Graduate Certificate Programs: Cybersecurity Engineering (CORE)

Graduate Certificate Programs: Cybersecurity Engineering (CORE)

Graduate Certificate Program in
Cybersecurity Engineering (Core)

Designed for working IT and information security professionals who want to develop a technical base in cybersecurity skills, the Cybersecurity Engineering (Core) graduate certificate program spans from an introductory survey of fundamental information security tools and techniques to a more advanced study of the interrelationships between offensive and defensive information security best practices.

In this hands-on, 13-credit-hour program, you’ll complete 3 foundational courses — or the “Core” — of the master’s degree curriculum and choose an elective course to begin developing advanced skills in a specific area of information security. You’ll emerge with the foundational skills and knowledge needed to pursue our master’s degree program or our more technical, job-specific graduate certificate programs.

A 100% online option is available.

Applications are accepted monthly. Learn more.

Join Us for a Free Online Info Session

Overview of Graduate Programs
Tuesday, September 28, 11:00 am (ET)
Register here.

Cloud Security Graduate Certificate
Featuring SANS Fellow Frank Kim and SANS Instructor Ryan Nicholson
Thursday, September 30, 6:30 pm (ET)
Register here.

Learn How To

  • Use a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
  • Analyze network traffic to extract the observable characteristics of networks and network devices, thus providing a basis for defensive strategies.
  • Assemble tools and configure systems and networks to permit systems to foster resiliency and continuity of operations through attacks.
  • Understand important attacker techniques, engage in penetration testing within your organization, and respond to incidents associated with these activities within your organization.

Curriculum Updates

  • The choice of an introductory or advanced survey course enables you to tailor the program to your level of experience in the field
  • Elective options let you build advanced skills in a specific area of information security
  • Our newly developed Core Comprehensive Exam tests and reinforces the knowledge and skills gained throughout the program
  • Writing a research paper is no longer required, but you may choose an elective focused on research, professional writing, and presentation skills

Curriculum | 13 credit hours

Click on each course title for a full description.

Survey Course | 3 credit hours

Students select one of the following.

ISE 5101: Security Essentials   |   SEC 401, GSEC

Content: SANS SEC 401 Security Essentials: Network, Endpoint, and Cloud
Assessment: GIAC GSEC Exam
3 Credit Hours

ISE 5101 establishes the foundations for designing, building, maintaining, and assessing security functions at the end-user, network, and enterprise levels of an organization. Because this course is also the technically-oriented survey course in the master's degree program, the faculty instruction, readings, lab exercises, and exam introduce and develop the core technical, management, and enterprise-level capabilities required if you choose to pursue a master's degree.

ISE 6215: Advanced Security Essentials | SEC 501 GCED

SANS class: SEC 501 Advanced Security Essentials - Enterprise Defender
Assessment: GIAC GCED
3 Credit Hours

ISE 6215 reinforces the theme that prevention is ideal, but detection is a must. In this advanced survey course, you’ll learn how to ensure that your organization constantly improves its security posture to prevent as many attacks as possible. A key focus is on data protection, securing critical information no matter whether it resides on a server, in robust network architectures, or on a portable device.

Despite an organization's best effort at preventing attacks and protecting its critical data, some attacks will still be successful. Therefore, you’ll also learn how to detect attacks in a timely fashion through an in-depth understanding the traffic that flows on networks, scanning for indications of an attack. The course also includes instruction on performing penetration testing, vulnerability analysis, and forensics.

Core Courses | 7 credit hours
ISE 5201: Hacker Tools, Techniques, Exploits, & Incident Handling | SEC 504, GCIH

Content: SANS SEC 504 Hacker Techniques, Exploits & Incident Handling
Assessment: GIAC GCIH Exam
3 Credit Hours

By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. You’ll explore how to manage intrusions by first looking at the techniques used by attackers to exploit a system. You’ll learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test your ability to utilize the core capabilities required for incident handling.

ISE 5401: Intrusion Detection In-Depth |   SEC 503, GCIA

Content: SANS SEC 503, Intrusion Detection In-Depth
Assessment: GIAC GCIA Exam
3 Credit Hours

ISE 5401 arms you with the core knowledge, tools, and techniques to prepare you to defend your networks. Hands-on exercises supplement the course book material, allowing you to transfer the knowledge in your head to your keyboard using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis. All exercises in the course can be approached in two ways. A basic approach, which assists you by giving hints for answering the questions; or, an advanced approach, which provides no hints, creating a more challenging experience.

ISE 6200: Certificate Program Capstone | Core Comprehensive Exam

Content: Core Comprehensive Exam
1 Credit Hour

The Core Comprehensive Exam tests your mastery of the core technical skills required by top security consultants and individual practitioners. Through a series of exercises, you’ll demonstrate your ability to integrate the knowledge, skills, and techniques acquired in ISE 5101, ISE 5201, and ISE 5401 to address common challenges faced by technical leaders in the cybersecurity field.

Elective Course | 3 credit hours
Technical Elective Course | SANS Class, GIAC Exam

Content: SANS Class
Assessment: GIAC Exam
3 Credit Hours

As a student in the Cybersecurity Engineering (Core) graduate certificate program, you can choose any 3-credit hour technical course from an approved list of elective courses. ISE 5901: Advanced Technical Research and Communication Practicum is available as an elective option if you seek to advance your research, professional writing, and speaking skills.

  • "Earning a graduate certificate from SANS is what really accelerated my career. The technical skills I learned in the program have given me the confidence to successfully lead my team and prepare them for new challenges."

    David Cox
    Manager, Cyber Threat Management, EY

  • "I have my master's in computer science, but I completed two graduate certificate programs with SANS so I could truly dive deep into technical areas of cybersecurity and learn from instructors who are leading the industry."

    Jeff Sass
    Senior Engineering Manager, Adobe

  • "Beginning with the 'Core' graduate certificate program was the perfect on-ramp for me to study seriously with SANS."

    Tim Ashford
    Security Governance Lead, Bridgewater Associates

Who Should Enroll

The Cybersecurity Engineering (Core) graduate certificate program is ideal for information professionals seeking a strong foundation in cybersecurity skills.

  • Information technology professionals with a year or more of experience working with network infrastructures
  • Information security professionals who want to prepare for more advanced cybersecurity roles
  • Information professionals seeking a pathway to our master’s degree program or our more technical, job-specific graduate cybersecurity certificate programs
  • Information professionals who are unable to enroll in the full master's degree program, who would benefit from taking all 3 technical graduate courses at the core of the master's program

The SANS Technology Institute Advantage

Online and In-Person Study Options

Flexibility for Working Professionals

  • Monthly admissions windows mean you can start on your schedule and earn the graduate certificate in roughly two years.

Credentials that Showcase Your Skills

  • Earn industry-recognized GIAC certifications that validate your skill set in critical, specialized areas of InfoSec.

World-class Faculty

Pathway to a Master's Degree

  • Credits earned in the certificate program may be applied directly toward the master's degree program should you later apply and be accepted.

Success Stories

Video gaming was the start of what would lead to Jeff Sass's decades-long career at Adobe.

Discover why he chose to pursue 3 graduate certificates at — and how the experience helped him win a promotion to manager.

Read Jeff’s story and other profiles here.

Quick Links

Admissions Deadlines & Application Requirements
Tuition & Options for Funding


We're happy to help.
Email or call (301) 241-7665.