Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

The Practical Roadmap for Strengthening Security Awareness Programs

Lance shares the ultimate guide for security awareness program success in 2025.

Authored byLance Spitzner
Lance Spitzner

The Shift from Technology to People

Over the past twenty-five years, the security industry has undergone significant changes. When I first started in the 1990s, cybersecurity was primarily focused on technology—using technical controls to manage risks. As we became more adept at leveraging technology, cyber attackers adapted, shifting their focus from targeting systems to targeting people. It became clear that we, as a community, needed to also address the human side of security, yet there was no clear structure or strategy for managing human risk.

The Genesis of the Security Awareness Maturity Model®

Fifteen years ago, a community of over 200 security professionals came together to develop a solution—the Security Awareness Maturity Model®. This model was designed to help organizations effectively manage human risk. We purposely kept it simple, making it easy to use and communicate, especially to leadership.

https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt475a06e13308f7f3/679a7bd517131cf162b21f14/sa-mm-ebook001.jpg

A Practical Roadmap That Evolves with Organizations

The model serves as a strategic roadmap, guiding organizations through the stages of their awareness programs. It helps you assess where your program stands today, define where you want it to go, and take actionable steps to get there. Each of the five stages is clearly defined, outlining key focus areas, measurements, and the path to advancing to the next stage.

Built on over fifteen years of experience, the model is designed to work within the practical, real-world constraints. What makes it unique is its continual evolution. Every year, we update it based on insights from both the community and the SANS Security Awareness Report, which gathers data from thousands of awareness professionals around the world.

We hope this model not only helps you grow and strengthen your awareness program but also supports your professional development.

Download the SANS Security Awareness Maturity Model® eBook today and take the first step toward securing your organization’s greatest asset: it’s people.

Meet the expert

Lance Spitzner
Lance Spitzner

Lance Spitzner

Senior Instructor

Lance revolutionized cyber defense by founding the Honeynet Project. Over the past 25 years, he has helped 350+ organizations worldwide build resilient security cultures, transforming human risk management into a cornerstone of modern cybersecurity.

Read more about Lance Spitzner
The Practical Roadmap for Strengthening Security Awareness Programs | SANS Institute