If you’ve been in or around Cybersecurity for any amount of time, it’s likely you have heard of the SANS institute and associated GIAC certifications. SANS GIAC certifications are some of the most coveted in Cybersecurity, but unfortunately also the most expensive. You can view the extensive course and certification list here. In an effort to make quality security training and education more accessible, I have compiled a list of ways to obtain SANS education at a free or reduced cost.
Some of the most popular SANS courses requested in job applications include the GCIH (Incident Handler), GPEN (Penetration Testing), and the GSEC (Security Essentials), but there are significantly more in-depth offerings over a wide range of topics including digital forensics, cybersecurity policy and management, and cloud security. The full on-demand course, two practice tests, and certification exam runs around $10,000. That’s quite a lot for one certification if you ask me!
I would strongly advise not paying $10,000+ for a relatively entry-level cybersecurity certification (like the GSEC) out of pocket. Let’s dive in to obtaining these certifications for cheaper, or even for free. In order from lowest cost to highest cost (in US dollars) here are some alternative ways to pursue SANS certifications:
- Current Students (High School or University) – Play CyberStart
- SANS Cyber Academies
- Pay only for the exam attempt
- SANS Work-Study program
- SANS Institute
Current Students (High School or University) – Play CyberStart
High school or University students enrolled in any number of credits (full or part time) are eligible to compete in the annual CyberStart CTF. The National Cyber Scholar Foundation (NCSF) has partnered with SANS to provide top-scoring players with SANS scholarships. You can read more about the scholarship program on the NCSF website.
If you are worried about becoming a top-scoring player, fear not! The CyberStart CTF starts off quite introductory with plenty of tutorials, hints, and guides to get you started. Players must score at least 20,000 points to be eligible for the scholarship. When I did this, I found it to be quite time consuming because each challenge starts at 100 points, but the more challenges you solve the more weight each challenge carries, so you can collect points more quickly the further you get in the game. In 2022 most players who scored over 20,000 points received the scholarship, so you should have a good shot at winning the scholarship if you can hit that benchmark.
The good news about this opportunity is that you can play for multiple years. The first year you would be eligible for the GFACT (Security Foundations) certification, and if you continue to play the following year you will likely be offered a choice between two advanced SANS certifications. The second year I played, winners had the option between the GSEC (Security Essentials) and the GCLD (Cloud Security Essentials). In theory, if you kept playing for several years you should be able to win several SANS certifications at no cost to you! The downside is that you won’t really know what courses will be offered to you beyond the GFACT, but I would bet the GSEC will be a standard course for second year winners in the future.
SANS Cyber Academies – Career Changers and University Students
New career changers, college seniors, and University graduates not currently working in the security field are eligible to apply for the SANS academies. Some academies currently offered by SANS are the Women’s Cyber Academy, the Veteran’s Cyber Academy, HBCU+ Immersion Academy, and the Diversity Cyber Academy. More information about eligibility requirements can be found on each Academy’s page.
The catch is that you cannot have any prior SANS certifications, so if you are a student I would recommend applying for the academies first and then playing CyberStart. The academies ensure 3 certifications (the GFACT, GSEC, and GCIH), while CyberStart will limit you to 1 per year – and it’s not guaranteed that you will win a scholarship. For career changers, the academies are a great option to snag 3 well-known certifications from SANS.
The academies open applications at varying times throughout the year, so stay on top of this page and add alerts into your calendar.
Pay only for the exam attempt
This is easier said than done considering SANS exams are a word-for-word repetition from the course textbooks, however you do not need to take the $9,000 course associated with the certification and can instead elect to take just the certification exam using your own preparation materials. The cost of the exam attempt is around $1,000.
SANS Work-Study program
This option is considered a reduced-cost alternative, but will still cost around $2,500 depending on the length of the course. The program is a semi-scholarship that requires the candidate to work during either an online or in-person course in exchange for reduced cost course materials and the associated exam attempt.
For in-person moderation at SANS training events, SANS requires the candidate stay at the conference hotel to be on-call or forfeit the exam fee waiver (~$900). In person moderators will incur additional costs of travel and lodging as this is not covered by SANS. If you can snag an online moderator position I would recommend that to avoid paying additional travel expenses and lodging to take the training and certification. Additionally, consider the cost of taking off work (if applicable) as the courses usually run Monday-Friday during the day with additional duties early in the morning and late at night, and setup work the Sunday prior.
For 4, 5, and 6 day courses the candidate is required to pay $2,500 to work and receive access to the study materials. For courses less than 4 days the cost is $417/day.
If this program is financially doable for you and you can snag a moderator spot in a course you’ve really been wanting to take, then this might be a great option. However, you will only receive the course materials and exam attempt for the course you are selected to work – so apply carefully. I found the in-person moderator spots to be significantly less competitive than the online moderator spots due to the additional travel costs associated with in-person courses.
You can find more information about the program on the SANS Work-Study site.
SANS Institute
Lastly, the SANS education institute is the academic branch of the SANS corporation and serves as an accredited University with undergraduate, certificate, and graduate programs. The courses offered through the SANS institute are the same as the courses and GIAC certifications members of the general public can take, but offered at a reduced cost to SANS students.
The cost by program can be found on this page. One standard course + associated certification is 3 credit hours. The Master’s degree program is $1,500 per credit compared to around $3,000 per credit for non-students. The graduate certificate program is $5,700 per course compared to ~$10,000 per course outside of the institute. The University also offers a limit of two courses for non-degree seeking students at $6,500 per course which is still significantly less than $10,000 for non-SANS students.
You should be able to use employer tuition assistance for courses at the SANS institute as it is an accredited higher institution. This may be a great option for employees with those benefits.
Unfortunately you cannot apply to the University and take a select few courses and certifications at a cheaper rate without finishing the entire degree program. The academic programs set curriculum paths that dictate the order of courses and prerequisites for students. However, if your desired course happens to be one of the first courses in the curriculum path I don’t see why you couldn’t do this. 🙂
I hope this guide was helpful and that you are able to obtain some top-notch security training at an accessible price!