The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

GIAC Certifications: A Comprehensive Guide for 2017

In the high-stakes information security realm, businesses and organizations are looking for gifted professionals with verified security skills. GIAC certifications are an excellent means of setting yourself apart.

GIAC pros discussing securityFounded in 1999 by the SANS Institute, the GIAC (Global Information Assurance Certification) program offers more than 30 individual credentials for information security specialists. Since its founding, GIAC has issued more than 95,000 certifications.


To help certification candidates build the skills needed to tackle the sophisticated and technical nature of cybercrime, GIAC’s certifications focus on highly specific cybersecurity knowledge areas — each credential is aligned to a distinct job role.


Why achieve a GIAC certification?


GIAC certifications are a great indication of cybersecurity skill and knowledge. These credentials are designed to fill gaps in cybersecurity skills, and few other certs cover the same highly specialized material in this depth.


These certifications are well-recognised within the information security industry and align to ANSI and ISO 17024 — national and global standards designed to validate the quality of organizations that offer certification.


SANS Institute, the organization that owns and operates GIAC, is a major provider of cybersecurity training for the United States Armed Forces. Because of this relationship, a number of GIAC certifications are DoD 8140-compliant. To explain: The DoD 8140 directive requires all U.S. Department of Defense personnel and contractors to be certified in their area of work. Compliance is a must for contractors employed by U.S. government organizations.


Your guide to GIAC’s certification portfolio


The GIAC program prides itself on providing specialized, practical certifications that align to popular cybersecurity job roles.


Relying on purely theoretical knowledge is the ultimate security risk, according to GIAC. Instead, technical, real-world knowledge and skills are the best way to secure businesses.


Most GIAC certifications align to training provided by SANS, but training is also available from other providers.


It’s worth noting that, while no training is officially required to achieve a GIAC certification, training remains highly recommended.


GIAC administers certifications across seven information security domains:


● Cyber Defense
● Penetration Testing
● Incident Response and Forensics
● Management, Audit, Legal
● Developer
● Industrial Control Systems
● GIAC Security Expert (GSE)


With dozens of certifications across these domains, it can be easy to get lost within GIAC’s huge certification library. Let’s take a look at each of the domains and the certifications available within them.


Cyber Defense


GIAC Cyber Defense certifications ensure that professionals have the know-how to defend against modern cybersecurity threats.


The GIAC Security Essentials (GSEC) credential is one of the most popular certifications within this domain because it’s ideal for entry-level security professionals, operations personnel, and managers. GIAC Certified Intrusion Analyst (GCIA) is also highly recommended for professionals responsible for network monitoring and intrusion detection.


In all, the available credentials under Cyber Defense are:


● GIAC Security Essentials (GSEC)
● GIAC Certified Intrusion Analyst (GCIA)
● GIAC Information Security Fundamentals (GISF)
● GIAC Certified Enterprise Defender (GCED)
● GIAC Certified Windows Security Administrator (GCWN)
● GIAC Certified Perimeter Protection Analyst (GPPA)
● GIAC Continuous Monitoring Certification (GMON)
● GIAC Certified UNIX Security Administrator (GCUX)
● GIAC Critical Controls Certification (GCCC)


Penetration Testing


While the Cyber Defense domain focuses on protecting organisations, the Penetration Testing domain specialises in offensive hacking techniques and includes specialist certifications to build this knowledge.


This domain also includes Incident Handling: expert skills required to manage security incidents in progress. The GIAC Certified Incident Handler (GCIH) certification provides the knowledge needed to detect, respond to, and resolve cyberattacks. Given the global rise in hacks, it’s not surprising this certification is so popular. For more information, here’s a comparison of CISSP, CEH and GCIH.


In all, the available credentials under Penetration Testing are:


● GIAC Certified Incident Handler (GCIH)
● GIAC Penetration Tester (GPEN)
● GIAC Web Application Penetration Tester (GWAPT)
● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
● GIAC Assessing and Auditing Wireless Networks (GAWN)
● GIAC Mobile Device Security Analyst (GMOB)
● GIAC Python Coder (GPYC)