SANS Training Roadmap Essentials ICS410 ICS/SCADA Security Essentials | GICSP

Baseline Skills Focused Job Roles Specific Skills, Specialized Roles

NEW TO CYBERSECURITY | COMPUTERS, TECHNOLOGY, AND SECURITY DESIGN, DETECTION, AND DEFENSIVE CONTROLS ADVANCED CYBER DEFENSE | HARDEN SPECIFIC DEFENSES
COMPUTER & IT Focused Cyber Defense Skills Platform-Focused
SEC275 Foundations: Computers, Technology & Security | GFACT
FUNDAMENTALS
ADVANCED WINDOWS/
SEC501 Advanced Security Essentials – Enterprise Defender | GCED SEC505 Securing Windows and PowerShell Automation | GCWN
CYBERSECURITY GENERALIST POWERSHELL
SEC301 Introduction to Cyber Security | GISF
FUNDAMENTALS
MONITORING Topic-Focused
SEC511 Continuous Monitoring and Security Operations | GMON
These entry-level courses cover a wide spectrum of security topics and are liberally & OPERATIONS
TRAFFIC ANALYSIS SEC503 Network Monitoring and Threat Detection In-Depth | GCIA
sprinkled with real-life examples. A balanced mix of technical and managerial SECURITY SEC530 D
 efensible Security Architecture and Engineering: Implementing
issues makes these course appealing to attendees who need to understand the ARCHITECTURE Zero Trust for the Hybrid Enterprise | GDSA SIEM SEC555 SIEM with Tactical Analytics | GCDA
salient facets of information security basics and the basics of risk management.
The detection of what is happening in your environment requires an increasingly POWERSHELL SEC586 Blue Team Operations: Defensive PowerShell
sophisticated set of skills and capabilities. Identifying security anomalies requires PYTHON CODING SEC573 Automating Information Security with Python | GPYC
increased depth of understanding to deploy detection and monitoring tools and to
interpret their output. SEC595 Applied Data Science and Machine Learning
DATA SCIENCE
for Cybersecurity Professionals

Open-Source Intelligence Open-Source Intelligence

OSINT SEC497 Practical Open-Source Intelligence (OSINT) | GOSI OSINT SEC587 Advanced Open-Source Intelligence (OSINT) Gathering & Analysis

CORE TECHNIQUES | PREVENT, DEFEND, MAINTAIN OFFENSIVE OPERATIONS | VULNERABILITY ANALYSIS, PENETRATION TESTING SPECIALIZED OFFENSIVE OPERATIONS | FOCUSED TECHNIQUES & AREAS
Every Security Professional Should Know Every Offensive Professional Should Know Network, Web & Cloud
SECURITY NETWORK SEC660 Advanced Penetration Testing, Exploit Writing,
SEC401 Security Essentials: Network, Endpoint, and Cloud | GSEC SEC560 Enterprise Penetration Testing | GPEN
ESSENTIALS PEN TESTING and Ethical Hacking | GXPN
EXPLOIT DEVELOPMENT
SEC661 ARM Exploit Development
Whether you are new to information security or a seasoned practitioner with a WEB APPS SEC542 Web App Penetration Testing and Ethical Hacking | GWAPT SEC760 Advanced Exploit Development for Penetration Testers
specialized focus, SEC401 will provide the essential information security skills and VULNERABILITY
SEC460 Enterprise and Cloud | Threat and Vulnerability Assessment | GEVA CLOUD PEN TEST SEC588 Cloud Penetration Testing | GCPN
techniques you need to protect and secure your critical information and technology ASSESSMENT
assets, whether on-premise or in the cloud. Specialized Penetration Testing
The professional who can find weakness is often a different breed than one focused
BLUE TEAM SEC450 Blue Team Fundamentals: Security Operations and Analysis | GSOC exclusively on building defenses. A basic tenet of red team/blue team deployments SOCIAL ENGINEERING SEC467 Social Engineering for Security Professionals
ATTACKER is that finding vulnerabilities requires different ways of thinking and different tools. ACTIVE DEFENSE SEC550 Cyber Deception – Attack Detection, Disruption & Active Defense
SEC504 Hacker Tools, Techniques, and Incident Handling | GCIH
TECHNIQUES Offensive skills are essential for cybersecurity professionals to improve their defenses.
BLOCKCHAIN SEC554 Blockchain and Smart Contract Security
All professionals entrusted with hands-on cybersecurity work should be trained to SEC565 Red Team Operations and Adversary Emulation
RED TEAM
possess a common set of capabilities enabling them to secure systems, practice defense in SEC670 Red Team Operations – Developing Custom Tools for Windows
depth, understand how attacks work, and manage incidents when they occur. To be secure, MOBILE SEC575 Mobile Device Security and Ethical Hacking | GMOB
you should set a high bar for the baseline set of skills in your security organization.
PEN TEST SEC580 Metasploit for Enterprise Penetration Testing
SEC556 IoT Penetration Testing
WIRELESS
SEC617 Wireless Penetration Testing and Ethical Hacking | GAWN
Purple Team
SEC598 Security Automation for Offense, Defense, and Cloud
SEC599 Defeating Advanced Adversaries –
ADVERSARY EMULATION Purple Team Tactics and Kill Chain Defenses | GDAT
SEC699 Purple Team Tactics – Adversary Emulation
for Breach Prevention & Detection

FORENSICS ESSENTIALS
Every Forensics and IR Professional Should Know
FORENSICS ESSENTIALS
BATTLEFIELD FORENSICS
& DATA ACQUISITION
INCIDENT RESPONSE & THREAT HUNTING | HOST & NETWORK FORENSICS DIGITAL FORENSICS, MALWARE ANALYSIS,
& THREAT INTELLIGENCE | SPECIALIZED INVESTIGATIVE SKILLS
Every Forensics and IR Professional Should Know
Specialization
FOR500 Windows Forensic Analysis | GCFE
FOR308 Digital Forensics Essentials
FOR508 A dvanced Incident Response, Threat Hunting, CLOUD FORENSICS FOR509 Enterprise Cloud Forensics & Incident Response | GCFR
ENDPOINT
and Digital Forensics | GCFA
FORENSICS RANSOMWARE FOR528 Ransomware for Incident Responders
FOR498 Battlefield Forensics & Data Acquisition | GBFA FOR532 Enterprise Memory Forensics In-Depth
FOR608 Enterprise-Class Incident Response & Threat Hunting
FOR610 Reverse-Engineering Malware:
NETWORK FOR572 A dvanced Network Forensics: Threat Hunting, MALWARE ANALYSIS Malware Analysis Tools and Techniques | GREM
FORENSICS Analysis, and Incident Response | GNFA FOR710 Reverse-Engineering Malware: Advanced Code Analysis

Whether you’re seeking to maintain a trail of evidence on host or network systems, Threat Intelligence
or hunting for threats using similar techniques, larger organizations need specialized FOR578 Cyber Threat Intelligence | GCTI
professionals who can move beyond first-response incident handling in order to CYBER THREAT INTELLIGENCE
FOR589 Cybercrime Intelligence
analyze an attack and develop an appropriate remediation and recovery plan.
Digital Forensics & Media Exploitation
SMARTPHONES FOR585 Smartphone Forensic Analysis In-Depth | GASF
INDUSTRIAL CONTROL SYSTEMS SECURITY INDUSTRIAL CONTROL SYSTEMS SECURITY
FOR518 Mac and iOS Forensic Analysis and
Every ICS Security Professional Should Know Every ICS Security Professional Should Know MAC FORENSICS
Incident Response | GIME
ESSENTIALS ICS410 ICS/SCADA Security Essentials | GICSP ICS DEFENSE
ICS515 ICS Visibility, Detection, and Response | GRID
& RESPONSE
ICS ADVANCED
ICS612 ICS Cybersecurity In-Depth
SECURITY
INDUSTRIAL CONTROL SYSTEMS SECURITY
NERC Protection SPECIALIZATION IN CLOUD SECURITY
Every ICS Security Manager Should Know
NERC SECURITY Specialization for Advanced Skills & Roles
ICS456 Essentials for NERC Critical Infrastructure Protection | GCIP
ESSENTIALS ICS418 ICS Security Essentials for Managers ESSENTIALS
APPLICATION SEC522 Application Security: Securing Web Apps, APIs, and Microservices
SECURITY GWEB
CLOUD SECURITY ESSENTIALS CORE CLOUD SECURITY COMPLIANCE SEC557 Cloud Security Continuous Compliance
Every Cloud Security Professional Should Know Preparation for More Focused Job Functions CLOUD PEN TEST SEC588 Cloud Penetration Testing | GCPN
ESSENTIALS SEC488 Cloud Security Essentials | GCLD PUBLIC CLOUD SEC510 Public Cloud Security: AWS, Azure, and GCP | GPCS CLOUD FORENSICS FOR509 Enterprise Cloud Forensics and Incident Response | GCFR
If you are new to cybersecurity or looking to up-skill, cloud security AUTOMATION
SEC540 Cloud Security and DevSecOps Automation | GCSA
Learning how to convert traditional cybersecurity skills into the nuances of cloud
essentials is a requirement for today’s organizations. These courses & DEVSECOPS security is a necessity for proper monitoring, detection, testing, and defense.
provide the basic knowledge required to introduce students to the cloud MONITORING SEC541 C loud Security Attacker Techniques, Monitoring & Threat Detection
security industry, as well as in-depth, hands-on practice in labs. & DETECTION GCTD
CLOUD CYBERSECURITY LEADERSHIP AND GOVERNANCE
ARCHITECTURE SEC549 E nterprise Cloud Security Architecture
CLOUD FUNDAMENTALS Every Cloud Security Leader Should Know

Built for professionals who need to be conversant in basic cloud security concepts, VULNERABILITY
MGT516 Building and Leading Vulnerability Management Programs
MANAGEMENT
principles, and terms, but who don’t need “deep in the weeds” detail.
DESIGN &
INTRODUCTION SEC388 Intro to Cloud Computing and Security MGT520 Leading Cloud Security Design and Implementation
IMPLEMENTATION

FOUNDATIONAL LEADERSHIP CORE LEADERSHIP LEADERSHIP SPECIALIZATIONS

Every Cybersecurity Manager Should Know Transformational Cybersecurity Leader Cloud Cybersecurity Leadership
CISSP® TRAINING MGT414 SANS Training Program for CISSP® Certification | GISP TECHNOLOGY VULNERABILITY
MGT512 Security Leadership Essentials for Managers | GSLC MGT516 Building and Leading Vulnerability Management Programs
LEADERSHIP MANAGEMENT
RISK
MGT415 A Practical Introduction to Cyber Security Risk Management
MANAGEMENT SECURITY DESIGN &
MGT514 Security Strategic Planning, Policy, and Leadership | GSTRT MGT520 Leading Cloud Security Design and Implementation
STRATEGY IMPLEMENTATION
SECURITY
MGT433 Managing Human Risk | SSAP
AWARENESS SECURITY CULTURE MGT521 Leading Cybersecurity Change: Building a Security-Based Culture Management Specialization
CIS Controls SEC440 CIS Critical Controls: A Practical Introduction Operational Cybersecurity Executive AUDIT & MONITOR AUD507 Auditing and Monitoring Networks, Perimeters & Systems | GSNA
With an increasing number of talented technologists, organizations require VULNERABILITY
MGT516 Building and Leading Vulnerability Management Programs
LAW &
LEG523 Law of Data Security and Investigations | GLEG
effective leaders to manage their teams and processes. Those leaders will not MANAGEMENT INVESTIGATIONS
necessarily perform hands-on work, but they must know enough about the SOC MGT551 Building and Leading Security Operations Centers | GSOM PROJECT MGT525 M
 anaging Cybersecurity Initiatives & Effective Communication
underlying technologies and frameworks to help set strategy, develop appropriate MANAGEMENT GCPM
policies, interact with skilled practitioners, and measure outcomes. FRAMEWORKS
SEC566 Implementing and Auditing Security Frameworks & Controls | GCCC
& CONTROLS INCIDENT
MGT553 Cyber Incident Management
RESPONSE

CYBER RANGES CYBER RANGES

CTF & TRIVIA Bootup CTF CYBER DEFENSE Netwars Cyber Defense
SKILLS DIGITAL FORENSICS & INCIDENT RESPONSE Netwars DFIR
ASSESSMENT
Netwars Core INDUSTRIAL CONTROL SYSTEMS Netwars ICS
& PRACTICAL
APPLICATION
POWER GENERATION AND DISTRIBUTION Netwars GRID
These cyber range offerings cover the broadest range of topics BUSINESS LEADERSHIP & MANAGEMENT Cyber42
and are meant for all infosec professionals at all levels.
SANS offers specialized versions of Netwars for more specific job roles. These
cyber ranges dive deeper into the respective topics and help advance your career
with situation-based challenges and scenarios rooted in real-life events.

v01-23_2023