GIAC Certifications Overview
GIAC® certifications are created and administered by the Global Information Assurance Certification and cover a variety of security domains. GIAC certifications vary from management and leadership to deep levels of penetration testing, reverse engineering and more. In this article, we will take a look at different certifications that GIAC has to offer, broken down by domain, and provide a brief overview of all of them.
Domain: Penetration Testing
- GCIH: The GIAC Certified Intrusion Analyst is an entry-level certification in the penetration testing domain. It tests a candidate’s knowledge around understanding an incident, detecting an incident, using various tools to understand attacker tactics and understanding different types of attacks, such as buffer overflows, password attacks, session hijacking, the OWASP Top 10 and more.
- GPEN: The GIAC Penetration tester certification assess candidates knowledge around networks and systems design and to discover vulnerabilities. Candidate should know basics about exploitation and pentesting process This certification tests candidates knowledge to perform advanced password attacks; how to scan for vulnerabilities;how to scan for interesting targets and how to profile them;methods to perform post exploitation,web application attacks.
- GWAPT: The GIAC Web Application Penetration Tester certification focuses on web application pentesting and requires the candidate to have in-depth knowledge of how some known web application attacks work. Examples of attacks include cross site request forgery (CSRF), cross site scripting (XSS) and injection attacks, such as SQL injection and command injection. Candidates should also know how to profile an application and look for weak areas.
- GPYC: The GIAC Python Coder certification aims at assessing Python fundamentals, such as exception handling, data types and data structures as well as other Python skills, such as usage of known libraries and using Python as a browser to test applications. The candidate should also be familiar with creation of small tools to aid in information security engagement.
- GMOB: The GIAC Mobile Device Security Analyst certification targets individuals who are interested in mobile device security. This certification requires the candidate know how to capture and interpret network traffic, unlock and root mobile devices, understand different mobile operating systems, perform full penetration testing to identify weakness, and understand mitigation strategies against stolen mobile device and malware.
- GAWN: The GIAC Assessing and Auditing Wireless Networks certification tests the knowledge of assessing wireless networks, including understanding a basic wireless network and its components; understanding weak encryption methods and how to attack them; securing and attacking WPA2, Zigbee, and DECT; sniffing and analyzing wireless traffic; performing Bluetooth low-energy and RFID high-frequency attacks; and creating and identifying rogue access points.
- GXPN: The GIAC Exploit Researcher and Advanced Penetration Tester is an advanced-level certification for penetration testers that assesses a candidate’s knowledge around advanced stack smashing with some OS-level mitigation, advanced fuzzing techniques, assessing and exploiting the network, post-exploitation lateral movement, Windows/Linux system and memory exploitation, writing advanced-level shellcodes and understanding weaknesses of various cryptographic implementations.
Domain: Industrial Control Systems (ICS)
- GICSP: The GIAC Global Industry Cyber Security Professional certification tests a candidate’s knowledge around ICS infrastructure architecture, ICS cybersecurity essentials, ICS elements hardening, ICS security assessments and monitoring, and other security areas with the goal of ensuring that those working with control systems have a well-rounded understanding of ICS security.
- GRID: The GIAC Response and Industrial Defense certification tests a candidate’s knowledge of performing active defense strategies for ICS systems. Candidates must possess skills to detect, analyze and perform threat analysis in an ICS environment as well as have knowledge around digital forensics focusing on ICS components and network monitoring within ICS environments.
- GCIP: The GIAC Critical Infrastructure Protection certification tests the candidate’s knowledge of NERC CIP regulatory requirements, BES reliability operating systems, BES cyber asset identification, electronic security perimeter architecture, malicious communication detection, external routable connectivity communication, and more.
Domain: Cyber Defense
The GIAC Information Security Fundamentals is an entry-level certification for security professionals. The certification tests a candidate’s knowledge around access control, authentication and authorization; basic understanding of cryptographic algorithms; understanding of network protocols and attacks; and understanding of defending systems from threats.
- GSEC: The GIAC Security Essentials certification assesses a candidate’s understanding of theoretical security topics, including access control theory, legal aspects of incident handling and incident handling fundamentals, as well as more practical security aspects, such as dealing with wireless attacks, implementing defense in depth, reading packets and securing Windows Server services.
- GCED: The GIAC Certified Enterprise Defender certification tests a candidate’s knowledge of network protocols and their weakness as well as ways to defend against those weaknesses. The candidate must understand VAPT concepts, performing forensics on network logs and malware, static and dynamic analysis of malware, the concepts of incident response and more.
- GPPA: The GIAC Certified Perimeter Protection Analyst certification assess a candidate’s knowledge around designing and configuring routers, switches and firewalls. This exam tests understanding around cloud stack models and perimeter security; basics of IP and ICMP version 6, implementation and configuring of NIPS/NIDS, understanding around wireless networks and security, and techniques such as stateful and static packet filtering.
- GCIA: The GIAC Certified Intrusion Analyst certification tests a candidate’s knowledge of configuring and monitoring intrusion detection systems to analyze network traffic. Candidates must possess skills such as IDS tunneling and application layer protocol dissection as well as an understanding of fragmentation attacks, IDS/IPS fundamentals, IP packet header analysis and working knowledge of important tools, such as tcpdump and Wireshark.
- GCWN: The GIAC Certified Windows Security Administrator certification assesses the candidate’s knowledge of securing Windows components such as PKI, IPsec, Group Policy and PowerShell. The candidate must possess skills to configure endpoint protection on Windows, including AppLocker, firewalls and Windows audit policies as well as the ability to plan and implement PKI and secure PowerShell through code signing, constraint modes, and user access control restrictions.
- GCUX: The GIAC Certified Unix Security Administrator certification tests the candidate’s knowledge of securing and auditing UNIX and LINUX systems. Candidate must possess skills such as implementing best practices for kernel security and have a thorough understanding of chroot() strengths and weakness, BIND and DNSSEC, maintaining iptables; the advantages and limitations of SeLinux, stack smashing, configuration of sudo and syslog-ng, and more.
- GMON: The GIAC Continuous Monitoring Certification certification tests the candidate’s knowledge of assessing and implementing defensible security architecture and its continuous monitoring. Candidates must possess the skills to control privilege levels of accounts and applications, knowledge of HIPS/HIDS/NIPS/NIDS/NGFW, understanding of security baseline configurations, knowledge of proxies and SIEM for continuous monitoring, and understanding of how to protect the perimeter from known attacks.
- GCCC: The GIAC Critical Control Certification certification tests the candidate’s knowledge of implementing critical security controls recommended by the Council on Cybersecurity. The candidate must possess knowledge of securing account access, implementing secure configurations for network devices, blocking malware, inventory and control of hardware and software assets, implementing controlled admin access and implementing secure principles, such as need to know and protecting data at transit, in storage and at rest.
Domain: Digital Forensics and Incident Response
- GCFE: The GIAC Certified Forensic Examiner certification assesses a candidate’s knowledge and skill in conducting typical incident investigations. The candidate must possess the ability to profile systems and devices; an understanding of critical OS artifacts, such as files, the registry, and browser artifacts; the ability to acquire, prepare and preserve digital evidence; and an understanding of critical Windows events.
- GCFA: The GIAC Certified Forensic Analyst is an advanced-level forensic certification that assesses a candidate’s knowledge and skills in conducting a typical incident investigation. The candidate must possess the ability to identify malicious activity on systems, analyze the timeline of activities, and collect and analyze data from volatile data sources. Candidates must also have a thorough understanding of Windows artifacts and know how to identify critical artifacts from memory and analyze them for any malicious activity.
- GNFA: The GIAC Network Forensic Analyst certification assesses a candidate’s knowledge of network forensics. The candidate must possess knowledge of common network protocols and their inherent risks, including wireless networks, various encryption and encoding techniques, and network proxies, as well as the ability to correlate network logs with other log sources to perform advanced analysis.
- GASF: The GIAC Advanced Smartphone Forensics certification tests a candidate’s knowledge of forensic examinations of mobile phones and tablets. The candidate must possess knowledge around mobile OS platforms such as iOS, Android and Blackberry, including file system knowledge. Candidates must also know how to analyze and interpret user activity; know how to securely collect, store and backup evidence; and understand the tools and techniques used to identify mobile malware and decompile it.
- GREM: The GIAC Reverse Engineering Malware certification is one of the most advanced-level certifications that GIAC offers. The certification assesses a candidate’s knowledge of assembly languages (for both 32 bit and 64 bit), static and dynamic analysis of malware, using memory forensics for malware analysis, uncovering malicious executables and browser scripts, and using debuggers and dissemblers.
- GWEB: The GIAC Web Application Defender certification requires candidates to demonstrate and understand various weaknesses in web applications. The certification assesses a client’s knowledge of access control attacks and mitigation strategies, AJAX and attacks around it, injection attacks such as SQL and command injection, and XSS and CSRF attacks and their mitigation, as well as knowledge of various configurations of hardening and secure architecture of web applications.
- GSSP-JAVA: The GIAC Secure Software Programmer – Java certification requires the candidate to possess skills around writing secure code and identifying weakness in existing Java code. This certification assesses the candidate’s understanding of the Java platform’s features around authentication and authorization, session management and cryptography.
- GSSP-NET: The GIAC Secure Software Programmer – .Net certification requires the candidate to possess skills in writing secure code and identify weakness in existing .Net code. This certification assesses the candidate’s understanding of .Net Framework security, .Net authentication & authorization, .Net data validation, .Net encryption, .Net error handling and .Net session management.
Training providers such as InfoSec Institute provide a variety of flexible courses to help you prepare for popular GIAC certifications.