Cybersecurity Training Roadmap Crucial Skills, Specialized Roles

You are a candidate for advanced or specialized training

SANS’ comprehensive course offerings enable
Cyber Defense Operations Harden Specific Defenses Industrial Contol Systems
professionals to deepen their skills at every Specialized Defensive Area Every ICS Security Professional Should Know
stage of their cybersecurity career. Blue Team SEC450 Blue Team Fundamentals: Security Operations and Analysis Essentials ICS410 ICS/SCADA Security Essentials | GICSP
Focus Job Roles OSINT SEC487 Open-Source Intelligence (OSINT) Gathering & Analysis | GOSI ICS Defense &
ICS515 ICS Active Defense and Incident Response | GRID
COURSE LISTING KEY: Advanced Generalist SEC501 Advanced Security Essentials – Enterprise Defender | GCED Response
ICS Advanced
Topic Course Code GIAC Certification You are experienced in security, preparing Windows/Powershell SEC505 Securing Windows and PowerShell Automation | GCWN Security
ICS612 ICS Cybersecurity In-Depth
for a specialized job role or focus Linux/Unix Defense SEC506 Securing Linux/Unix | GCUX NERC Protection
Essentials ICS410 ICS/SCADA Security Essentials | GICSP Monitoring & Detection Intrusion Detection & Monitoring Over Time SIEM SEC555 SIEM with Tactical Analytics | GCDA NERC Security ICS456 Essentials for NERC Critical
Other Advanced Defense Courses Essentials Infrastructure Protection | GCIP
Scan Packets & Networks
Course Title Security Architecture SEC530 Defensible Security Architecture and Engineering | GDSA
Intrusion
SEC503 Intrusion Detection In-Depth | GCIA Cloud Security
Detection SEC599 Defeating Advanced Adversaries – Purple Team Tactics
Adversary Emulation
Monitoring & SEC511 Continuous Monitoring and and Kill Chain Defenses | GDAT Every Cloud Security Ops Person Should Know
Operations Security Operations | GMON
Baseline Skills The detection of what is happening in your environment requires an
Essentials SEC488 Cloud Security Essentials

Specialized Penetration Testing SEC522 Defending Web Applications

increasingly sophisticated set of skills and capabilities. Identifying Focused Techniques & Areas Secure Web Apps
Security Essentials | GWEB
New to Cyber Security Concepts, Terms & Skills security anomalies requires increased depth of understanding to In-Depth Coverage
Secure DevOps SEC540 Cloud Security and DevOps Automation | GCSA
deploy detection and monitoring tools and to interpret their output. SEC460 Enterprise and Cloud |
Cyber Security Vulnerability Assessment Cloud Security SEC545 Cloud Security Architecture and Operations
SEC301 Introduction to Cyber Security | GISF Threat and Vulnerability Assessment | GEVA
Fundamentals
SEC660 Advanced Penetration Testing, Exploit Writing, Cloud Pen Test SEC588 Cloud Penetration Testing
Networks and Ethical Hacking | GXPN
SEC760 Advanced Exploit Development for Penetration Testers
You are experienced in technology, but need Penetration Testing Vulnerability Analysis & Ethical Hacking Web Apps
SEC642 Advanced Web App Testing, Ethical Hacking, and
Exploitation Techniques
to learn hands-on, essential security skills Every Pen Tester Should Know
Mobile SEC575 Mobile Device Security and Ethical Hacking | GMOB
and techniques Networks
SEC560 Network Penetration Testing and Ethical Hacking |
Cloud SEC588 Cloud Penetration Testing

65+
GPEN
SEC542 Web App Penetration Testing and Ethical Hacking | Wireless SEC617 Wireless Penetration Testing and Ethical Hacking | GAWN
Core Techniques Prevent, Defend & Maintain Web Apps
GWAPT
Python Coding SEC573 Automating Information Security with Python | GPYC
Every Security Professional Should Know The professional who can find weakness is often a different breed hands-on
SEC699 Purple Team Tactics - Adversary Emulation for
Security than one focused exclusively on building defenses. A basic tenet of red Adversary Emulation
Breach Prevention & Detection courses
SEC401 Security Essentials Bootcamp Style | GSEC
Essentials team/blue team deployments is that finding vulnerabilities requires
Hacker SEC504 Hacker Tools, Techniques, Exploits, different ways of thinking and different tools. Penetration testing skills
Techniques and Incident Handling | GCIH are essential for defense specialists to improve their defenses. Digital Forensics, Malware Analysis & Threat Intel Specialized Investigative Skills
All professionals entrusted with hands-on cybersecurity work should Essentials
be trained to possess a common set of capabilities enabling them to
secure systems, practice defense in depth, understand how attacks DFIR Essentials FOR308 Digital Forensics Essentials
work, and manage incidents when they occur. To be secure, you should Malware Analysis
set a high bar for the baseline set of skills in your security organization. FOR610 Reverse-Engineering Malware: Malware Analysis
Incident Response & Threat Hunting Host & Network Forensics Malware Analysis
Tools and Techniques | GREM
Every Forensics and IR Professional Should Know
Threat Intelligence
FOR500 Windows Forensic Analysis | GCFE
Endpoint Cyber Threat Intelligence FOR578 Cyber Threat Intelligence | GCTI
FOR508 Advanced Incident Response, Threat Hunting,
Forensics

35+
and Digital Forensics | GCFA Digital Forensics & Media Exploitation
Network FOR572 Advanced Network Forensics: Threat Hunting,
Forensics Analysis, and Incident Response | GNFA Battlefield Forensics To learn more
FOR498 Battlefield Forensics & Data Acquisition | GBFA
& Data Acquisition about additional
Whether you’re seeking to maintain a trail of evidence on host or certifications
Smartphone Analysis FOR585 Smartphone Forensic Analysis In-Depth | GASF SANS courses, go to:
network systems, or hunting for threats using similar techniques, larger
Security Management Managing Technical Security Operations organizations need specialized professionals who can move beyond Memory Forensics FOR526 Advanced Memory Forensics & Threat Detection sans.org/courses
Every Security Manager Should Know first-response incident handling in order to analyze an attack and Mac Forensics FOR518 Mac and iOS Forensic Analysis and Incident Response
Leadership develop an appropriate remediation and recovery plan.
MGT512 Security Leadership Essentials for Managers | GSLC See in-depth course
Essentials
Critical SEC566 Implementing and Auditing the Critical Security Advanced Management Advanced Leadership, Audit & Legal descriptions and the digital
Controls Controls – In-Depth | GCCC Management Skills version of this roadmap at:
sans.org/roadmap
With an increasing number of talented technologists, organizations Planning, Policy, Leadership MGT514 Security Strategic Planning, Policy, and Leadership | GSTRT
require effective leaders to manage their teams and processes. Those Managing Vulnerabilities MGT516 Managing Security Vulnerabilities: Enterprise and Cloud
managers will not necessarily perform hands-on work, but they must
CISSP® MGT525 IT Project Management, Effective Communication, and
know enough about the underlying technologies and frameworks to MGT414 SANS Training Program for CISSP® Certification | GISP Project Management
Training PMP® Exam Prep | GCPM
help set strategy, develop appropriate policies, interact with skilled
Audit & Legal
practitioners, and measure outcomes.
AUD507 Auditing and Monitoring Networks,
Audit & Monitor
Perimeters & Systems | GSNA
Law & Investigations LEG523 Law of Data Security and Investigations | GLEG