As a distinct experience, the Cybersecurity Engineering Core certificate program spans from an introductory survey of fundamental information security tools and techniques to a more advanced study of the inter-relationships between offensive (attack/penetration testing) and defensive (intrusion detection and incident response) information security best practices. Courses in the program familiarize the student with essential tools and techniques used in cybersecurity engineering, teach the student various cyber attack techniques which may be employed in penetration testing and incident response, and reinforce a practitioner's ability to detect attacks through packet analysis and intrusion detection. Student capabilities are reinforced through multiple hands-on labs and network simulations.
Cybersecurity Engineering (Core) Certificate - 12 credit hours
Required courses (expand for more info):
SANS class: SEC 401 Security Essentials Boot-camp Style
Assessment: GIAC GSEC, Research Paper Revision & Update
4 Credit Hours
ISE 5150 is the introductory, technically-oriented survey course in the information security engineering master's program. It establishes the foundations for designing, building, maintaining and assessing security functions at the end-user, network and enterprise levels of an organization. The faculty instruction, readings, lab exercises, exam, and required student paper are coordinated to introduce and develop the core technical, management, and enterprise-level capabilities that will be developed throughout the information security engineering master's program.
SANS class: SEC504 Hacker Techniques, Exploits & Incident Handling
Assessment: GIAC GCIH, NetWars Continuous
4 Credit Hours
By adopting the viewpoint of a hacker, ISE 5200 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, exam, and NetWars simulation are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.
SANS class: SEC 503, Intrusion Detection In-Depth
Assessment: GIAC GCIA, Paper
4 Credit Hours
ISE 5400 arms you with the core knowledge, tools, and techniques to prepare you to defend your networks. Hands-on exercises supplement the course book material, allowing you to transfer the knowledge in your head to your keyboard using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis. All exercises have two different approaches. A basic one that assists you by giving hints for answering the questions. The second approach provides no hints, permitting you to have a more challenging experience.
Download the Cybersecurity Engineering Core Briefing Document in .pdf format.
The ideal candidate for the Cybersecurity Engineering Core certificate program is an information technology professional with a year or more of experience working with network infrastructures, or an information security professional who is or seeks to be involved in detecting and responding to malicious traffic in order to build defensible networks.
Graduates of the Cybersecurity Engineering Core post-baccalaureate certificate program will be able to:
- Utilize a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
- Analyze network traffic to extract the observable characteristics of networks and network devices, thus providing a basis for defensive strategies.
- Assemble tools and configure systems and networks to permit systems to foster resiliency and continuity of operations through attacks.
- Understand important attacker techniques, engage in penetration testing within their organization, and respond to incidents associated with these activities within their organization.
For additional, detailed technical goals for each course, please review the educational goals listed for each SANS class.
The following assessment methods will be utilized to determine if students meet the targeted program learning outcomes:
- Standardized exams
- GIAC Security Essentials (GSEC) exam,
- GIAC Certified Incident Handler (GCIH) exam, and
- GIAC Certified Intrusion Analyst (GCIA) exam
- Two written research papers covering general security essentials and intrusion analysis.
- Simulation Experience - NetWars Continuous
Tuition for each course in a certificate program is $5,000, and all courses may be taken either live at a SANS event or online from home or work. Credit is earned only when a student enrolls first in a given certificate program and then registers for the appropriate graduate courses.
Admissions to the Cybersecurity Engineering Core Certificate Program
To apply, please view the Admissions Page dedicated to the SANS Graduate Certificate Programs.