Career Development for Security Awareness, Behavior, and Culture Professionals

Organizations and security leaders are acting on the fact that cybersecurity is no longer just a technical challenge, but a human challenge as well.

Security teams around the world are looking for trained professionals specializing in the human side of cybersecurity. If you are looking to get involved in this field or are already involved but want to develop your skills, career, and compensation, SANS Institute offers these key courses to help you.

Where to Start:

If you are new to the world of information security and/or security awareness, the very first class you will want to start with is:

• LDR433: Human Risk Management: This three-day class lays the foundation of risk management, changing organization behavior, and ultimately, managing and measuring human risk. Course content is based on lessons learned from hundreds of security awareness programs from around the world. In addition, you will learn not only from your instructor, but from extensive interaction with your peers as well as your access to the course Digital Download Package of resources. Finally, through a series of eight team labs and exercises, you will develop your own custom plan that you can implement as soon as you return to your organization. You also have the option to test for the SANS Security Awareness Professional (SSAP) certification, the industry’s most recognized credential demonstrating expertise in managing human risk.

What's Next:

If you do not have a strong security background you may want to consider one of these two classes. Understanding security frameworks, models, and controls will not only help you better understand the risks and the behaviors that manage those risks, but enable you to more effectively partner with your security team and leadership. There are two different five-day courses to consider at this stage in your career. Each has their advantages, depending on what you hope to achieve.

• LDR512: Security Leadership Essentials For Managers: This course empowers you to become an effective security manager and get up to speed quickly on information security concepts and terminology. You don't just learn about security, but you also learn how to manage security. This class does not do a deep technical dive into how different security technologies work, but instead covers a wide range of security topics across the entire security stack. Areas covered include common security frameworks, security policies and governance, cloud, security operations center, network architecture, detection and response, vulnerability management, and DevSecOps. In addition, this course is one of the three courses required for earning the Transformational Cybersecurity Leader Triad. If you are looking for an overview of cybersecurity, but from a management perspective, this is the course for you.

• SEC301: Introduction to Cybersecurity: This introductory five-day course takes a technical, hands-on approach for those new to cybersecurity. It covers everything from core terminology to the basics of computer function & networks, security policies, password usage, cryptographic principles, network attacks & malware, wireless security, firewalls and many other security technologies, web and browser security, backups, virtual machines, and cloud computing. All topics are covered at an introductory level. The hands-on, step-by-step teaching approach enables you to grasp all the information presented, even if some of the topics are new to you. You'll learn real-world cybersecurity fundamentals to serve as the foundation of your career skills and knowledge for years to come. In addition, this course offers numerous, hands-on technical labs ensuring you apply what you are learning.

Not sure which one of these two courses to take? If you are looking for more of a high-level or management perspective to the world of information security, I recommend LDR512. If you want a more hands-on, technical introduction to the tools and technology of cybersecurity, then I recommend SEC301.  If you already have some technical background but want to develop them then you may want to consider SANS SEC401 or SEC501.

Intermediate Level:

Once you have 2-4 years of experience and feel confident in the concepts of both cybersecurity and organizational behavior, here are some additional courses we recommended:

• LDR521:Security Culture for Leaders: Cybersecurity is no longer just about technology; it is about people and ultimately culture. This five-day course teaches leaders how to leverage the principles of organizational change, enabling them to develop, maintain, and measure a strong security culture. Through hands-on, real-world instruction and a series of interactive labs and exercises, you will quickly learn how to embed cybersecurity into your organizational culture. In addition, on the last day students compete as teams to see who can build the strongest security culture through an online simulation. Finally, this course is one of the three courses required for earning the Transformational Cybersecurity Leader Triad.
• LDR553: Cyber Incident Management: This five-day course walks leaders through how to prepare for and effectively manage an incident. One of the key skills for any organization to successfully manage an incident is their ability to communicate, both internally to the organization but also externally to regulators, government, customers, and the public in general. This is a perfect course for people with strong communication skills who specialize in the field of human security. 
• SEC504: Hacker Tools, Techniques and Incident Handling: This six-day course gives you insights and expertise into how cyber threat actors operate, including the tools they use, the techniques that give them access, and the ways you can detect and respond to these attacks. If you want to be introduced into the world of today’s cyber attackers from a technical, hands-on perspective, this is the class for you.

Advanced Level

Once you have 5-7 years of experience and want to truly develop your security leadership skills, consider this course. This will walk you through the strategic planning process and challenges today’s CISOs face. Many people consider this the “CISO Course”, helping develop new and experienced Chief Information Security Officers to become better security leaders and effective business communicators. By better understanding CISO challenges, priorities and concerns, you can more effectively collaborate with senior leadership and communicate in their terms and language.

• LDR514: Security Strategic Planning, Policy, and Leadership: This course gives you tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, create an effective information security policy, and develop management and leadership skills to better lead, inspire, and motivate your teams. In addition, this course is one of the three courses required for the Transformational Cybersecurity Leader Triad.

SANS has almost a hundred additional courses to choose from, so if you feel that a class is missing or you would like to develop a different skill, be sure to check out the SANS course roadmap. Cybersecurity is an amazing career to be part of, the more skills you develop in this field the more opportunities (and options) you will have.