Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

LDR433: Managing Human Risk

LDR433Cybersecurity Leadership
  • 3 Days (Instructor-Led)
  • 18 Hours (Self-Paced)
Course created by:
Lance Spitzner
Lance Spitzner
Register NowCourse Preview
LDR433: Managing Human Risk
Course created by:
Lance Spitzner
Lance Spitzner
Register NowCourse Preview
  • SANS Security Awareness Professional (SSAP)

    Learn about certification

  • 18 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • Intermediate Skill Level

    Course material is geared for cyber security professionals with hands-on experience

Jump to:

This intensive three-day course prepares you to build a mature awareness program, providing you with the roadmap, skills, and lessons learned on how to effectively manage and measure your human risk.

Featured Quote

I think the course is really engaging and works at two levels: 1. Provides someone starting out with a solid foundational knowledge 2. Allows an existing program to benchmark and get new ideas, to supplement the existing work.
Brian WrightStudent Loans Company Unlimited

Course Overview

Cybersecurity has evolved beyond technical challenges to include the human element. LDR433 provides security professionals with a structured roadmap to build, manage, and measure human risk by changing and securing their workforce's behaviors. The course offers a step-by-step strategy for engaging and securing your workforce, including seven interactive team labs and a Digital Download Package. Students will learn how to assess and prioritize top human risks and the behaviors that manage those risks, how to engage and train their workforce, how to build a strong security culture, and how to measure the impact of these changes. This is the only SANS short course that provides the industry-recognized SANS Security Awareness Professional (SSAP) credential. The course content draws from lessons learned across hundreds of global programs, offering both instructor guidance and extensive peer interaction.

What You'll Learn

  • Benchmark and advance your program's maturity level
  • Identify and prioritize human risks effectively
  • Understand sciences behind adult learning theory, cognitive biases, and behavioral economics
  • Gain strategies to engage and change security behaviors
  • Employ techniques to build and embed strong security culture
  • Implement approaches to measure and communicate your program's value

Business Takeaways

  • Align security awareness with strategic security priorities
  • Identify and manage your organization's top human risks
  • Integrate awareness with broader risk management efforts
  • Build sustainable programs that foster a strong security culture
  • Demonstrate program value to leadership in business terms
  • Implement effective learning and behavioral change models
  • Leverage AI to maximize program impact and efficiency

Meet Your Author

Lance Spitzner
Lance Spitzner

Lance Spitzner

Senior Instructor

Lance revolutionized cyber defense by founding the Honeynet Project. Over the past 25 years, he has helped 350+ organizations worldwide build resilient security cultures, transforming human risk management into a cornerstone of modern cybersecurity.

Read more about Lance Spitzner

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in LDR433: Managing Human Risk. .

Section 1Fundamentals and Identifying / Prioritizing Human Risk

Section 1 covers the fundamentals of human risk management, beginning with benchmarking your program's maturity and providing a roadmap for improvement. It addresses critical foundations including leadership support, program charter, and strategic partnerships, then covers risk management principles and how to identify and prioritize your top human risks.

Topics covered

  • Security Awareness Maturity Model stages
  • Risk management fundamentals
  • Cyber Threat Intelligence and attacker methods
  • Gaining leadership support and developing strategic partnerships
  • Human risk assessments and prioritization, and role-based risks

Labs

  • Benchmark program maturity against peers
  • Develop key organizational partnerships
  • Identify and prioritize top human risks

Section 2Identifying and Changing Behavior

Section 2 explores Artificial Intelligence to increase program impact, identifying learning objectives in key behaviors that manage top human risks. It covers organizationlevel behavior change, engagement fundamentals and motivation, and how to adapt your program across demographics, cultures, and regions, concluding with training methods and modalities.

Topics covered

  • Leveraging AI to accelerate program impact
  • Learning objectives and risk management
  • Behavior identification and prioritization
  • Engagement strategies using marketing models
  • Training approaches using ADDIE framework

Labs

  • Identify and prioritize key security behaviors
  • Apply the AIDA Model to promote MFA adoption

Section 3Security Culture and Measuring Change

Section 3 focuses on organizational culture, security culture and embedding security in your organization's overall culture. It covers metrics collection, starting with strategic applications, then exploring how to measure behavior and culture change. Students will learn to communicate program value to leadership and create an actionable implementation plan.

Topics covered

  • Career development for awareness professionals
  • Defining and aligning with organizational culture
  • Security culture indicators and development
  • Incentive programs for sustainable behavior, and ambassador program implementation
  • Metrics and creating a strategic metrics framework

Labs

  • Analyze and align with organizational culture
  • Create a comprehensive action plan

Things You Need To Know

Relevant Job Roles

Cyber Instructional Curriculum Developer (DCWF 711)

DoD 8140: Cyber Enablers

Develops and evaluates cyber training content and methods to ensure relevance, effectiveness, and alignment with organizational needs.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

SSAP Certification Attempt

Add an SSAP certification attempt and receive free two practice tests. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Lance Spitzner
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Self-Paced
  • Location & instructor

    London, GB

    Instructed by Lance Spitzner
    Date & Time
    Fetching schedule..View event details
    Course price
    £4,295 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Enrollment options
    In-Person
  • Location & instructor

    Virtual (live)

    Instructed by John Scott
    Date & Time
    Fetching schedule..View event details
    Course price
    €4,935 EUR*Prices exclude applicable local taxes
    Enrollment options
    Virtual
  • Location & instructor

    Chicago, IL, US & Virtual (live)

    Instructed by Lance Spitzner & John Scott
    Date & Time
    Fetching schedule..View event details
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Virtual (live)

    Instructed by Lance Spitzner
    Date & Time
    Fetching schedule..View event details
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
  • Location & instructor

    Amsterdam, NL

    Instructed by Lance Spitzner
    Date & Time
    Fetching schedule..View event details
    Course price
    €4,935 EUR*Prices exclude applicable local taxes
    Enrollment options
    In-Person
  • Location & instructor

    Virtual (live)

    Instructed by Lance Spitzner
    Date & Time
    Fetching schedule..View event details
    Course price
    $5,250 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
  • Location & instructor

    Virtual (live)

    Instructed by Lance Spitzner
    Date & Time
    Fetching schedule..View event details
    Course price
    €4,935 EUR*Prices exclude applicable local taxes
    Enrollment options
    Virtual
Showing 8 of 8

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching class with code in the background

Get feedback from the world’s best cybersecurity experts and instructors

Learning via laptop

Choose how you want to learn - online, on demand, or at our live in-person training events

Learning via laptop

Get access to our range of industry-leading courses and resources