New SANS Five Day Security Culture Course


Based on your feedback, we are super excited to announce a new five day course dedicated just to security culture – MGT521: Leading Cybersecurity Change: Building a Security Based Culture. Security leaders have learned they can no longer take a strictly technical approach to security, to succeed in today’s world they need to understand and include people and ultimately culture. A strong security culture is the foundation that enables security leaders to be effective.


Authored by SANS Instructors Lance Spitzner and Russell Eubanks (former CISO / CIO of the Federal Reserve) this course is designed for senior security leaders who want to learn how to effectively embed and measure a strong security culture in their organization. This new five day course is based on the original two-day course but has been vastly expanded to include a day five capstone project. The first time this class will be offered is a Beta class 14-18 December, as a Beta you receive a 25% discount. This will be the only beta offered and seats fill fast.

Course Description

Cybersecurity is no longer just about technology. It is ultimately about organizational change – change not only in how people think about security but in what they prioritize and how they act, from the Board of Directors to every corner of the organization. Organizational change is a field of management study that enables leaders to analyze, plan, and then improve their operations and structures by focusing on people and culture.

Drawing on real-world lessons from around the world, the SANS MGT521 course will teach you how to leverage the principles of organizational change in order to develop, maintain, and measure a security-driven culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply the concepts of organizational change to a variety of different security initiatives and quickly learn how to embed security into your organization’s culture.


You Will Be Able To

  • More effectively communicate to your Board of Directors and executives, collaborate with your peers, and engage your workforce
  • Explain what culture is, its importance to cybersecurity, and how to map and measure both your organization’s overall culture and security culture
  • Align your cybersecurity culture to your organization’s strategy, including how to leverage different security frameworks and maturity models
  • Explain what organizational change is, identify different models for creating change, and learn how to apply those models
  • Enable and secure your workforce by integrating cybersecurity into all aspects of your organization’s culture
  • Dramatically improve both the effectiveness and impact of large-scale security initiatives
  • Create and effectively communicate business cases to leadership and gain their support for your security initiatives and security in general
  • Leverage numerous templates and resources from the Digital Download Package and Community Forum that are part of the course and which you can then build on right away


Interactive Labs

This five-session course includes 17 interactive labs that walk you through exercises and apply the lessons learned to a variety of typical real-world situations and challenges. Many of the labs are carried out as teams, ensuring that you learn not only from the course materials but from other students and their experiences. Culture is a very human and global challenge, and as such we want to expose you to as many different situations and perspectives as possible. No Laptop Required. Labs are group case studies with no computers needed.


About The Course Authors

Lance Spitzner

Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture and awareness training and is a SANS Senior Instructor. He helped pioneer the fields of deception and cyber intelligence with his creation of honeynets and founding of The Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries, and helped over 350 organizations build awareness programs to manage their human risk. He is also on the Board of Advisors for Attivo Networks. Lance is the author and an instructor for MGT433: How to Build, Maintain, and Measure a Mature Awareness Program, and MGT521: Driving Cybersecurity Change: Establishing a Culture of Protect, Detect, and Respond, and built the SANS Security Awareness business unit from the ground up over the past 10 years. With the catalyst of COVID-19, Lance created multiple resources for securing humans from home, from those working remotely for the first time or managing newly remote teams, to children learning and playing online. Learn more about Lance here.

Russell Eubanks

As owner of Security Ever After and consultant for Enclave Security, Russell is responsible for assessing the cyber security of many diverse organizations and increasing their maturity while decreasing the probability of a breach. He wrote the first paper on how to implement the Critical Security Controls and serves on the editorial panel for the Critical Security Controls. As a current handler for the SANS Internet Storm Center and a former chief information security officer (CISO) of the Federal Reserve Bank of Atlanta, he’s especially passionate about helping new or aspiring cyber leaders increase their influence. Russell is a SANS Certified Instructor and co-author of the upcoming five day version of MGT 521: Driving Cybersecurity Change – Establishing a Culture of Protect, Detect and Respond and the upcoming SANS Security 404: Business Finance Essentials course for SANS Technology Institute. Learn more about Russell here.


*** This is a Security Bloggers Network syndicated blog from SANS Blog authored by SANS Blog. Read the original post at: