The academic programs of the SANS Technology Institute are distinguished by our mission, courses and faculty, which relate in a virtuous cycle that accrues to the benefit of our students. Faculty members are primarily NOT engaged full-time as academic professors but with few exceptions earn their living as experts in the field, which means they author and teach courses that are technically deep and contextualized with relevant, real-world events. Because it takes years to become a member of our faculty, and because SANS faculty must maintain high ratings to retain their positions, SANS faculty members are assured to be both great teachers as well as expert practitioners. It's no surprise other schools teach out of books written by our faculty, while we develop our own material, and update courses as often as three times per year.
SANS master's programs are more than the sum of great technical courses taught by expert scholar-practitioners. SANS faculty designed the master's programs to develop information security leaders that have the technical understanding to identify what needs to be done, and the organizational capabilities to drive change. We hew strongly to the belief that leaders in our field need to understand the underlying technologies even if they are no longer at the keyboard daily. To achieve this goal, the faculty augmented technical, hands-on coursework with employer-recognized GIAC exam assessments (proving students learn the material using industry-recognized, certified exams) and integrative research experiences and simulations like NetWars that deepen a student's understanding of new and underlying technologies.
To extend a student's knowledge and ensure it is relevant to their career and employer, the faculty established multiple experiences for master's students to engage in coursework that simulates the organizational leadership roles they are expected to take on. As examples: master's students author peer-reviewed technology assessments that are posted in the SANS Reading Room; they present their research at SANS events to knowledgeable groups of visiting peers, gaining confidence in running the room while simultaneously defending their work; they engage in live and virtual group projects based on real enterprise incidents and develop and then given presentations to "CIO panels." The master's program includes courses on project management, developing security awareness campaigns, and on information security-focused policy development and management techniques. A SANS master's graduate is fully-prepared for all aspects of an upper-level information security leadership position, whether in a commercial enterprise or government entity.
We offer two master's degree programs, one leading to a Master of Science in Information Security Engineering, the other leading to the same degree in Information Security Management. These programs are distinguished primarily by their focus on technical content (Engineering) vs required elements of legal, policy, and audit requirements (Management).
SANS faculty and curriculum leads designed the post-baccalaureate certificate programs with two distinct audiences in mind.
The SANS Graduate Certificate in Cybersecurity Engineering (Core) targets information professionals who are unable to engage in the full master's program but who would still benefit from taking all three of the technical graduate courses at the core of the Information Security Engineering master's program.
For individuals who already have an established technical base (including those who might already have a master's degree) but seek to deepen their capabilities in a particular area, we offer other certificate programs that start with the same view on how offense informs defense, but then quickly diverge into materially different course progressions leading to a SANS graduate certificate in Penetration Testing and Ethical Hacking, and a second graduate certificate in Incident Response.
All three of these programs require students to master the hands-on skills necessary to advance through NetWars, the same cyber-skills firing range used by the military and commercial enterprises to build practical, real-world pentesting and hacking skills. All three programs are built from some of SANS' most popular graduate courses, and like the master's programs, students earn employer-recognized GIAC certifications as part of each course experience, validating their learning even before they earn the final credential.
The SANS Technology Institute may allow an individual to take up to two graduate courses for credit without being enrolled in a certificate or master's degree program (ie "non-matriculated student status"). We may, at our option, allow this when an applicant desires to trial a graduate course and/or when he or she is able to fund their continuing education only with the assistance of their employer's tuition reimbursement benefit. The student experience of the course is precisely the same as that of a matriculated student, and non-matriculated students must satisfy all of the course requirements, including any exams, research papers, or simulations, within the same required timeframe (typically four months for three credit courses and five months for four credit courses). Non-matriculated students can take the underlying SANS Institute class from a member of our faculty either live at a SANS event or via our online modalities (OnDemand, vLive, or Simulcast).
Successfully completed courses can be applied for credit towards a certificate or master's program should the individual apply and matriculate within 5 years of the course completion date. Non-matriculated students may only take two courses before they must apply and be formally accepted into either a certificate or master's program.
To apply to take a single graduate course as a non-matriculated student, please see the Admissions: Single Course page.