact with operational technology environments require to
effective leaders to manage their teams and processes. Those leaders will not SOC LDR551 Building and Leading Security Operations Centers | GSOM prevent, identify and respond to cyber incidents
necessarily perform hands-on work, but they must know enough about the
underlying technologies and frameworks to help set strategy, develop appropriate CIS CONTROLS SEC566 Implementing and Auditing CIS Controls | GCCC
policies, interact with skilled practitioners, and measure outcomes. LEADERSHIP SPECIALIZATIONS
Management Specialization
CYBER RANGES
ROLE-BASED TRAINING FROM SANS SECURITY AWARENESS AUDIT & MONITOR AUD507 Auditing Systems, Applications, and the Cloud | GSNA
Practice for Focused Job Functions
EndUser Awareness Training CLOUD DESIGN &
CYBER DEFENSE Cyber Defense NetWars LDR520 Cloud Security for Leaders
IMPLEMENTATION
Engaging, modular, and multilingual end-user training focuses on the most pressing risk
and compliance topics to address employee security behaviors and develop a culture of DFIR NetWars PROJECT LDR525 Managing Cybersecurity Initiatives & Effective Communication
DIGITAL FORENSICS & INCIDENT RESPONSE
DFIR NetWars Continuous MANAGEMENT | GCPM
security across your organization.
INDUSTRIAL CONTROL SYSTEMS ICS NetWars INCIDENT
LDR553 Cyber Incident Management
POWER GENERATION AND DISTRIBUTION GRID NetWars RESPONSE
CYBER RANGES
These interactive hands-on learning exercises cover specific job roles
Every Security Professional at any Skill Level Should Practice
for in-depth practical application and assessment of cybersecurity ROLE-BASED TRAINING FROM SANS SECURITY AWARENESS
BootUp CTF subject matter to help advance your career in a specific field.
MULTI-SKILL Security Essentials for Business Leaders and Managers
Core NetWars
MULTI-DISCIPLINE
Core NetWars Continuous
Leadership-focused modules enable managers to efficiently build and sustain a secure
SANS Cyber Ranges provide interactive hands-on exercises that cover a digital environment crucial for business operations.
wide range of topics to solidify skills and create muscle memory.

ARTIFICIAL INTELLIGENCE
AI Security Essentials

ARTIFICIAL INTELLIGENCE AIS247: AI Security Essentials for Business Leaders v01-02_2024