Graduate Certificate Programs: Cyber Defense Operations

Graduate Certificate Programs: Cyber Defense Operations
students main image

Graduate Certificate Program in
Cyber Defense Operations

Designed for working InfoSec and IT professionals, the graduate certificate program in Cyber Defense Operations is a 12-credit-hour sequence of highly technical, hands-on courses focused on teaching the applied technologies used to defend and secure information assets and business systems at an organization.

Because traditional counter defenses are no longer effective in stopping malware, viruses, and other advanced attacks, it is a forgone conclusion that targeted organizations will be compromised. Therefore, proactive and layered defensive tactics are needed to stop the adversary.

In the Cyber Defense Operations graduate certificate program, you'll learn the essential operational techniques used to defend an enterprise and you'll have the opportunity to customize the curriculum toward your specific interests or job role.

A 100% online option is available.

Applications are accepted monthly. Learn more.

Join Us for a Free Online Info Session

Overview of Graduate Programs
Thursday, August 12, 1:00 pm (ET)
Register here.

Cybersecurity Management Graduate Certificate
Featuring SANS Fellows David Hoelzer and Frank Kim
Thursday, August 26, 5:30 pm (ET)
Register here.

Learn How To

  • Utilize a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
  • Identify the information assets of an enterprise, classify them by value, and determine what management and technical controls can be used to monitor and audit them effectively.
  • Develop a program for analyzing the risk to the information assets in an enterprise and determining which technical and management controls can mitigate, remove, or transfer that risk.
  • Articulate important attacker techniques, analyze the traffic that flows on networks, and identify indications of an attack, engage in penetration testing within their organization, and respond to incidents associated with these activities within their organization.

Curriculum | 12 credit hours

Click on each course title for a full description.

Core Courses | 6 credit hours:
ISE 6240: Continuous Monitoring and Security Operations   |   SEC 511, GMON

Content: SANS SEC 511 Continuous Monitoring and Security Operations
Assessment: GIAC GMON Exam
3 Credit Hours

ISE 6240 teaches a proactive approach to security that is needed to enhance the capabilities of organizations to detect threats that will inevitably slip through their defenses. The Defensible Security Architecture, Network Security Monitoring (NSM)/Continuous Diagnostics and Mitigation (CDM)/Continuous Security Monitoring (CSM) taught in this course will help students best position their organization or Security Operations Center (SOC) to analyze threats and detect anomalies that could indicate cybercriminal behavior.

ISE 5401: Intrusion Detection In-Depth |   SEC 503, GCIA

Content: SANS SEC 503 Intrusion Detection In-Depth
Assessment: GIAC GCIA Exam
3 Credit Hours

ISE 5401 arms students with the core knowledge, tools, and techniques to detect and analyze network intrusions, building in breadth and depth for advanced packet and traffic analysis. Hands-on exercises supplement the course book material, allowing students to transfer the knowledge in their heads to their keyboards using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis.

Elective Courses | 6 credit hours:

Students select two of the following courses.

ISE 6001: Implementing & Auditing the Critical Security Controls |   SEC 566, GCCC

Content: SANS SEC 566 Implementing and Auditing the Critical Security Controls - In-Depth
Assessment: GIAC GCCC Exam
3 Credit Hours

Students are introduced to security standards and their implementation, with particular focus on the consensus Critical Controls guidelines that were developed through collaboration of U.S. Departments of Defense and Energy, the U.S. Computer Emergency Readiness Team, the FBI and other law enforcement agencies, and civilian penetration testers. The course teaches the theoretical and practical underpinnings for implementing or deploying a strategy for information assurance in an agency or organization. Using the information presented in the ISE 5101 course, this course helps students understand not only what to do to stop a threat, but why the threat exists and how to ensure that their organization is indeed in compliance with their standards.

ISE 6215: Advanced Security Essentials   |   SEC 501, GCED

Content: SANS SEC 501 Advanced Security Essentials - Enterprise Defender
Assessment: GIAC GCED Exam
3 Credit Hours

Students will learn how to design and build a secure network that can both prevent attacks and recover after a compromise. They will also learn how to retrofit an existing network to achieve the level of protection that is required. While prevention is important to learn, students will also learn how to detect the indications that the attack is in progress and stop it before significant harm is caused. Packet analysis and intrusion detection are at the core of this study. In the third module, students will learn about the variety of tests that can be run against an organization and how to perform effective penetration testing. To round out the defensive posture, students will learn the practice of identifying, analyzing, and responding effectively to attacks, including the identification of malware and steps that can be taken to prevent data loss.

ISE 6230: Securing Windows & PowerShell Automation | SEC 505, GCWN

Content: SANS SEC 505 Securing Windows and PowerShell Automation
Assessment: GIAC GCWN Exam
3 Credit Hours

ISE 6230 shows students how to secure servers, workstations and portable devices running Microsoft Windows. Windows is the most frequent target of hackers and advanced malware. While other courses focus on detection or remediation of a compromise after the fact, the aim of this course is to substantially reduce these compromises in the first place. For scalability and automation, this course includes many hands-on labs with Group Policy and PowerShell scripting. No prior scripting experience is required. Learning at least the basics of PowerShell is an essential skill for anyone who manages Windows servers or clients in an enterprise.

ISE 6250: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses | SEC 599, GDAT

Content: SEC 599 Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
Assessment: GIAC GDAT
3 Credit Hours

ISE 6250 leverages the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle is maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented. The course culminates with a Defend-the-Flag challenge in which you will integrate blue team and red team strategies to keep your network secure against advanced adversaries.

ISE 6255: Defensible Security Architecture and Engineering | SEC 530, GDSA

Content: SANS SEC 530 Defensible Security Architecture and Engineering
Assessment: GIAC GDSA Exam
3 Credit Hours

Effective security requires a balance between detection, prevention, and response capabilities. Defensible Security Architecture and Engineering is designed to help students establish and maintain a holistic and layered approach to security. Students will learn the fundamentals of up-to-date defensible security architecture and how to engineer it, with a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. Students will learn how to reconfigure these devices to significantly improve their organization's prevention capabilities in the face of today's dynamic threat landscape. The course will also delve into the latest technologies and their capabilities, strengths, and weaknesses. Multiple hands-on labs conducted daily will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work.

  • "I firmly believe, had it not been for SANS, my career would not be what it is today. My SANS education has enabled me to compete on a completely new level and given me the chance to network with industry greats."

    Steven Romero
    Engineer, Chevron

  • "I have my master's in computer science, but I completed two graduate certificate programs with SANS so I could truly dive deep into technical areas of cybersecurity and learn from instructors who are leading the industry."

    Jeff Sass
    Senior Engineering Manager, Adobe

  • "I have a master's degree from another school, and I can tell you that SANS courses are more technical and taught by more experienced instructors. I joined the graduate certificate program in Cyber Defense Operations to advance my hands-on skills and fill the gap left by my previous program."

    Harvey Wargo
    Senior Intrusion Analyst, Walmart

Who Should Enroll

The Cyber Defense Operations graduate certificate program is designed for information technology professionals with a year or more of experience working with network infrastructures, or for information security professionals who are or seek to specialize in implementing defense-in-depth strategies and auditing for their effectiveness.

The SANS Technology Institute Advantage

Online and In-Person Study Options

Flexibility for Working Professionals

  • Monthly admissions windows mean you can start on your schedule and earn the graduate certificate in roughly two years.

Credentials that Showcase Your Skills

  • Earn industry-recognized GIAC certifications that validate your skill set in critical, specialized areas of InfoSec.

World-class Faculty

Pathway to a Master's Degree

  • Credits earned in the certificate program may be applied directly toward the master's degree program should you later apply and be accepted.

Success Stories

Video gaming was the start of what would lead to Jeff Sass's decades-long career at Adobe.

Discover why he chose to pursue 3 graduate certificates at — and how the experience helped him win a promotion to manager.

Read Jeff’s story and other profiles here.

Quick Links

Admissions Deadlines & Application Requirements
Tuition & Options for Funding


We're happy to help.
Email or call (301) 241-7665.