SANS Institute

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The SANS Institute (officially the Escal Institute of Advanced Technologies)[1] is a private U.S. for-profit company[2] that specializes in information security and cybersecurity training. Since its founding in 1989, the SANS Institute has trained over 120,000 information security professionals in topics ranging from cyber and network defenses, penetration testing, incident response, digital forensics, and audit. In 1999, the SANS Institute formed Global Information Assurance Certification (GIAC), an independent entity that has granted over 58,000 certifications to validate the skills and knowledge of information security professionals.[3]

The SANS Institute also sponsors the Internet Storm Center, an Internet monitoring system staffed by a global community of security practitioners, and the SANS Reading Room - a research archive of information security policy and research documents that delivers over one million downloads per year to professionals globally. As part of ongoing research and dedication to leading the information security community, SANS is one of the founding organizations and partners of the Center for Internet Security.[4]

SANS offers intensive, immersion-style information security training courses taught by industry-leading security-practitioner instructors. SANS Institute’s information security courses are developed through a consensus process involving hundreds of administrators, security managers, and information security professionals and address both security fundamentals and the in-depth technical aspects of the most crucial areas of information security. SC Magazine has routinely recognized SANS Institute as “Best IT-Security-related Training Program.[5]"

Dr. Eric Cole, a Fellow and an instructor with the SANS Institute, was recently inducted and joins Alan Paller,[6] SANS Institute founder and Director of Research, in the InfoSecurity Europe Hall of Fame. Cole (2015 inductee[7]) and Paller[7] (2008) join the likes of Alan Turing[7] (2013), Eugene Kaspersky[7] (2010), and Dan Kaminsky[7] (2009) in this elite circle of computer science and security pioneers.

SANS courses prepare IT professionals to better defend their systems and networks while enabling these technology workers to pursue and achieve certification by the Global Information Assurance Certification (GIAC) organization. GIAC has over 10,000 security professionals who have already proven their skills and knowledge to meet challenging standards. GIAC is unique in the field of information security certifications because it tests a candidate's knowledge and their ability to put that knowledge into practice in the real world. GIAC certification was recently recognized by SC Magazine as Best Professional Certification Program.[8]

SANS has also developed and continues to maintain and make available the largest collection of information security research documents and whitepapers about various aspects of information security and operate the Internet's early warning system - the Internet Storm Center. In addition to the Internet Storm Center, SANS has also developed and operates NetWars – a suite of hands-on, interactive learning scenarios that enable information security professionals to develop and master the real-world, in-depth skills they need to excel in their field. Hands-on cybersecurity training courses and simulated cyberattacks from SANS Institute are seen as key to solving new and advanced threats by the US Air Force.[9]

Similar to the Air Force, the US Army is taking a successful model developed to train chief warrant officers in the realm of information assurance and is adapting it for qualified enlisted personnel and officers. Joey Gaspard, chief, Information Assurance Branch, U.S. Army Signal Center at Fort Gordon, Georgia notes “predominantly commercial training is tried, tested and true to train cybersecurity specialists at private sector firms such as IBM and Hewlett-Packard.” Entrance and acceptance into the Army’s Information Protection Technician (IPT) program is challenging. Gaspard says, “Requirements are rigorous. The first class a candidate must pass is an industry cybersecurity course provided by the SANS Institute, a well-known provider of advanced cybersecurity training in the private sector.[10]” SANS training and NetWars hands-on simulations are further discussed by CBS News in a televised expose titled, Strengthening the Nations Defense.[11] The Washington Post covered this SANS training program as well in a piece titled, "CyberCity allows government hackers to train for attacks.[12]"

SANS training[edit]

When originally organized in 1989,[13] live SANS training events functioned like traditional technical conferences showcasing technical presentations. By the mid-1990s, SANS evolved into a more commercial format offering events which combined training with tradeshows and vendor-oriented marketing. Beginning in 2006, SANS extended its offering to include asynchronous online training (SANS OnDemand) and a virtual, synchronous classroom format (SANS vLive). Free webcasts and email newsletters (@Risk, Newsbites, Ouch!) have been developed in conjunction with security vendors. The actual content behind SANS training courses and training events remain "vendor-agnostic." Vendors cannot pay to offer their own official SANS course, although they can teach a SANS "hosted" event via sponsorship.

Certifications related to SANS training courses are offered by SANS-operated GIAC.

SANS Technology Institute[edit]

As of 2006 SANS established the SANS Technology Institute, a graduate school based on SANS training and GIAC certifications. On November 21, 2013, SANS Technology Institute was granted regional accreditation by the Middle States Commission on Higher Education.[14]

SANS Technology Institute focuses exclusively on cybersecurity, offering two Master of Science degree programs (in Information Security Engineering (MSISE) and Information Security Management (MSISM)), and three post-baccalaureate certificate programs (Penetration Testing & Ethical Hacking, Incident Response, and Cybersecurity Engineering (Core)).

SANS continues to offer free security content via the SANS Technology Institute Leadership Lab [15] and IT/Security related leadership information.[16]

See also[edit]


  1. ^ Bloomberg profile
  2. ^ "What is the SANS Institute?". SANS Frequently Asked Questions (faq): Security Training: General. Retrieved 2012-09-19. 
  3. ^ "GIAC Information Security Certifications - Cyber Certifications". 
  4. ^ "Center for Internet Security". 
  5. ^ "SC Magazine Awards 2015" (PDF). SC Magazine. 
  6. ^ "Alan Paller - Businessweek". Retrieved 2015-11-17. 
  7. ^ a b c d e "InfoSecurity Europe Hall of Fame Nominations". InfoSecurity Europe Hall of Fame. 
  8. ^ "2014 SC Awards U.S. Winners". SC Magazine. Retrieved 2015-11-17. 
  9. ^ "Stepped Up Cyberthreats Prompt Air Force To Rethink Training, Acquisitions". SIGNAL Magazine. Retrieved 2015-11-17. 
  10. ^ "In the Cyber Trenches". SIGNAL Magazine. Retrieved 2015-11-17. 
  11. ^ "Strengthening the nation's defense against hackers". Retrieved 2015-11-17. 
  12. ^ Jr, Robert O'Harrow (2012-11-26). "CyberCity allows government hackers to train for attacks". The Washington Post (in en-US). ISSN 0190-8286. Retrieved 2015-11-17. 
  13. ^ "SANS Institute: About". 
  14. ^ SANS Technology Institute. "Accreditation". 
  15. ^ "STI Information Security Laboratory". 
  16. ^ "STI Information Security Leadership Laboratory". 

External links[edit]