Graduate Certificate Programs: Cybersecurity Engineering (CORE)

Graduate Certificate Programs: Cybersecurity Engineering (CORE)

Graduate Certificate Program in
Cybersecurity Engineering (Core)

Designed for working InfoSec and IT professionals who want to develop a technical base in cyber skills, the Cybersecurity Engineering (Core) graduate certificate program spans from an introductory survey of fundamental information security tools and techniques to a more advanced study of the interrelationships between offensive and defensive information security best practices.

Students enrolled in this program complete the first three foundational courses, or the “Core,” of the full master’s degree curriculum. They engage in graduate-level research and write white papers, and select projects are published in the SANS Reading Room. In the Core Certificate Capstone, students have the opportunity to test the real-world techniques they’ve learned in NetWars Continuous, a graded, online range exercise.

Applications are accepted monthly. Learn more.

Join Us for a Free Online Info Session
Tuesday, April 21, 1 pm (ET)
Register here.

Learn How To

  • Use a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
  • Analyze network traffic to extract the observable characteristics of networks and network devices, thus providing a basis for defensive strategies.
  • Assemble tools and configure systems and networks to permit systems to foster resiliency and continuity of operations through attacks.
  • Understand important attacker techniques, engage in penetration testing within your organization, and respond to incidents associated with these activities within your organization.

Curriculum | 12 credit hours

Click on each course title for a full description.

Required Courses:
ISE 5101: Security Essentials   |   SEC 401, GSEC

Content: SANS SEC 401 Security Essentials Boot-camp Style
Assessment: GIAC GSEC Exam
3 Credit Hours

ISE 5101 is the technically-oriented survey course in the information security engineering master's program. It establishes the foundations for designing, building, maintaining and assessing security functions at the end-user, network and enterprise levels of an organization. The faculty instruction, readings, lab exercises, exam, and required student monograph are coordinated to introduce and develop the core technical, management, and enterprise-level capabilities that will be developed throughout the information security engineering master's program.

ISE 5201: Hacker Tools, Techniques, Exploits, & Incident Handling | SEC 504, GCIH

Content: SANS SEC 504 Hacker Techniques, Exploits & Incident Handling
Assessment: GIAC GCIH Exam
3 Credit Hours

By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

ISE 5401: Advanced Network Intrusion Detection & Analysis   |   SEC 503, GCIA

Content: SANS SEC 503, Intrusion Detection In-Depth
Assessment: GIAC GCIA Exam
3 Credit Hours

ISE 5401 arms you with the core knowledge, tools, and techniques to prepare you to defend your networks. Hands-on exercises supplement the course book material, allowing you to transfer the knowledge in your head to your keyboard using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis. All exercises in the course can be approached in two ways. A basic approach, which assists you by giving hints for answering the questions; or, an advanced approach, which provides no hints so that it is a more challenging experience.

RES 5500: Technical Research Practicum   |   White Paper

2 Credit Hours

RES 5500 is an advanced graduate-level research course in which students will identify, investigate and analyze a problem. Students will write a white paper interpreting the data collected and making recommendations for action. The white paper will reflect original work towards a new practice, solution, tool, policy, or paradigm offering the potential for real impact in the field of information security.

Prerequisites: ISE 5101, ISE 5201, ISE 5401

ISE 6300: Certificate Program Capstone   |   Core NetWars Continuous

Content: Core NetWars Continuous
1 Credit Hour

NetWars Continuous is an online training program that guides students through hands-on lessons to locate vulnerabilities, exploit diverse machines, and analyze systems. NetWars provides a forum to test and perfect cyber security skills in a manner that is legal and ethical. Students will face challenges derived from real-world environments and actual attacks that businesses, governments, and military organizations must deal with every day.

  • "Earning a graduate certificate from SANS is what really accelerated my career. The technical skills I learned in the program have given me the confidence to successfully lead my team and prepare them for new challenges."

    David Cox
    Manager, Cyber Threat Management, EY

  • "I have my master's in computer science, but I completed two graduate certificate programs with SANS so I could truly dive deep into technical areas of cybersecurity and learn from instructors who are leading the industry."

    Jeff Sass
    Senior Engineering Manager, Adobe

  • "Beginning with the 'Core' graduate certificate program was the perfect on-ramp for me to study seriously with SANS."

    Tim Ashford
    Security Governance Lead, Bridgewater Associates

Who Should Enroll

The Cybersecurity Engineering (Core) graduate certificate program is ideal for information technology professionals with a year or more of experience working with network infrastructures, or for information security professionals who are or seek to be involved in detecting and responding to malicious traffic in order to build defensible networks. It is also a great choice for information professionals who are unable to enroll in the full master's degree program, but who would benefit from taking all three of the technical graduate courses at the core of the Information Security Engineering master's program.

The SANS Technology Institute Advantage

Live and Online Study Options

  • The graduate certificate program can be completed entirely online, through immersive weeklong live courses, or in combination. View course delivery options.

Flexibility for Working Professionals

  • Monthly admissions windows mean you can start on your schedule and earn the graduate certificate in roughly two years.

Credentials that Showcase Your Skills

  • Earn industry-recognized GIAC certifications that validate your skill set in critical, specialized areas of InfoSec.

World-class Faculty

Pathway to a Master's Degree

  • Credits earned in the certificate program may be applied directly toward the master's degree program should you later apply and be accepted.

Quick Links

Admissions Deadlines & Application Requirements
Tuition & Options for Funding


We're happy to help.
Email or call (301) 241-7665.