Graduate Certificate Programs: Purple Team Operations

Designed for working information security professionals, the graduate certificate in Purple Team Operations is a highly technical program focused on merging the applied concepts, skills, and technologies used by blue teams (digital defenders) and red teams (digital attackers) — so you can effectively operate and lead at the intersection of those domains, in the current best practice known as purple operations or purple teams.

Format Option: A 100% online option is available
Courses: 5
GIAC Certifications: 5
Credits: 15
Duration: 18-24 months
Total Program Cost: $28,500 USD


Strengthen Your Technical Knowledge and Skills

Gain practical skills you can immediately apply at your job or in a new infosec role.

  • Learn the latest cybersecurity tactics to protect your organization
  • Keep your skills current for career growth and advancement
  • Earn professional GIAC certifications as you complete the program
  • Train on your schedule, to balance work and school
  • Get personalized support from a student advisor 


The SANS.edu Advantage


GIAC Certifications

Earn 5 industry-recognized GIAC cybersecurity certifications.


100% Online Option Available

You have the option of completing the program through live or rewindable online courses.


World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.


Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.


SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.


Powerful Network

Make connections with some of the most talented students and teachers in the industry.

InfoSec professional attends SANS.edu info session

Join an Online Info Session for Graduate Cybersecurity Programs

  • Learn more about our cybersecurity master's degree and graduate certificate programs for working professionals. Have questions? We'll answer them. Wed, June 7, 12;30 pm (ET). Register here.
  • Get tips on crafting a strong cybersecurity master's degree application and learn about next steps in the admissions process. Thu, June 22, 2 pm (ET). Register here.

“Earning a graduate certificate from SANS is what really accelerated my career. The technical skills I learned in the program have given me the confidence to successfully lead my team and prepare them for new challenges.” - David Cox, Manager, Cyber Threat Management, EY

Learn How To:

  • Implement a transformational security vulnerability assessment program using fundamental network security knowledge, skills, and tools.
  • Master essential defensive techniques and identify indications of an attack in order to detect, respond to, and mitigate incident on enterprise networks.
  • Understand and implement attacker techniques and utilize the full range of penetration techniques in order to breach a network, pivot within it, and disrupt, exploit, or exfiltrate data from it.
  • Integrate a broad range of blue team and red team tools, technologies, and mindsets to maximize the synergy of full spectrum purple security activities.

    Curriculum | 15 Credit Hours

    In this hands-on program, you'll begin with a foundational course, then progress through more advanced blue and red team electives. The capstone course (ISE 6250) synthesizes your purple team knowledge and skills, culminating with a Defend-the-Flag challenge. This is the curriculum order for this program.

    Required Core Courses | 9 credit hours

    • SANS Course: SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
      Certification: GIAC Enterprise Vulnerability Assessor Certification (GEVA)

      3 Credit Hours

      ISE 6310 covers threat management, introduces the core components of comprehensive vulnerability assessment, and provides the hands-on instruction necessary to produce a vigorous defensive strategy. Through a detailed, practical analysis of threat intelligence, modeling, and automation, you will learn not only how to use the tools of the trade, but also how to implement a transformational security vulnerability assessment program to secure networks against even the most advanced intrusions.

    • SANS Course: SEC501: Advanced Security Essentials - Enterprise Defender
      Certification: GIAC Certified Enterprise Defender (GCED)

      3 Credit Hours

      ISE 6215 reinforces the theme that prevention is ideal, but detection is a must. Students will learn how to ensure that their organizations constantly improve their security posture to prevent as many attacks as possible. A key focus is on data protection, securing critical information no matter whether it resides on a server, in robust network architectures, or on a portable device.

      Despite an organization's best effort at preventing attacks and protecting its critical data, some attacks will still be successful. Therefore students will also learn how to detect attacks in a timely fashion through an in-depth understanding the traffic that flows on networks, scanning for indications of an attack. The course also includes instruction on performing penetration testing, vulnerability analysis, and forensics.

    • SANS Course: SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
      Certification: GIAC Defending Advanced Threats (GDAT)

      3 Credit Hours

      ISE 6250 leverages the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.

    Blue Elective Courses | 3 credit hours

    Students select one of the following.

    • SANS Course: SEC503: Network Monitoring and Threat Detection In-Depth
      Certification: GIAC Certified Intrusion Analyst Certification (GCIA)

      3 Credit Hours

      ISE 5401 delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that you can intelligently examine network traffic for signs of an intrusion. You will get plenty of practice learning to master different open source tools like tcpdump, Wireshark, Snort, Bro, tshark, and SiLK. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution.

    • SANS Course: SEC511: Continuous Monitoring and Security Operations
      Certification: GIAC Continuous Monitoring Certification (GMON)

      3 Credit Hours

      ISE 6240 teaches a proactive approach to enterprise security that presumes attackers will penetrate your environment and therefore emphasizes timely incident detection. The Defensible Security Architecture, Network Security Monitoring, Continuous Diagnostics and Mitigation, and Continuous Security Monitoring taught in this course - aligned with the National Institute of Standards and Technology (NIST) guidelines described in NIST SP 800-137 for Continuous Monitoring (CM) -- are designed to enable you and your organization to analyze threats and detect anomalies that could indicate cybercriminal behavior.

    Red Elective Courses | 3 credit hours

    Students select one of the following.

    • SANS Course: SEC560: Enterprise Penetration Testing
      Certification: GIAC Penetration Tester Certification (GPEN)

      3 Credit Hours

      ISE 6320 prepares students to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. Students will participate in an intensive, hands-on Capture the Flag exercise, conducting a penetration test against a sample target organization.

    • SANS Course: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
      Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

    Study with the best faculty in cyber security


    Take Your Next Step

    Need more information? We’re happy to answer your questions. Join us for an info session, email info@sans.edu or call 301.241.7665.

    Ready to apply? We look forward to learning about you and your career goals.


    “I firmly believe, had it not been for SANS, my career would not be what it is today. My SANS education has enabled me to compete on a completely new level and given me the chance to network with industry greats.” - Steven Romero, Engineer, Chevron

    Success Stories


    “You get a lot of personal attention to get through the program because of the student advisors. They are the foundation of the SANS.edu experience.” - Christopher Hurless, Systems Engineer, Northwestern University in Qatar

    Christopher Haller

    SANS.edu Graduate Certificate Student Wins National Cyber League Championship

    Christopher Haller beat out more than 6,000 competitors to earn the #1 individual player ranking in the Spring 2022 National Cyber League competition. See why he chose to pursue a graduate certificate at SANS.edu — and learn about his career path from the US Navy to his current role as Director of Professional Services at Centripetal Networks.

    Course Delivery Options

    Complete any of our cybersecurity degree or certificate programs by taking courses that are 100% online or that start with weeklong in-person events held across the country and around the world. Or you can do a mix of both.

    Join us for a free online info session to learn more.



    Total program cost: $28,500 USD

    Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

    Get the Credit You Deserve
    Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.

    Funding Options



    We're happy to help. Email info@sans.edu or call 301.241.7665.

    About the SANS Technology Institute

    Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering graduate and undergraduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

    The SANS Technology Institute is accredited by The Middle States Commission on Higher Education

    (1007 North Orange Street, 4th Floor, MB #166, Wilmington, DE 19801 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.