Transcription
The most trusted source for information security training,certification, and researchCybersecurity Trainingand Certifications2018 Catalog90 Extraordinary SANScertified instructors200 Live events globally, plusmultiple online optionsCurriculaCyber DefenseDetection and MonitoringPenetration TestingIncident ResponseDigital ForensicsEthical HackingManagement, Audit, LegalSecure DevelopmentCyber Threat IntelligenceICS/SCADA Securitywww.sans.org SANS is the best information security trainingyou’ll find anywhere. World-class instructors,hands-on instruction, actionable informationyou can really use, and.NetWars!– Jeff Stebelton, Netjets, Inc.Vol. 2Summer/Fall/Winter
SANSInstituteThe most trusted source for information securitytraining, certification, and researchThe SANS Institute’s mission is to delivercutting-edge information security knowledgeand skills to companies, military organizations,and governments in order to protect peopleand assets.CUTTING-EDGE TRAININGMore than 65 unique courses are designed toalign with dominant security team roles, duties,and disciplines. The courses prepare students tomeet today’s threats and tomorrow’s challenges.The SANS curriculum spans Cyber Defense,Digital Forensics & Incident Response, ThreatHunting, Audit, Management, PenetrationTesting, Industrial Control Systems Security,Secure Software Development, and more. Eachcurriculum area offers a progression of coursesthat can take professionals from a subject’sfoundations right up to top-flight specialization.We constantly update and rewrite thesecourses to teach the most cutting-edge toolsand techniques that are proven to keepnetworks safe.Our training is designed to be practical. Studentsare immersed in hands-on lab exercisesdesigned for them to practice, hone, and perfectwhat they’ve learned.LEARN FROM EXPERTSEXPERIENCESANS courses are taught by an unmatchedfaculty of active security practitioners. Eachinstructor brings a wealth of real-worldexperience to every classroom – both live andonline. SANS instructors work for high-profileorganizations as red team leaders, CISOs,technical directors, and research fellows.Along with their respected technical credentials,SANS instructors are also expert teachers.Their passion for the topics they teach shinesthrough, making the SANS classroom dynamicand effective.WHY SANS IS THE BEST TRAINING ANDEDUCATIONAL INVESTMENTSANS immersion training is intensive andhands-on, and our courseware is unrivaled inthe industry.SANS instructors and course authors are leadingindustry experts and practitioners. Their realworld experience informs their teaching andtraining content. SANS training strengthens astudent’s ability to achieve a GIAC certification.SKILLS VALIDATIONGIAC exams and certifications ensure thatprofessionals have learned and can applythe real-world knowledge and skills taught inclass. More than 30 certifications align withSANS training and ensure mastery in critical,specialized InfoSec domains and job-specificroles. See www.giac.org for more information.SANS FORMATSMore than 200 live SANS training events happeneach year around the world. SANS training eventsprovide an ideal learning environment, as wellas opportunities to network with other securityprofessionals, SANS instructors, and staff.SANS training is also delivered online, withseveral convenient options to suit your learningstyle. All SANS online courses include at leastfour months of access to the course materialanytime and anywhere, enabling students torevisit and rewind content.THE SANS PROMISEAt the heart of everything we do is the SANSPromise: Students will be able to use the newskills they’ve learned as soon as they returnto work.HOW TO REGISTER FOR SANS TRAININGStudents can learn more and register online byvisiting www.sans.org
Table of Contents60FOR508 Advanced Digital Forensics, Incident Response, and62FOR572 Advanced Network Forensics and Analysis64FOR500 Windows Forensic Analysis66FOR518 Mac and iOS Forensic Analysis and Incident Response68FOR526 Memory Forensics In-Depth70FOR578 Cyber Threat Intelligence72FOR585 Advanced Smartphone Forensics74FOR610 Reverse-Engineering Malware:76MGT414 SANS Training Program for CISSP Certification78MGT514 IT Security Strategic Planning, Policy, and Leadership80MGT517 Managing Security Operations: Detection, Response,82MGT525 IT Project Management, Effective Communication,84AUD507 Auditing & Monitoring Networks, Perimeters, Introduction to Cyber Security85LEG523 Law of Data Security and Investigations pen-Source Intelligence Gathering (OSINT)Oand Analysis NEW!86DEV522 Defending Web Applications Security Essentials88DEV540 Secure DevOps and Cloud Application Security90DEV541 Secure Coding in Java/JEE:91DEV544 Secure Coding in .NET:92ICS410 ICS/SCADA Security Essentials94ICS515 ICS Active Defense and Incident Response96ICS456 Essentials for NERC Critical Infrastructure Protection98Additional Training Courses2SANS Faculty3SANS Training Formats4Securing Approval and Budget for Training5Build a High-Performing Security Organization6SANS Training Roadmap8GIAC Certifications9SANS Flagship Programs and Free Resources10SANS Security Awareness11SANS Technology Institute12SEC40114SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling16MGT512 SANS Security Leadership Essentials for18SEC566 Implementing and Auditing the Critical Security Controls20SEC503 Intrusion Detection In-Depth22SEC511 Continuous Monitoring and Security Operations24SEC30126SEC48727SEC530 Defensible Security Architecture NEW!28SEC50130SEC505 Securing Windows and PowerShell Automation32SEC506 Securing Linux/Unix34SEC545 Cloud Security Architecture and Operations36SEC555 SIEM with Tactical Analytics38SEC57940SEC599 Defeating Advanced Adversaries – Purple Team Tactics42SEC560 N etwork Penetration Testing and Ethical Hacking103 SANS Voucher Program44SEC542 W eb App Penetration Testing and Ethical Hacking104 SANS NetWars Experience46SEC460 E nterprise Threat and Vulnerability Assessment NEW!105 SANS Cybersecurity Summits48SEC573A utomating Information Security with Python50SEC575M obile Device Security and Ethical Hacking52SEC617W ireless Penetration Testing and Ethical Hacking54SEC642 A dvanced Web App Penetration Testing,56SEC660 A dvanced Penetration Testing, Exploit Writing, and Ethical58SEC760 A dvanced Exploit Development for Penetration TestersSecurity Essentials Bootcamp StyleManagers with Knowledge Compression – In-Depth Advanced Security Essentials – Enterprise Defender Virtualization and Software-Defined Securityand Kill Chain DefensesEthical Hacking, and Exploitation TechniquesHackingThreat HuntingMalware Analysis Tools and Techniquesand Intelligenceand PMP Exam Prepand SystemsDeveloping Defensible ApplicationsDeveloping Defensible Applications102 Hosted Courses“ SANS courses give you real-worldskills that have an immediate valueon the security environment.”– Eric Kaithula, Symetra1
SANS FacultyA revered faculty of cybersecurity specialists author andteach SANS courses, which is why so many professionalschoose SANS training again and again, year after year.Just over 90 individuals are currently qualified to hold thetitle SANS Certified Instructor. They are the founders ofinternational cybersecurity organizations, the authors oftop-selling information security books, developers of themost advanced cyber ranges and CTF challenges, and theyare called on to share their expertise with governmentand commercial organizations around the world regularly.Whether you will train with us live at an event or online,SANS guarantees that you will be able to apply what youlearn from our instructors and training as soon as youreturn to work.“ I have attended several SANS classesover the years and I am alwaysimpressed with the level of knowledgeand professionalism of the instructors.” Ron Foupht, Sirius Computer SolutionsMeet the SANS faculty:www.sans.org/instructors2
SANS Training FormatsAfter selecting your training path or course, compare SANS multiple live and online training formats for thestructure and schedule that works best for you. SANS is committed to ensuring your training experiencealways exceeds expectations.Live Classroom InstructionTraining EventsSummitsLive SANS training eventsfeature SANS top instructorsteaching multiple courses at asingle location. These eventsfeature:SANS Summits focus one or two days ona single topic of particular interest to thecommunity. Speakers and talks are curatedto ensure the greatest applicability toparticipants. Focused, immersive learningwithout the distractions of youroffice environmentClosely aligned SANS courses are offeredbefore or after each Summit to giveattendees a convenient way to enhance theirSummit experience with in-depth training. Direct access to SANS CertifiedInstructors Interactions with and learningfrom other professionals SANS@Night events, NetWars,vendor presentations, industryreceptions, and many otheractivitiesOur live training events in NorthAmerica, serving thousands ofstudents, are held in Orlando,Washington DC, Las Vegas,New Orleans, and San Diego.Regional events with hundredsof students are held in mostmajor metropolitan areasduring the year.Community SANS CoursesSame SANS courses, courseware, and labs,taught by up-and-coming instructors in aregional area. Smaller classes allow for moreextensive instructor interaction. No need totravel; commute each day to a nearby location.Private ClassesHave a SANS Certified Instructor train your staffprivately on site so that you can incorporateinsights, stories, and questions pertinentto your business objectives. Private trainingallows you to freely discuss sensitive issuesand spend additional time on topics relevant toyour organization.“The decision to take five days away from the office isnever easy, but so rarely have I come to the end of acourse and had no regret whatsoever. This was one ofthe most useful weeks of my professional life.”Online TrainingSANS Online Training delivers the same worldrenowned instructors, content, and learningresults as SANS live training options, withseveral unique and valuable benefits. Studentswho train online enjoy subject-matter-expertsupport throughout the course, online access toall course labs, and the ability to revisit contentwithout limits.No matter where you are or when you can train,SANS has courses that will fit around your life.Top Reasons to TakeSANS Training Online: Rewind your training, so you can reviewcomplex details or topics Revisit content to ensure you master keyconcepts Reinforce your learning with subject-matterexperts and labs Retain your knowledge of course content withfour or months of accessOur SANS OnDemand, vLive, Simulcast, andSelfStudy formats are backed by nearly 100professionals who ensure we deliver the samequality instruction online (including support) aswe do at live training events.“I love the material, I love theSANS Online delivery, and I want theentire industry to take these courses.”—Nick Sewell, IIT—Dan Trueman, Novae PLC3
Securing Approval andBudget for TrainingPackaging mattersWrite a formal request All organizations are different, but because training requires a significant investment of both time and money,most successful training requests are made via a written document (short memo and/or a few Powerpointslides) that justifies the need and benefit. Most managers will respect and value the effort. Provide all the necessary information in one place. In addition to your request, provide all the right context byincluding the summary pages on Why SANS?, the Training Roadmap, the instructor bio, and additional benefitsavailable at our live events or online.Clearly state the benefitsBe specific How does the course relate to the job you need to be doing? Are you establishing baseline skills? Transitioningto a more focused role? Decision-makers need to understand the plan and context for the decision. Highlight specifics of what you will be able to do afterwards. Each SANS course description includes a sectiontitled “You Will Be Able To.” Be sure to include this in your request so that you make the benefits clear. Theclearer the match between the training and what you need to do at work, the better.Set the contextEstablish longer-term expectations4 Information security is a specialized career path within IT with practices that evolve as attacks change. Becauseof this, organizations should expect to spend 6%-10% of salaries to keep professionals current and improvetheir skills. Training for such a dynamic field is an annual, per-person expense—not a once-and-done item. Take a GIAC Certification exam to prove the training worked. Employers value the validation of skills andknowledge that a GIAC Certification provides. Exams are psychometrically designed to establish competency forrelated job tasks. Consider offering trade-offs for the investment. Many professionals build annual training expenses intotheir employment agreements even before joining a company. Some offer to stay for a year after theycomplete the training.
Build a High-PerformingSecurity OrganizationFour job roles typically emerge as organizations grow in size, risk,and/or complexity: S ecurity Monitoring & Detection Professionals – The detection ofwhat is happening in your environment requires an increasinglysophisticated set of skills and capabilities. Vendor training alltoo often teaches to the tool, and not how or why the tool works,or how it can be best deployed. Identifying security anomaliesrequires increased depth of understanding to deploy detection andmonitoring tools and interpret their output.People & Skills f (Size of Organization, Value at Risk)Advanced Skills & Specialized Roles, including:Blue Team Operations Threat Hunting ICS-SCADA Secure DevelopmentActive Defense Mobile Malware Reverse Engineering Legal & AuditValue at RiskEvery professional entrusted with hands-on work should be trained topossess a common set of capabilities enabling them to secure systems,practice defense-in-depth, understand how attackers work, andmanage incidents when they occur. Set a high bar for the baseline setof skills in your security organization.Vulnerability Analysis& Pen TestingIncident Response & ForensicInvestigationsMonitoring & DetectionSecurity ManagersProfessionals with Baseline Defensive Security CapabilitiesSize of Organization P en Testers & Vulnerability Analysts – The professional who canfind weaknesses is often a different breed than one focused exclusively on building defenses. A basic tenet of red team/blue team deploymentsis that finding vulnerabilities requires a different way of thinking and different tools, but is essential for defense specialists to improve defenses. F orensic Investigators & Incident Responders – Whether you’re seeking to maintain a trail of evidence on host or network systems, or hunting forthreats using similar techniques, larger organizations need specialized professionals who can move beyond first-response incident handling inorder to analyze an attack and develop an appropriate remediation and recovery plan. Security Managers – With an increasing number of talented technologists, organizations require effective leaders to manage their teams andprocesses. Those managers will not necessarily perform hands-on work, but they must know enough about the underlying technologies andframeworks to help set strategy, develop appropriate policies, interact with skilled practitioners, and measure outcomes.Within (or beyond) these four areas, high-performing security organizations will develop individual professionals to either utilize advanced skillsgenerally, or to meet specialized needs. Along the entire spectrum, from Active Defense to Cloud Defense to Python for Pen Testers to Malware Reengineering, SANS offers more than 30 courses for specialized roles or more advanced topics, meeting the needs of nearly all security professionalsat every level.Practical strategies for building an information security group, based on our research andobservations globally:Use practical organizing principles to designyour plan and efforts. Nearly all of the morecomplex frameworks may be reduced to a fewsimpler constructs, such as “Build and MaintainDefenses – Monitor and Detect Intrusion –Proactively Self-Assess – Respond to Incidents.”Prioritize your efforts within these areas usingthe CIS Critical Controls as you mature yourown organization.Determine the number and type ofprofessionals you require to perform thehands-on work. Engage in a persistentcampaign to develop professionals withthe appropriate skills and capabilities.Cybersecurity is a specialized practice areawithin IT and demands specialized training.5
Training Roadmap Development PathsBaseline SkillsFocus Job Roles2You are experienced in security, preparing for a specialized jobrole or focusMonitoring & DetectionIntrusion Detection, Monitoring Over TimeScan Packets & Networkshttp://www.sans.org/SEC503SEC503SEC503 Intrusion DetectionIntrusion DetectionIn-Depth 1Monitoring &SEC511 Continuous Monitoringand http://www.sans.SecurityOperationsOperations https://GMONhttp://1You are experienced in technology, but need to learnhands-on, essential security skills and techniquesCore TechniquesPrevent, Defend, MaintainEvery Security Professional Should KnowSecurity Essentialshttp://www.sans.org/SEC401http://SEC401 Security Essentials SEC401BootcampStyle ans.org/SEC504Exploits,SEC504 Hacker Tools, Techniques,and IncidentHacker Techniqueshttp://Handling https://GCIHAll professionals entrustedwith hands-oncybersecurity work should be trainedto possess a common set of capabilities enabling them to secure systems, practicedefense-in-depth, understand how attackers work, and manage incidents when theyoccur. To be secure, you should set a high bar for the baseline set of skills in yoursecurity organization.The detection of what is happening in your environment requires an increasinglysophisticated set of skills and capabilities. Identifying security anomalies requiresincreased depth of understanding to deploy detection and monitoring tools and tointerpret their output.Penetration TestingVulnerability Analysis, Ethical HackingEvery Pen Tester Should Knowhttp://www.sans.org/SEC560http://SEC560SEC560 Network PenetrationTestingandNetworksEthical Hacking EC542SEC542 Web App PenetrationTestinghttp://www.sans.andWeb AppsEthical Hacking https://GWAPThttp://www.The professional who can find weakness is often a different breed than one focusedexclusively on building defenses. A basic tenet of red team/blue team deploymentsis that finding vulnerabilities requires a different way of thinking, and different tools,but is essential for defense specialists to improve their defenses.Incident Response & Threat HuntingHost & Network ForensicsEvery Forensics and IR Professional Should ww.sans.org/FOR508http://www.sans.EndpointFOR500 WindowsFOR508 AdvancedDigital /www.sans.org/FOR500http://www.sans.org/FOR508 http://www.sans.org/ForensicsForensic Analysis GCFEResponse,and Threat Hunting /www.sans.org/FOR500 https://FOR572FOR572 Advanced Network Forensics:Threat Hunting, Analysis, s.org/FOR572Incident Response GNFA https://Forensicshttp://www.sans.org/FOR572New to Cybersecurity1bSEC301 Introduction to Cyber Security https://GISFSEC301http://www.sans.org/SEC301 http://www.sans.org/You will be responsible for managing security teams orimplementations, but you do not require hands-on skillsSecurity ManagementManaging Technical Security OperationsEvery Security Manager Should MGT512EssentialsMGT512 SANS Security Leadershipfor Managers withLeadership EssentialsKnowledge Compression g/SEC566SEC566SEC566 Implementing andAuditing http://www.the Critical SecurityCritical ControlsControls – In-Depth https:// GCCChttp://www.With an increasing number of talented technologists, organizations require effectiveleaders to manage their teams and processes. Those managers will not necessarilyperform hands-on work, but they must know enough about the underlyingtechnologies and frameworks to help set strategy, develop appropriate policies,interact with skilled practitioners, and measure outcomes.6Whether you’re seeking to maintain a trail of evidence on host or network systems,or hunting for threats using similar techniques, larger organizations need specializedprofessionals who can move beyond first-response incident handling in order toanalyze an attack and develop an appropriate remediation and recovery plan.CISSP Traininghttps://MGT414MGT414 SANS TrainingProgram for CISSP Certification MGT414
Quick SummaryCourse CodeAdvanced GeneralistGIAC CertificationSEC501 Advanced Security Essentials – Enterprise Defender GCEDCourse TitleCrucial Skills, Specialized RolesSANS comprehensive course offerings enable professionals to deepen their technical skills in key practice areas. The courses also address other topics and audiences, suchas security training for software developers, industrial control engineers, and non-technical personnel in management, legal, and audit.3You are a candidate for specializedor advanced trainingCyber Defense Operations Harden Specific DefensesSpecialized Defensive Areahttp://www.sans.SEC501Advanced Generalist http://www.sans.org/SEC501SEC501 Advanced Security Essentials– Enterprise Defender loud SecuritySEC545 Cloud Security SEC545Architecture andOperationshttp://www.SEC505Windows/ Powershell http://www.sans.org/SEC505SEC505 Securing Windows andPowerShellAutomation https://GCWNSEC506 Linux/Unix https://Linux/ Unix Defense http://www.sans.org/SEC506 SecuringGCUXhttp://www.SEC579Virtualized Data Centers http://www.sans.org/SEC579SEC579 Virtualization andSoftware-Defined Securityhttp://www.sans.org/SEC555SIEMSEC555 SIEMSEC555with Tactical Analytics https://GCDAOther Advanced Defense Courseshttp://www.sans.org/SEC566SEC566 http://www.sans.org/SEC566 Implementing and Auditingthe Critical SecurityCritical Controlshttp://www.sans.org/SEC566 http://Controls – In-Depth https://GCCCwww.sans.org/SEC566 http://www.http://Security Architecture http://www.sans.org/SEC530SEC530 Defensible SEC530Security Architecturehttp://www.sans.org/SEC599SEC599 http://www.sans.org/SEC599 Defeating Advanced Adversaries– Purple Team TacticsThreat Defensehttp://www.sans.org/SEC599 http://and Kill Chain Defenses https://GDATwww.sans.org/SEC599 http://www.sans.Specialized Penetration TestingFocused Techniques & AreasIn-Depth Coveragehttp://www.sans.org/SEC460Vulnerability Assessment http://www.sans.org/SEC460SEC460 Enterprise Threat andVulnerabilityAssessmentNetworksWeb AppsMobileWirelessHands-On RangesPython g/SEC660SEC660 Advanced PenetrationSEC660Testing,Exploit Writing, and EthicalHacking ans.org/SEC760SEC760 Advanced ExploitDevelopmentfor Penetration Testershttp://www.sans.org/SEC642SEC642SEC642 Advanced WebApp Testing, http://www.sans.Ethical Hacking, andhttp://www.sans.org/SEC660 http://Exploitation TechniquesSEC575 Mobile Device Security and Ethical Hacking ans.org/SEC617SEC617SEC617 Wireless PenetrationTesting and Ethical Hacking https://GAWNhttp://www.sans.org/SEC562SEC562 CyberCity Hands-onSEC562Kinetic http://www.sans.Cyber Range ExerciseSEC573SecuritySEC573 Automating Informationwith Python ttp://www.sans.org/SEC642 http://www.sans.org/SEC642 g/SEC575 http://www.sans.org/SEC575Digital Forensics, Malware Analysis, & Threat IntelMalware AnalysisMalware AnalysisIndustrial Control SystemsICS Security Professionals ans.org/ICS410EssentialsICS410 ICS/SCADA SecurityEssentials GICSPICS Defense w.sans.org/ICS515http://ICS515 ICS Active DefenseandIncident Response GRIDResponseNERC Protectionhttp://www.sans.org/ICS456ICS456ICS456 Essentialsfor NERC CriticalNERC Securityhttp://www.sans.org/ICS456 otection t & Secure CodingEvery Developer Should DEV522DEV522http://www.Secure Web AppsDEV522 Defending WebApplicationsSecurityEssentials ans.org/DEV540http://www.sans.org/Secure DevOpsDEV540 Secure DevOpsandDEV540Cloud ApplicationSecurityLanguage-Specific rg/DEV541 Coding in Java/JEE: DevelopingDEV541 SecureDefensibleJAVA/JEEhttp://www.sans.org/DEV541 http://www.sans.Applications GSSP-JAVA /www.sans.org/DEV544http://DEV544 Coding in .NET: DevelopingDEV544 Secure.NEThttp://www.sans.org/DEV544 http://www.sans.https://DefensibleApplications alizedInvestigative SkillsFOR610FOR610 Reverse-EngineeringMalware: Malware AnalysisTools es GREMhttps://http://www.sans.org/Threat Intelligencehttp:// https://FOR578 IntelligenceCyber Threat Intelligencehttp://www.sans.org/FOR578FOR578 Cyber ThreatGCTIDigital Forensics & Media ans.FOR585SmartphonesFOR585 Advanced SmartphoneForensics https://GASFFOR526http://www.sans.org/FOR526Memory ForensicsFOR526 org/FOR518http://www.FOR518 AnalysisMac ForensicsFOR518 Mac ForensicAdvanced Management Advanced Leadership, Audit, LegalManagement SkillsPlanning, Policy,LeadershipManaging OperationsProject ManagementAudit & LegalAudit & MonitorLaw & InvestigationsMGT514 Security Strategic Planning, Policy, and Leadership https://GSTRThttp://www.sans.org/MGT514 sans.org/MGT517http://www.sans.org/MGT517MGT517 Managing SecurityOperations:Detection, Response,and Intelligencehttp://www.sans.org/MGT517 http://www.sans.org/MGT517 5 IT Project Management,Effective Communication,andPMP Exam Prephttps:// ans.AUD507 Auditing andMonitoringNetworks,Perimeters & Systems https://GSNALEG523 Law of Data Security and Investigations https://GLEGhttp://www.sans.org/AUD507 http://www.sans.org/AUD507 http://www.sans.http://www.sans.org/LEG523 http://www.sans.org/LEG523SANSRM 137201810347
GIACThe Highest Standard inCybersecurity CertificationJob-Specific, Specialized FocusToday’s cyber attacks are highly sophisticated and exploit specificvulnerabilities. Broad and general InfoSec certifications are no longerenough. Professionals need the specific skills and specialized knowledgerequired to meet multiple and varied threats. That’s why GIAC has morethan 30 certifications, each focused on specific job skills and eachrequiring unmatched and distinct knowledge.Deep, Real-World Knowledge“GIAC made the testingprocess much better thanother organizations. Thematerial is spot on with whatI do at work, daily.”– Jason Pfister, EWEB,GIAC Continuous Monitoring(GMON)Theoretical knowledge is the ultimate security risk. Deep, real-worldknowledge and hands-on skills are the only reliable means to reducesecurity risk. Nothing comes close to a GIAC certification to ensure thatthis level of real-world knowledge and skill has been mastered.Most Trusted Certification DesignThe design of a certification exam impacts the quality and integrity of acertification. GIAC exam content and question design are developedthrough a rigorous process led by GIAC’s on-staff psychometrician andreviewed by experts in each area. More than 78,000 certifications havebeen issued since 1999. GIAC certifications meet ANSI standards.“I think the exam was both fair and practical. These are the kind ofreal-world problems I expect to see in the field.”8– Carl Hallberg, Wells Fargo, GIAC Reverse Engineering Malware (GREM)GIAC.ORG
SANS Flagship Programs andFree ResourcesGIAC CertificationsSANS courses are the ideal preparation for a GIAC Certification,the highest standard in cybersecurity certification. Morethan 30 GIAC Certifications allow you to demonstrate yourunique expertise in specialized areas of cybersecurity. Noother certification program in the world comes close to GIACin validating real-world knowledge and skill, due largely tothe extensive exam preparation process and team of expertcontributors.www.giac.orgSANS Technology Institute - Graduate Degreesand CertificatesThe graduate programs of the SANS Technology Institute arebuilt upon proven SANS courses and certifications. Studentscan earn graduate degrees in Information Security Engineeringor Information Security Management, or graduate certificatesin Cybersecurity Engineering (Core), Cyber Defense Operations,Penetration Testing and Ethical Hacking, or Incident Response.www.sans.eduSANS CyberTalentSANS Security AwarenessSANS CyberTalent provides innovative workforcedevelopment and talent management solutions for thecybersecurity industry. Our web-based assessm
70 FOR578 Cyber Threat Intelligence 72 FOR585 Advanced Smartphone Forensics 74 FOR610 Reverse-Engineering Malware: Malware Analysis Tools and Techniques 76 MGT414 SANS Training Program for CISSP Certification 78 MGT514 IT Security Strategic Planning, Policy, and Leadership 80 MGT517 Managing S
