2340x500_STI_Focus_Areas15.jpg

Graduate Certificate Programs: Purple Team Operations

Designed for working information security professionals, the graduate certificate in Purple Team Operations is a highly technical program focused on merging the applied concepts, skills, and technologies used by blue teams (digital defenders) and red teams (digital attackers) — so you can effectively operate and lead at the intersection of those domains, in the current best practice known as purple operations or purple teams.

Format Option: A 100% online option is available
Courses: 4
GIAC Certifications: 4
Credits: 12
Duration: 18-24 months
Total Program Cost: $22,800 USD


470x382-cybersecurity-student-8.jpg

Strengthen Your Technical Knowledge and Skills

Gain practical skills you can immediately apply at your job or in a new infosec role.

  • Learn the latest cybersecurity tactics to protect your organization
  • Keep your skills current for career growth and advancement
  • Earn professional GIAC certifications as you complete the program
  • Train on your schedule, to balance work and school
  • Get personalized support from a student advisor 

APPLICATIONS ACCEPTED MONTHLY

The SANS.edu Advantage

Because cyber threats are constantly changing, our courses are continually updated for real-world relevance. But that's just the beginning.
STI_Advantage_Icons-07.svg

GIAC Certifications

Earn 4 industry-recognized GIAC cybersecurity certifications.

STI_Advantage_Icons-09.svg

100% Online Option Available

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-10.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-11.svg

Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.

STI_Advantage_Icons-12.svg

SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.

STI_Advantage_Icons-13.svg

Powerful Network

Make connections with some of the most talented students and teachers in the industry.

InfoSec professional attends SANS.edu info session

Join an Online Info Session for Graduate Cybersecurity Programs

  • Learn more about our cybersecurity master's degree and graduate certificate programs for working professionals. Have questions? We'll answer them. Wed, October 30, 1 pm (ET). Register here.
  • Explore our 9 highly technical, job-specific graduate certificate programs for working professionals. Thu, November 14 at 1 pm (ET). Register here.
  • Get tips on crafting a strong application to our cybersecurity master’s degree program and information on the next steps in the admissions process. Wed, November 20, 11 am (ET). Register here.
IR.jpg

SANS.edu Named One of the Top 10 Innovators in Cybersecurity Education 

The SANS Technology Institute has been recognized as a global leader in cybersecurity education by Help Net Security, joining the ranks of top institutions like Stanford, MIT, Carnegie Mellon and Oxford.

“Earning a graduate certificate from SANS is what really accelerated my career. The technical skills I learned in the program have given me the confidence to successfully lead my team and prepare them for new challenges.” - David Cox, Manager, Cyber Threat Management, EY

Learn How To:

  • Master essential defensive techniques and identify indications of an attack in order to detect, respond to, and mitigate incident on enterprise networks.
  • Understand and implement attacker techniques and utilize the full range of penetration techniques in order to breach a network, pivot within it, and disrupt, exploit, or exfiltrate data from it.
  • Integrate a broad range of blue team and red team tools, technologies, and mindsets to maximize the synergy of full spectrum purple security activities.

    Curriculum | 12 Credit Hours

    In this hands-on program, you'll begin with a foundational course, then progress through more advanced blue and red team electives. The capstone course (ISE 6250) synthesizes your purple team knowledge and skills, culminating with a Defend-the-Flag challenge. This is the curriculum order for this program.

    Required Core Courses | 6 credit hours

    • SANS Course: SEC504: Hacker Tools, Techniques, and Incident Handling
      Certification: GIAC Certified Incident Handler Certification (GCIH)

      3 Credit Hours

      By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

    • SANS Course: SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
      Certification: GIAC Defending Advanced Threats (GDAT)

      3 Credit Hours

      ISE 6250 leverages the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.

    Blue Elective Courses | 3 credit hours

    Students select one of the following.

    • SANS Course: SEC503: Network Monitoring and Threat Detection In-Depth
      Certification: GIAC Certified Intrusion Analyst Certification (GCIA)

      3 Credit Hours

      ISE 5401 delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that you can intelligently examine network traffic for signs of an intrusion. You will get plenty of practice learning to master different open source tools like tcpdump, Wireshark, Snort, Bro, tshark, and SiLK. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution.

    • SANS Course: SEC501: Advanced Security Essentials - Enterprise Defender
      Certification: GIAC Certified Enterprise Defender (GCED)

      3 Credit Hours

      ISE 6215 reinforces the theme that prevention is ideal, but detection is a must. Students will learn how to ensure that their organizations constantly improve their security posture to prevent as many attacks as possible. A key focus is on data protection, securing critical information no matter whether it resides on a server, in robust network architectures, or on a portable device.

      Despite an organization's best effort at preventing attacks and protecting its critical data, some attacks will still be successful. Therefore students will also learn how to detect attacks in a timely fashion through an in-depth understanding the traffic that flows on networks, scanning for indications of an attack. The course also includes instruction on performing penetration testing, vulnerability analysis, and forensics.

    • SANS Course: SEC505: Securing Windows and PowerShell Automation
      Certification: GIAC Certified Windows Security Administrator (GCWN)

      3 Credit Hours

      ISE 6230 shows students how to secure servers, workstations and portable devices running Microsoft Windows. Windows is the most frequent target of hackers and advanced malware. While other courses focus on detection or remediation of a compromise after the fact, the aim of this course is to substantially reduce these compromises in the first place. For scalability and automation, this course includes many hands-on labs with Group Policy and PowerShell scripting. No prior scripting experience is required. Learning at least the basics of PowerShell is an essential skill for anyone who manages Windows servers or clients in an enterprise. 

    • SANS Course: SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
      Certification: GIAC Continuous Monitoring Certification (GMON)

      3 Credit Hours

      ISE 6240 teaches a proactive approach to enterprise security that presumes attackers will penetrate your environment and therefore emphasizes timely incident detection. The Defensible Security Architecture, Network Security Monitoring, Continuous Diagnostics and Mitigation, and Continuous Security Monitoring taught in this course - aligned with the National Institute of Standards and Technology (NIST) guidelines described in NIST SP 800-137 for Continuous Monitoring (CM) - are designed to enable you and your organization to analyze threats and detect anomalies that could indicate cybercriminal behavior.

    • SANS Course: SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
      Certification: GIAC Defensible Security Architect Certification (GDSA)

      3 Credit Hours

      Effective security requires a balance between detection, prevention, and response capabilities. Defensible Security Architecture and Engineering is designed to help you establish and maintain a holistic and layered approach to security. You’ll explore the fundamentals of up-to-date defensible security architecture and how to engineer it, with a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. You’ll learn how to reconfigure these devices to significantly improve your organization’s prevention capabilities in the face of today's dynamic threat landscape. The course will also delve into the latest technologies and their capabilities, strengths, and weaknesses. Multiple hands-on labs will reinforce key points in the course and provide actionable skills you will be able to leverage immediately at work.

    • SANS Course: SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
      Certification: GIAC Machine Learning Engineer (GMLE)

      3 Credit Hours

      This course is squarely centered on solving information security problems. This course covers the necessary mathematics theory and fundamentals students absolutely must know to allow them to understand and apply the machine learning tools and techniques effectively. The course progressively introduces and applies various statistic, probabilistic, or mathematic tools (in their applied form), allowing you to leave with the ability to use those tools. The hands-on projects provide a broad base from which you can build your own machine learning solutions. This course teaches how AI tools like ChatGPT really work so that you can intelligently discuss their potential use by organizations and how to build effective solutions to solve real cybersecurity problems using machine learning and AI.

    • SANS Course: FOR578: Cyber Threat Intelligence
      Certification: GIAC Cyber Threat Intelligence (GCTI)

      3 Credit Hours

      ISE 6445 will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to counter those threats accurately and effectively. This course focuses on structured analysis to establish a solid foundation for any security skillset and to amplify existing skills.

    Red Elective Courses | 3 credit hours

    Students select one of the following.

    • SANS Course: SEC542: Web App Penetration Testing and Ethical Hacking
      Certification: GIAC Web Application Penetration Tester (GWAPT)

      3 Credit Hours

      ISE 6315 is a highly technical information security course in offensive strategies where students learn the art of exploiting Web applications so they can find flaws in enterprise Web apps before they are otherwise discovered and exploited. Through detailed, hands-on exercises students learn the four-step process for Web application penetration testing. Students will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. They then utilize cross-site scripting attacks to dominate a target infrastructure in a unique hands-on laboratory environment. Finally students explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen.

    • SANS Course: SEC560: Enterprise Penetration Testing
      Certification: GIAC Penetration Tester Certification (GPEN)

      3 Credit Hours

      ISE 6320 prepares students to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. Students will participate in an intensive, hands-on Capture the Flag exercise, conducting a penetration test against a sample target organization.

    • SANS Course: SEC575: iOS and Android Application Security Analysis and Penetration Testing
      Certification: GIAC Mobile Device Security Analyst (GMOB)

      3 Credit Hours

      ISE 6325 helps students resolve their organization's struggles with mobile device security by equipping then with the skills needed to design, deploy, operate, and assess a well-managed secure mobile environment. From practical policy development to network architecture design and deployment, and mobile code analysis to penetration testing and ethical hacking, this course teaches students to build the critical skills necessary to support the secure deployment and use of mobile phones and tablets in their organization.

    • SANS Course: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
      Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

      3 Credit Hours

      ISE 6360 builds upon ISE 6320 - Enterprise Penetration Testing. This advanced course introduces students to the most prominent and powerful attack vectors, allowing students to perform these attacks in a variety of hands-on scenarios. This course is an elective course in the Penetration Testing & Ethical Hacking certificate program, and an elective choice for the master's program in Information Security Engineering.

    • SANS Course: SEC565: Red Team Operations and Adversary Emulation
      Certification: GIAC Red Team Professional (GRTP)

      3 Credit Hours

      ISE 6370 develops Red Team operators capable of planning and executing consistent and repeatable engagements that are focused on training and on measuring the effectiveness of the people, processes, and technology used to defend environments. You will learn how to plan and execute end-to-end Red Teaming engagements that leverage adversary emulation, including the skills to organize a Red Team, consume threat intelligence to map against adversary tactics, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of the Red Team engagement, and ultimately improve the overall security posture of the organization. As part of the course, you will perform an adversary emulation against a target organization modeled on an enterprise environment, including Active Directory, intelligence-rich emails, file servers, and endpoints running in Windows and Linux.  Through this course, you will better understand and be able to show the value that Red Teaming and adversary emulations bring to an organization.

    • SANS Course: SEC588: Cloud Penetration Testing
      Certification: GIAC Cloud Penetration Tester (GCPN)

      3 Credit Hours

      ISE 6630 dives into the latest in penetration testing techniques focused on the cloud, how to assess cloud environments, as well as other new topics that appear in the cloud like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also specifically covers Azure and AWS penetration testing, which is particularly important given that Amazon Web Services and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies, but rather to teach you how to assess and report on the true risk that the organization could face if these services are left insecure.

      Students will be able to:

      • Conduct cloud-based penetration tests
      • Assess cloud environments and bring value back to the business by locating vulnerabilities
      • Understand how cloud environments are constructed and how to scale factors into the gathering of evidence
      • Assess security risks in Amazon and Microsoft Azure environments

    Study with the best faculty in cybersecurity

    470x382-cybersecurity-student-4.jpg

    Take Your Next Step

    Need more information? We’re happy to answer your questions. Join us for an info session, email info@sans.edu or call 301.241.7665.

    Ready to apply? We look forward to learning about you and your career goals.

    “I firmly believe, had it not been for SANS, my career would not be what it is today. My SANS education has enabled me to compete on a completely new level and given me the chance to network with industry greats.” - Steven Romero, Engineer, Chevron

    “You get a lot of personal attention to get through the program because of the student advisors. They are the foundation of the SANS.edu experience.” - Christopher Hurless, Systems Engineer, Northwestern University in Qatar

    Christopher Haller

    SANS.edu Graduate Certificate Student Wins National Cyber League Championship

    Christopher Haller beat out more than 6,000 competitors to earn the #1 individual player ranking in the Spring 2022 National Cyber League competition. See why he chose to pursue a graduate certificate at SANS.edu — and learn about his career path from the US Navy to his current role as Director of Professional Services at Centripetal Networks.

    Course Delivery Options

    Your mind has no borders. Why should your college? Our online and in-person course options are designed to fit your life and how you like to learn.

    Join us for a free online info session to learn more.

    470x382_-_veteran.jpg

    This Program is DoD 8140 Approved

    If you're a Department of Defense (DoD) employee or contractor who wants to earn a career-focused cybersecurity degree or certificate, our DoD 8140 approved college programs can open new doors of opportunity.

    US Department of Defense 8140 Cyber Workforce Qualification Program
    DoD 8140 establishes baseline standards for qualifications that directly support operational needs and workforce readiness. All DoD personnel assigned to positions requiring the performance of cyberspace work are affected by DoD 8140.

    • Service members
    • DoD civilian employees (including non-appropriated fund employees)
    • Contractors
    • Foreign nationals
    470x382_STI_Masters_Degree_Tuition.jpg

    Tuition

    Total program cost: $22,800 USD

    Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

    Get the Credit You Deserve
    Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.



    TuitionPaymentProgram.png

    Fund Your SANS.edu Program in Monthly Installments with No Interest

    For students who are U.S. citizens or permanent residents — and don’t use employer education benefits or veterans’ education benefits to fund their SANS.edu program — we offer a Tuition Payment Program (TPP) that enables eligible you to spread out the cost of your program in monthly installments with no interest.

    Employer_Education_Benefits_vb_470x382.png

    Finance your education, build new skills, and add value for your company — using your employer-sponsored education benefits.

    If you want to get the best education in cybersecurity while you work, and your organization offers education benefits, let them help you take your next step. SANS.edu cybersecurity degree and certificate programs are designed for working professionals, and your employee benefits package may help cover the cost of pursing your goals.

    Questions?

    We're happy to help. Email info@sans.edu or call 301.241.7665.

    About the SANS Technology Institute

    Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering graduate and undergraduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

    The SANS Technology Institute is accredited by The Middle States Commission on Higher Education

    (1007 North Orange Street, 4th Floor, MB #166, Wilmington, DE 19801 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.