Red background

Bachelor’s Degree in Applied Cybersecurity (BACS)

SANS.edu is proud to be an NSA Center of Academic Excellence in Cyber Defense.

Prepare to be one of the most job-ready candidates in cybersecurity. Bring in 70 credits from any accredited community college or 4-year college and earn a Cybersecurity Bachelor’s Degree after completing 50 credits at SANS.edu. No prior technical experience is required.

Format Option: A 100% online option is available
Total credits: 120 (70 from outside SANS.edu + 50 at SANS.edu)
SANS.edu program duration: 2 years
SANS.edu courses: 10
GIAC Certifications: 9
Internship: 1
Total SANS.edu Program Cost: $40,500 USD

Earn a bachelor's cybersecurity degree that prepares you to win a high-paying cybersecurity job.

Earn a world-class cybersecurity bachelor's degree for less by transferring your college credits to SANS.edu. 100% online cybersecurity degree option available. Applications are accepted monthly.

Cybersecurity Numbers at a Glance

We know the employment status of 100% of our upper division undergraduates — and the data you see here is sourced directly from student survey responses and pertains specifically to employment in cybersecurity roles.

94%
94% of our job-seeking graduates gained employment in cybersecurity within 6 months.
$110K
The average starting salary of our bachelor's degree graduates is $110,000.
700K+
More than 700,000 job openings in cybersecurity are unfilled. (Source: cyberseek.org)

The SANS.edu Advantage

Because cyber threats are constantly changing, our courses are continually updated for real-world relevance. But that's just the beginning.
STI_Advantage_Icons-07.svg

GIAC Certifications

Earn professional cybersecurity certifications that employers recognize and respect.

STI_Advantage_Icons-10.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-02.svg

Flexible Schedule

Our programs are designed to fit into your busy work and life schedule.

STI_Advantage_Icons-09.svg

100% Online Option

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-27.svg

Expert Career Support

We'll guide your career search and connect you to our global cybersecurity network.

Student attends info session

Join an Online Info Session for Undergraduate Cybersecurity Programs

Learn more about SANS.edu undergraduate cybersecurity programs for students of all ages at a free online info session.

  • Cybersecurity Fundamentals Certificate (CSF): Build the foundational skills and tools you’ll need for advanced studies in cybersecurity.
  • Applied Cybersecurity Certificate (ACS): ACS graduates have an average starting salary of $104K.
  • Bachelor’s Degree in Applied Cybersecurity (BACS): BACS graduates have an average starting salary of $110K.
  • Career Support: Learn about resources for job search success available to ACS and BACS students through our Career Center.

Bring your questions. Some info sessions are encore presentations of recent events, but Admissions representatives will always be available to answer your questions live.

Thursday, November 21 at 1 pm (ET)

IR.jpg

SANS.edu Named One of the Top 10 Innovators in Cybersecurity Education 

The SANS Technology Institute has been recognized as a global leader in cybersecurity education by Help Net Security, joining the ranks of top institutions like Stanford, MIT, Carnegie Mellon and Oxford.

“I didn't just want a bachelor's degree; I wanted to strengthen my skillset to become a better employee and advance in my career. I wanted to gain knowledge that I could use right away on the job. SANS.edu did all of that and more.” – Jesse LaGrew, Chief Information Security Officer, Madison College

Success Stories

Our bachelor's degree students come from diverse backgrounds, reflecting the varied paths to a cybersecurity career. Whether you're a college transfer student, an associate degree graduate, or an industry professional with prior college credits, our program accommodates your journey.

How the Cybersecurity Degree Program Works

Step 1. Begin your studies at any accredited community college or 4-year college.

Transfer Credit Requirements: You'll need to bring in 70 transferrable college credits from an accredited college (or colleges). Learn more about the transfer credit process.

Maryland General Education Requirements
You are not required to bring in specific “major” courses into the bachelor's program, but 31 of the 70 credits you earn outside of SANS.edu must meet these Maryland General Education Requirements.

General Education Requirements (31 credits)Credits

Arts and Humanities

3

English Composition

3

Social and Behavioral Sciences

3

Mathematics

3

Biological and Physical Sciences

3

Additional General Education Electives

16


Step 2. Complete your studies at the SANS Technology Institute.

Continue your studies (50 credits) and earn your bachelor’s degree in applied cybersecurity from SANS.edu. 

  • Skill Development: Gain in-demand skills in immersive cybersecurity courses with hands-on labs designed and taught by industry leaders.
  • Professional Certifications: Earn 9 industry-recognized GIAC cybersecurity certifications.
  • Practical Experience: Analyze and report on emerging threats in a virtual internship with the Internet Storm Center, a global cybersecurity monitoring program.
  • Specialized Coursework: Complete advanced cybersecurity coursework in areas of greatest industry need. 


Step 3. Get expert support for your job search from the SANS.edu Career Center.


  • Tailored Support Services: Our Career Center was designed specifically for job seekers in cybersecurity.
  • Comprehensive Career Guidance: We'll help you in your career search, from polishing your resume to landing and acing interviews. 
  • Global Employer Network: You'll gain access to our exclusive network of employers across the world.
cybersecurity student

Take Your Next Step

Need more information? We’re happy to answer your questions. Join us for an info session, email info@sans.edu or call 301.241.7665.

Ready to apply? We look forward to learning about you and your cybersecurity career goals.

The Best Course to Start Your Cybersecurity Journey

Learn more about our cybersecurity Foundations course from the expert who built it.

James Lyne and a team of experts developed the lab-intensive SANS course SEC 275: Foundations: Computers, Technology, & Security so you could not only understand and discuss core cybersecurity concepts but actively put them into practice at your keyboard.

Together, SEC275 and the GIAC Foundational Cybersecurity Technologies (GFACT) certification comprise BACS 3275, the first course you’ll take at SANS.edu in our bachelor’s degree program.

Discover how you can start your cybersecurity journey on solid ground with SEC275 and GFACT certification.

SANS.edu Course Sequence

Junior Year

  • SANS Course: SEC275: Foundations: Computers, Technology, & Security
    Certification: GIAC Foundational Cybersecurity Technologies (GFACT)

    6 Credit Hours
    8 Week Course Term

    BACS 3275 is purpose-built to provide students with the fundamental technical knowledge and skills that serve as the baseline for all professionals in cybersecurity, reinforcing key concepts with interactive labs. You'll establish a core understanding of technology component functions and apply that knowledge to security concepts such as reconstructing a crime from digital evidence or locating exploitable flaws in software and websites. The course ensures a solid mastery of computer, hardware, network, and cybersecurity fundamentals, including the study of operating systems, Windows security tools, Linux, programming with Python and C, advanced Google searches, reconnaissance, virtualization, and encryption. You'll explore the inner workings of packets and protocols that allow the internet to function and learn the role of a computer's central processing unit (CPU), how it executes code, its relationship with memory, and the fundamentals of how attackers disrupt intended behavior.

  • SANS Course: SEC301: Introduction to Cyber Security
    Certification: GIAC Information Security Fundamentals (GISF)

    Prerequisite: BACS 3275
    4 Credit Hours
    8 Week Course Term

    Note: this course can be taken concurrently with BACS 3402

    BACS 3301 instills familiarity with core security terms and principles. This course covers everything from core terminology to the how computers and networks function, security policies, risk management, a new way of looking at passwords, cryptographic principles, network attacks & malware, wireless security, firewalls and many other security technologies, web & browser security, backups, virtual machines & cloud computing.

  • Prerequisite: BACS 3275
    3 Credit Hours
    8 Week Course Term

    Note: this course can be taken concurrently with BACS 3301

    This unique course, built exclusively for those in cybersecurity, will strengthen your writing and speaking skills. During the first half of the course, you will learn the five "golden elements" of effective reports, briefings, emails, and other cybersecurity writing as well as understand how to pick the best words, structure, look, and tone. The second half of the course gives you the skills to put together an effective security briefing, secure the interest and engagement of your audience, and confidently deliver presentations to a variety of groups.

  • SANS Course: SEC401: Security Essentials - Network, Endpoint, and Cloud
    Certification: GIAC Security Essentials (GSEC)

    Prerequisites: BACS 3301, BACS 3402
    6 Credit Hours
    8 Week Course Term

    BACS 3401 is a technically-oriented survey course in which you'll learn the most effective steps to prevent cyber attacks and detect adversaries. In classes and hands-on labs, you'll learn to develop effective security metrics that provide a focused playbook that IT can implement, auditors can validate, and executives can understand. You'll explore methods to analyze and assess the risk to your environment in order to drive the creation of a security roadmap that focuses on the right areas of security. And you'll learn practical tips and tricks to focus in on high-priority security problems and on the actions required to protect and secure an organization's critical information assets and business systems.

  • SANS Course: SEC504: Hacker Tools, Techniques, and Incident Handling
    Certification: GIAC Certified Incident Handler Certification (GCIH)

    Prerequisite: BACS 3401
    6 Credit Hours
    8 Week Course Term

    BACS 3504 is an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student’s ability to utilize the core capabilities required for incident handling today.

Senior Year

  • SANS Course: SEC573: Automating Information Security with Python
    Certification: GIAC Python Coder (GPYC)

    Prerequisite: BACS 3504
    4 Credit Hours
    8 Week Course Term

    Note: this course can be taken concurrently with an elective course in the program

    This course teaches student in the pen testing specialization, and other students who want to use the Python programming language, how to enhance their overall effectiveness during information security engagements. Students will learn how to apply core programming concepts and techniques learned in other courses through the Python programming language. The course teaches skills and techniques that can enhance an information security professional in penetration tests, security operations, and special projects. Students will create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.

  • Choose any 3-credit course from the list of elective courses below.

  • SANS Course: SEC503: Network Monitoring and Threat Detection In-Depth
    Certification: GIAC Certified Intrusion Analyst Certification (GCIA)

    Prerequisite: BACS 3504
    6 Credit Hours | 8 Week Course Term

    BACS 4503 delivers the technical knowledge, insight, and hands-on training needed to defend networks with confidence. Students will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that they can intelligently examine network traffic for signs of an intrusion. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that students can transfer knowledge to execution.

  • Choose any 3-credit course from the list of elective courses below.

  • Choose any 3-credit course from the list of elective courses below.

  • Prerequisites: BACS 3504 and BACS 3573
    Recommended preparation: BACS 4503
    6 Credit Hours | 20 Week Course Term

    *Note: this internship can be taken concurrently with the elective courses in the program

    Much like the World Health Organization and its global disease monitoring network, the SANS Technology Institute, through its research wing in the Internet Storm Center (ISC), maintains and operates the world’s leading global cyber threat detection network.

    The ISC depends on continuous input from a series of DShield sensors and web application honeypots. Of course, all that collected data accomplishes nothing if it is not processed, interpreted, analyzed and very quickly reported to the global information security community. This is the role of the ISC handlers, the frontline personnel of global threat detection, whose main task is to take all the input received into the ISC and turn it into "diaries" (https://isc.sans.edu/diaryarchive.html).

    This virtual internship as an Apprentice Handler will provide a student with a continuous opportunity over the course of 20 weeks to observe emerging threats, to analyze and report upon those threats, and to gain experience under the mentorship of a Handler or Senior Handler. This hands-on, real-world experience will prepare the student for a first professional cybersecurity role in a way that few other programs can. That experience will include not only a deepening of practical understanding of real-world technical issues, but also the ability to effectively write and communicate about those issues.

UPPER DIVISION SPECIALIZATION ELECTIVE OPTIONS (choose 3)

Cyber Defense

  • SANS Course: SEC450: Blue Team Fundamentals: Security Operations and Analysis
    Certification: GIAC Security Operations Certified (GSOC)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4450 provides students with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower those on their way to becoming the next generation of blue team members.

  • SANS Course: SEC497: Practical Open-Source Intelligence (OSINT)
    Certification: GIAC Open Source Intelligence Certification (GOSI)

    Prerequisite: BACS 3504

    3 Credit Hours

    8 Week Course Term

    ACS 4497 is a foundational course in open-source intelligence (OSINT) gathering that teaches students practical, real-world tools and techniques to help them perform OSINT research safely and effectively. The course not only covers critical OSINT tools and techniques, but it also provides real-world examples of how they have been used to solve a problem or further an investigation. Hands-on labs based on actual scenarios provide students with the opportunity to practice the skills they learn and understand how those skills can help in their research.

  • SANS Course: SEC501: Advanced Security Essentials - Enterprise Defender
    Certification: GIAC Certified Enterprise Defender (GCED)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4501 brings together all the elements of a modern cyber defense program. Students learn how to identify threats and build defensible networks to minimize the impact of an attack, use tools to detect adversaries, decode and analyze packets using various tools to identify anomalies, understand how adversaries compromise networks, perform penetration testing against their own organization to find vulnerabilities, apply the six-step incident response plan, use tools to remediate malware infections, and create a data classification program to make data loss protection systems effective.

  • SANS Course: SEC505: Securing Windows and PowerShell Automation
    Certification: GIAC Certified Windows Security Administrator (GCWN)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4505 shows students how to secure servers, workstations and portable devices running Microsoft Windows. Windows is the most frequent target of hackers and advanced malware. While other courses focus on detection or remediation of a compromise after the fact, the aim of this course is to substantially reduce these compromises in the first place. For scalability and automation, this course includes many hands-on labs with Group Policy and PowerShell scripting. No prior scripting experience is required. Learning at least the basics of PowerShell is an essential skill for anyone who manages Windows servers or clients in an enterprise.

  • SANS Course: SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
    Certification: GIAC Continuous Monitoring Certification (GMON)

    Prerequisite: ACS 3504
    3 Credit Hours

    A new proactive approach to security is needed to enhance the capabilities of organizations to detect threats that will inevitably slip through their defenses. ACS 4511 teaches this new proactive approach and strengthens student’s skills to undertake that proactive approach. The Defensible Security Architecture, Network Security Monitoring (NSM)/Continuous Diagnostics and Mitigation (CDM)/Continuous Security Monitoring (CSM) taught in this course will help students best position their organization or Security Operations Center (SOC) to analyze threats and detect anomalies that could indicate cybercriminal behavior.

  • SANS Course: SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
    Certification: GIAC Machine Learning Engineer (GMLE)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    This course is squarely centered on solving information security problems. This course covers the necessary mathematics theory and fundamentals students absolutely must know to allow them to understand and apply the machine learning tools and techniques effectively. The course progressively introduces and applies various statistic, probabilistic, or mathematic tools (in their applied form), allowing you to leave with the ability to use those tools. The hands-on projects provide a broad base from which you can build your own machine learning solutions. This course teaches how AI tools like ChatGPT really work so that you can intelligently discuss their potential use by organizations and how to build effective solutions to solve real cybersecurity problems using machine learning and AI.

Penetration Testing

  • SANS Course: SEC542: Web App Penetration Testing and Ethical Hacking
    Certification: GIAC Web Application Penetration Tester (GWAPT)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    With in-depth, hands-on labs and high-quality course content, ACS 4542 helps students move beyond push-button scanning to professional, thorough, and high-value web application testing. This enables students to demonstrate the impact of inadequate security that plagues most organizations’ websites. The addition of a series of enrichment exercises that strengthen students’ ability to work in Python and understand how the networks and operating systems enable web attacks to succeed so as to become even more insightful penetration testers.

  • SANS Course: SEC560: Enterprise Penetration Testing
    Certification: GIAC Penetration Tester Certification (GPEN)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    Every organization needs skilled information security personnel who can probe for vulnerabilities that attackers might exploit in networks, web-based applications, and computer systems, and mitigate them. ACS 4560 is specially designed to get you ready for that role. The course starts with proper planning, scoping and recon, then dives deep into scanning, target exploitation, password attacks, and web app manipulation, with over 30 detailed hands-on labs. After building your skills, you'll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization.

  • SANS Course: SEC575: iOS and Android Application Security Analysis and Penetration Testing
    Certification: GIAC Mobile Device Security Analyst (GMOB)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    Cybersecurity attacks are increasing and evolving so rapidly that is more difficult than ever to prevent and defend against them. ACS 4566 will help you to ensure that your organization has an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches. As threats evolve, an organization’s security should too. Standards based implementation takes a prioritized, risk-based approach to security and shows you how standardized controls are the best way to block known attacks and mitigate damage from successful attacks.

Security Leadership

  • SANS Course: SEC566: Implementing and Auditing CIS Controls
    Certification: GIAC Critical Controls Certification (GCCC)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    Cybersecurity attacks are increasing and evolving so rapidly that is more difficult than ever to prevent and defend against them. ACS 4566 will help you to ensure that your organization has an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches. As threats evolve, an organization’s security should too. Standards based implementation takes a prioritized, risk-based approach to security and shows you how standardized controls are the best way to block known attacks and mitigate damage from successful attacks.

Digital Forensics and Incident Response

  • SANS Course: FOR498: Digital Acquisition and Rapid Triage
    Certification: GIAC Battlefield Forensics and Acquisition (GBFA)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    This course provides the necessary skills to identify the many and varied data storage mediums in use today and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. It covers digital acquisition from computers, portable devices, networks, and the cloud. It then teaches the student Battlefield Forensics, or the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less.

  • SANS Course: FOR500: Windows Forensic Analysis
    Certification: GIAC Certified Forensic Examiner (GCFE)

    Prerequisite: ACS 3504
    3 Credit Hours

    This course focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. Students learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation. The course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime.

  • SANS Course: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
    Certification: GIAC Certified Forensic Analyst (GCFA)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4508 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks. This course is constantly updated and addresses today’s incidents by providing hand-on forensics tactics and techniques that elite responders are successfully using in real-world breach cases.

Cloud Security

  • SANS Course: SEC488: Cloud Security Essentials
    Certification: GIAC Cloud Security Essentials Certification (GCLD)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4488 covers Amazon Web Services, Azure, Google Cloud, and other cloud service providers (CSPs). Like foreign languages, cloud environments have similarities and differences, and this course will introduce you to the language of cloud security. Upon completion of this course, you will be able to advise and speak about a wide range of cybersecurity topics and successfully navigate the challenges and opportunities presented by cloud service providers.

  • SANS Course: SEC588: Cloud Penetration Testing
    Certification: GIAC Cloud Penetration Tester (GCPN)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4588 equips you with the latest in cloud-focused penetration testing techniques and teaches you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers, as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market.

  • SANS Course: SEC510: Cloud Security Controls and Mitigations
    Certification: GIAC Public Cloud Security (GPCS)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    Today's organizations depend on complex, multicloud environments which must support hundreds of different services across multiple clouds. These services are often insecure by default. Similar services in different Cloud Service Providers (CSPs) need to be protected using very different methods. Security teams need a deep understanding of AWS, Azure, and Google Cloud services to lock them down properly. Checking off compliance requirements is not enough to protect the confidentiality, integrity, and availability of your organization's data, nor will it prevent attackers from taking your critical systems down. With the right controls, organizations can reduce their attack surface and prevent security incidents from becoming breaches. Mistakes happen. Limit the impact of the inevitable.

  • SANS Course: SEC522: Application Security: Securing Web Applications, APIs, and Microservices
    Certification: GIAC Certified Web Application Defender (GWEB)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    This course covers the OWASP Top 10 and provides students with a better understanding of web application vulnerabilities, enabling them to properly defend organizational web assets. Mitigation strategies from an infrastructure, architecture, and coding perspective are discussed alongside real-world implementations that really work. The testing aspect of vulnerabilities is also covered so students can ensure their application is tested for the vulnerabilities discussed in class.

  • SANS Course: SEC540: Cloud Security and DevSecOps Automation
    Certification: GIAC Cloud Security Automation (GCSA)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    This course provides security professionals with a methodology for securing modern Cloud and DevOps environments. Students learn how to implement over 20 DevSecOps Security Controls for building, testing, deploying, and monitoring cloud infrastructure and services. Immersive hands-on labs ensure students not only understand theory, but how to configure and implement each security control. By embracing the DevOps culture, students will walk away battle tested and ready to build an organization’s Cloud & DevOps Security program.

Industrial Control Systems Security

  • SANS Course: ICS410: ICS/SCADA Security Essentials
    Certification: Global Industrial Cyber Security Professional Certification (GICSP)

    Prerequisite: BACS 3504
    3 Credit Hours
    8 Week Course Term

    ACS 4410 is designed to help traditional IT personnel fully understand the design principles underlying control systems and how to support those systems in a manner that ensures availability and integrity. In parallel, the course addresses the need for control system engineers and operators to better understand the important role they play in cybersecurity. Students will learn the language, the underlying theory, and the basic tools for industrial control system security in setting across a wide range of industry sectors and applications.

  • SANS Course: ICS456: Essentials for NERC Critical Infrastructure Protection
    Certification: GIAC Critical Infrastructure Protection Certification (GCIP)

    Prerequisite: ACS 4410
    3 Credit Hours
    8 Week Course Term

    ACS 4456 empowers you with knowledge of the what and the how of the Critical Infrastructure Protection (CIP) Reliability Standards versions 5/6/7. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations. This course goes far beyond other NERC Critical Infrastructure Protection (CIP) courses that only teach what the standards are by providing information that will help you develop and maintain a defensible compliance program and achieve a better understanding of the technical aspects of the standards. Our 25 hands-on labs utilize three provided virtual machines that enable students to learn skills ranging from securing workstations to performing digital forensics and lock picking.

  • SANS Course: ICS515: ICS Visibility, Detection, and Response
    Certification: GIAC Response and Industrial Defense (GRID)

    Prerequisite: ACS 4410
    3 Credit Hours
    8 Week Course Term

    ACS 4515 empowers you to understand your networked ICS environment, monitor it for threats, perform incident response against identified threats, and learn from interactions with the adversary to enhance network security. This approach is important to being able to counter sophisticated threats such as those seen with malware including STUXNET, HAVEX, BLACKENERGY2, CRASHOVERRIDE, TRISIS/TRITON, and ransomware. In addition, the efforts are also critical to understanding and running a modern-day complex automation environment and achieving root cause analysis for non-cyber-elated events that manifest over the network. You can expect to come out of this course with core skills necessary for any ICS cybersecurity program.

470x382_giac_logo.png

Earn Top Ranked Cybersecurity Certifications

Cybersecurity professionals ranked GIAC certifications as the most valued certifications when selecting job candidates for interviews. (Source: cio.org)

Students in all of our undergraduate programs earn the GIAC Foundational Cybersecurity Technologies (GFACT) certification, which validates your knowledge of essential foundational cybersecurity concepts.

Students in our upper division undergraduate programs earn multiple GIAC certifications, including GIAC Security Essentials (GSEC) and GIAC Certified Incident Handler (GCIH), which were named among the Top Ten Cybersecurity Certifications by Datamation.

“After I passed my GCIH certification exam, I got a job offer for twice my current salary. I’m happy where I am, but it’s great to see recruiters going after GIAC certified professionals.”
- Agnel D’Silva, IT Administrator, City of Danville, IL

“When we hire SANS graduates, they are incredibly prepared, ready to assist with difficult incidents and handle complex malware samples. Whenever I have new open headcount, I always look for recent SANS graduates as I know our SOC and our customers will reap the benefit of their training.” - John Fenninger, Manager, Detection & Response Practice, Rapid7

National Centers of Academic Excellence in Cybersecurity

SANS.edu Is Designated as a Center of Academic Excellence in Cyber Defense by the NSA

“The CAE-CD designation is a testament to the quality of our cybersecurity faculty and programs. Our graduates are helping to meet the urgent cybersecurity needs of the U.S. government, industry, academia, and research, and we are proud to be part of a select group of cyber programs to have received this important designation.”

- Ed Skoudis, SANS Technology Institute President

“I credit the SANS.edu Career Center for jumpstarting my cyber career. I seriously believe I am on the best cybersecurity team I could have ever imagined. I certainly worked hard, but I never would have arrived here without the Career Center helping with my resume, prepping me for interviews and just encouraging me in general.” - Ricardo Vazquez, Senior Associate, KPMG Cyber Response Services

Advancing in Cyber: Real Stories from SANS.edu Graduates

Megan Roddie’s journey through SANS.edu — from student to faculty — demonstrates the power of practical, certification-driven education. Discover how flexible, hands-on training prepared her for career success.

Learn from the Best

100%
Every member of the SANS.edu faculty is a highly skilled professional currently working in cybersecurity.
150+
More than 150 open source cybersecurity tools have been created by SANS Faculty.
40+
SANS faculty members have authored more than 40 books on information security.
3.5K+
SANS faculty members have produced more than 3,500 research papers and webcasts on information security topics.

Course Delivery Options

Your mind has no borders. Why should your college? Our online and in-person course options are designed to fit your life and how you like to learn.
Nattional Cyber League - Spring 2024

Join the Winning Team

At the spring 2024 National Cyber League (NCL) competition, SANS.edu demonstrated its cybersecurity prowess once again.  Among more than 500 participating colleges and universities, SANS.edu stood out as one of just three to achieve Top 10 power rankings in both the Standard Student and Experienced Student brackets.

  • #1 Power Ranking (Experienced Students)
  • #1, #2, #3, and #4 Individual Players (Experienced Students)
  • More than 30% of the Top 100 Individual Players in the Experienced bracket were SANS.edu Sentinels

Join us for a free online info session to learn more.

"SANS.edu is one of the best investments I've ever made. When I look at my career trajectory since joining SANS, I can confidently say that the bachelor’s degree program has already paid for itself." – Rachel Downs, Principal Consultant, Bridewell

Already have a bachelor’s degree?

If you want to launch a cybersecurity career and already have a bachelor’s degree or higher, our undergraduate certificate program in Applied Cybersecurity may be a good fit for you.
470x382_-_veteran.jpg

This Program is DoD 8140 Approved

If you're a Department of Defense (DoD) employee or contractor who wants to earn a career-focused cybersecurity degree or certificate, our DoD 8140 approved college programs can open new doors of opportunity.

US Department of Defense 8140 Cyber Workforce Qualification Program
DoD 8140 establishes baseline standards for qualifications that directly support operational needs and workforce readiness. All DoD personnel assigned to positions requiring the performance of cyberspace work are affected by DoD 8140.

  • Service members
  • DoD civilian employees (including non-appropriated fund employees)
  • Contractors
  • Foreign nationals
470x382_STI_Masters_Degree_Tuition.jpg

Tuition

Total Program Tuition (for SANS.edu program): $40,500 USD

Tuition includes the cost of the course, textbooks, and certification tests that serve as exams for courses.

If you’ve taken SANS courses and passed the corresponding GIAC certification, for example SANS SEC275 and the GFACT certification, you may be able to waive 12-18 eligible credit hours (the equivalent of 3 courses) into this program. See our waiver policy.

Questions?

We're happy to help. Email info@sans.edu or call 301.241.7665.

About the SANS Technology Institute

Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering graduate and undergraduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (1007 North Orange Street, 4th Floor, MB #166, Wilmington, DE 19801 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.