2340x500_STI_Focus_Areas11.jpg

Graduate Certificate Programs: Industrial Control Systems Security

Designed for working InfoSec and IT professionals, the graduate certificate in Industrial Control Systems Security is a highly technical, hands-on program focused on the applied technologies used to defend and secure industrial control systems, operations technology, and cyber-physical systems.

Format Option: A 100% online option is available
Courses: 4
GIAC Certifications: 4
Credits: 12
Duration: 18-24 months
Total Program Cost: $22,800 USD

470x382-cybersecurity-student-8.jpg

Strengthen Your Technical Knowledge and Skills

Gain practical skills you can immediately apply at your job or in a new infosec role.

  • Learn the latest cybersecurity tactics to protect your organization
  • Keep your skills current for career growth and advancement
  • Earn professional GIAC certifications as you complete the program
  • Train on your schedule, to balance work and school
  • Get personalized support from a student advisor 

APPLICATIONS ACCEPTED MONTHLY

The SANS.edu Advantage

Because cyber threats are constantly changing, our courses are continually updated for real-world relevance. But that's just the beginning.
STI_Advantage_Icons-07.svg

GIAC Certifications

Earn 4 industry-recognized GIAC cybersecurity certifications.

STI_Advantage_Icons-09.svg

100% Online Option Available

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-10.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-11.svg

Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.

STI_Advantage_Icons-12.svg

SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.

STI_Advantage_Icons-13.svg

Powerful Network

Make connections with some of the most talented students and teachers in the industry.

InfoSec professional attends SANS.edu info session

Join an Online Info Session for Graduate Cybersecurity Programs

  • Learn about the new graduate certificate program in Software Supply Chain Security from faculty member and CISO-in-Residence at YL Ventures Frank Kim. Tue, March 5, 1 pm (ET). Register here.
  • Get tips on crafting a strong application to our cybersecurity master’s degree program and information on the next steps in the admissions process. Wed, March 6, 12 pm (ET). Register here.
  • Learn more about our cybersecurity master's degree and graduate certificate programs for working professionals. Have questions? We'll answer them. Tue, March 12, 12 pm (ET). Register here.

“Enrolling at SANS.edu helped propel my professional journey, growing from an asset-based ICS Security Specialist to a global ICS Security subject matter expert.” - Mike Hoffman, Principal ICS Security Engineer, Shell

Learn How To:

    • Develop and reinforce a common language and understanding of Industrial Control System (ICS) cybersecurity as well as the important considerations that come with cyber-to-physical operations within these environments.
    • Understand secure architecture design and defense in-depth strategies to secure ICS environments that are increasingly integrated with industrial Internet of things (IoT) and traditional business systems.
    • Deconstruct ICS targeting attacks and malware, understand normal ICS network baselines, and leverage active defense strategies that ensure safe and reliable operations.
    • Explore multiple approaches to NERC CIP compliance and how these standards can be used as the model for establishing strong management and governance controls and examine a series of architectures, strategies, and difficult compliance questions in a way that highlights the reliability and cybersecurity strengths of particular approaches.
    • Identify segmentation techniques that separate control traffic from other non-trusted traffic and methods to actively monitor ICS environments and respond to ICS incidents.

Curriculum | 12 credit hours

Our hands-on courses empower you to understand your networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and use knowledge gained from interactions with the adversary to enhance network security and maintain the safety and reliability of operations. This is the curriculum order for this program.

Required Core Courses | 6 credit hours

  • SANS Course: ICS410: ICS/SCADA Security Essentials
    Certification: Global Industrial Cyber Security Professional Certification (GICSP)

    3 Credit Hours

    ISE 6515 ICS/SCADA Security Essentials is an introductory study of how information technologies and operational technologies have converged in today's industrial control system environments. This convergence has led to a greater need than ever for a common understanding between the various groups who support or rely on these systems. Students in ISE 6515 will learn the language, the underlying theory, and the basic tools for industrial control system security in settings across a wide range of industry sectors and applications.

  • SANS Course: ICS515: ICS Visibility, Detection, and Response
    Certification: GIAC Response and Industrial Defense (GRID)

    3 Credit Hours

    ISE 6520 will empower students to understand their networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and learn from interactions with the adversary to enhance network security.

Specialization Elective Course | 3 credit hours

Students select one of the following courses.

  • SANS Course: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
    Certification: GIAC Certified Forensic Analyst (GCFA)

    3 Credit Hours

    ISE 6425 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks, including economic espionage, hacktivism, and financial crime syndicates. The course shows students how to work as digital forensic analysts and incident response team members to identify, contain, and remediate sophisticated threats-including nation-state sponsored Advanced Persistent Threats and financial crime syndicates. Students work in a hands-on lab developed from a real-world targeted attack on an enterprise network in order to learn how to identify what data might be stolen and by whom, how to contain a threat, and how to manage and counter an attack.

  • SANS Course: ICS456: Essentials for NERC Critical Infrastructure Protection
    Certification: GIAC Critical Infrastructure Protection Certification (GCIP)

    3 Credit Hours

    ISE 6525 empowers students with knowledge of the "what" and the "how" of the version 5/6 standards. The course addresses the role of FERC, NERC and the Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems and helps asset owners determine the requirements applicable to specific implementations. Additionally, the course covers implementation strategies for the version 5/6 requirements with a balanced practitioner approach to both cybersecurity benefits, as well as regulatory compliance.

  • SANS Course: SEC488: Cloud Security Essentials
    Certification: GIAC Cloud Security Essentials Certification (GCLD)

    3 Credit Hours

    ISE 6610: Cloud Security Essentials will equip you to implement appropriate security controls in the cloud, often using automation to "inspect what you expect." Mature cloud service providers (CSPs) have created a variety of security services that can help customers use their products in a more secure manner, but much about cloud security still resides with the customer organization. This course covers real-world lessons using security services created by the CSPs as well as open-source tools. Each lesson features hands-on lab exercises to help you practice the lessons learned. You will progressively layer multiple security controls in order to end the course with a functional security architecture implemented in the cloud. The course begins by addressing one of the most crucial aspects of the cloud — Identity and Access Management (IAM). From there, you will learn to secure the cloud through discussion and practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models of: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

    You will be able to:

    • Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs)
    • Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem
    • Create accounts and use the services of any one the leading CSPs and be comfortable with the self-service nature of the public cloud, including finding documentation, tutorials, pricing, and security features
    • Articulate the business and security implications of a multi-cloud strategy
    • Secure access to the consoles used to access the CSP environments
    • Use command line interfaces to query assets and identities in the cloud environment
    • Use hardening benchmarks, patching, and configuration management to achieve and maintain an engineered state of security for the cloud environment
    • Evaluate the logging services of various CSPs and use those logs to provide the necessary accountability for events that occur in the cloud environment
    • Configure the command line interface (CLI) and properly protect the access keys to minimize the risk of compromised credentials
    • Use basic Bash and Python scripts to automate tasks in the cloud
    • Implement network security controls that are native to both AWS and Azure
    • Employ an architectural pattern to automatically create and provision patched and hardened virtual machine images to multiple AWS accounts
    • Use Azure Security Center to audit the configuration in an Azure deployment and identify security issues
    • Use Terraform to deploy a complete "infrastructure as code" environment to multiple cloud providers
    • Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP's implementation of those controls using audit reports and the CSP's shared responsibility model
    • Follow the penetration testing guidelines put forth by AWS and Azure to invoke your "inner red teamer" to compromise a full stack cloud application
    • Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology
    • Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline

Elective Courses | 3 credit hours

  • 3 Credit Hours

    You can choose any 3-credit hour technical course from an approved list of elective courses.

Study with the best faculty in cybersecurity

470x382-cybersecurity-student-4.jpg

Take Your Next Step

Need more information? We’re happy to answer your questions. Join us for an info session, email info@sans.edu or call 301.241.7665.

Ready to apply? We look forward to learning about you and your career goals.

“I firmly believe, had it not been for SANS, my career would not be what it is today. My SANS education has enabled me to compete on a completely new level and given me the chance to network with industry greats.” - Steven Romero, Engineer, Chevron

“You get a lot of personal attention to get through the program because of the student advisors. They are the foundation of the SANS.edu experience.” - Christopher Hurless, Systems Engineer, Northwestern University in Qatar

Christopher Haller

SANS.edu Graduate Certificate Student Wins National Cyber League Championship

Christopher Haller beat out more than 6,000 competitors to earn the #1 individual player ranking in the Spring 2022 National Cyber League competition. See why he chose to pursue a graduate certificate at SANS.edu — and learn about his career path from the US Navy to his current role as Director of Professional Services at Centripetal Networks.

Course Delivery Options

Your mind has no borders. Why should your college? Our online and in-person course options are designed to fit your life and how you like to learn.

Join us for a free online info session to learn more.

470x382_STI_Masters_Degree_Tuition.jpg

Tuition

Total program cost: $24,700 USD

Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

Get the Credit You Deserve
Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.



TuitionPaymentProgram.png

Fund Your SANS.edu Program in Monthly Installments with No Interest

For students who are U.S. citizens or permanent residents — and don’t use employer education benefits or veterans’ education benefits to fund their SANS.edu program — we offer a Tuition Payment Program (TPP) that enables eligible you to spread out the cost of your program in monthly installments with no interest.

Employer_Education_Benefits_vb_470x382.png

Finance your education, build new skills, and add value for your company — using your employer-sponsored education benefits.

If you want to get the best education in cybersecurity while you work, and your organization offers education benefits, let them help you take your next step. SANS.edu cybersecurity degree and certificate programs are designed for working professionals, and your employee benefits package may help cover the cost of pursing your goals.

Questions?

We're happy to help. Email info@sans.edu or call 301.241.7665.

About the SANS Technology Institute

Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering graduate and undergraduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (

(1007 North Orange Street, 4th Floor, MB #166, Wilmington, DE 19801 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.