Introduction: Talent shortage for cybersecurity roles
IT security professionals looking for a new job or ready to progress in their career will find that the right credentials can truly help them by proving their knowledge, skills and competencies to employers. Although the demand outweighs the supply of cybersecurity professionals, companies are looking for certified experts who can objectively prove their abilities and will to keep up to date in a fast-moving field.
This article compares and contrasts two of the leading cybersecurity certifications: the GIAC®️’s Security Essentials Certification (GSEC) and (ISC)²’s Certified Information Systems Security Professional (CISSP) Certification. We’ll also explore each of their prerequisites, the material covered on exams and possible training options.
Give your career a boost with top security certifications: CISSP vs. GSEC
As a cybersecurity professional, you’ve likely considered the benefits of certifications such as the CISSP and GSEC. Chances are that you’ve wondered which would be better for you to achieve in order to effectively prove your background and expertise in the profession.
“The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles,” says (ISC)².
“[The GSEC is ideal for security professionals] that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks,” says SANS Institute.
(ISC)², or the International Information Systems Security Certiﬁcation Consortium, issues the CISSP credentials to qualified candidates who can pass an exam to show their knowledge and skills on a range of security topics. Those who take roles in networking, system administration, programming and/or security can definitely look at attaining this credential which is well-known and respected by employers worldwide.
GIAC, or the Global Information Assurance Certification, supplies the GSEC credentials to qualified, working professionals who can pass its exam to prove expertise on a range of topics. These topics include network security, hardening operating systems and handling cybersecurity incidents.
Both certifications are great but deciding which to earn depends on the focus of the candidates. In fact, the (ISC)² certification is more based on overall, theoretical knowledge of the cybersecurity realm. Its scope ranges through a wide variety of areas and definitely requires a strong experience in order to pass the test.
The GIAC credential is more concentrated on technical aspects and could be of value to employers who are looking for hands-on professionals. According to GIAC itself, “GSEC is more focused on what security professionals actually have to do, and goes deeper in technical concepts.”
The topics covered by the CISSP and GSEC exams
Simply knowing the topics covered for your certification might help you to choose the right credential. This ought to also help should you determine if you’re ready to take the exam.
(ISC)², which issues the CISSP credential, tests if candidates have the knowledge, skills and abilities in the field of IT security. The certification is appropriate for professionals whose daily tasks include monitoring systems (i.e., the software and hardware) and identifying risks associated with each network component to prevent any possible cyberattacks.
Due to the wide coverage of cybersecurity topics, as seen below, it is also great for those asked to design and manage cybersecurity programs for their organization.
- Security and Risk Management — 16%
- Asset Security — 10%
- Security Engineering — 12%
- Communications and Network Security — 12%
- Identity and Access Management — 13%
- Security Assessment and Testing — 11%
- Security Operations — 16%
- Software Development Security — 10%
See what’s new:
- The (ISC)² CISSP CBK 2018 — take a closer look at the 8 domains
- The CISSP exam which changed to CAT format in December 2017
CISSP Exam Information
- Number of questions: 100-150
- Length of exam: 3 hours
- Exam question format: Multiple-choice and advanced innovative questions
- Passing score: 700 (out of 1000 possible)
- Testing Center: (ISC)2-authorized PPC and PVTC Select Pearson VUE testing center
- Proctored, closed-book exam
The SANS Institute issues the GSEC, or GIAC Security Essentials Certification. The credential requires passing a computer-based exam that validates a candidate’s specialized knowledge on a range of technical security topics. The GSEC certification covers:
- Access control and password management
- Active defense
- Contingency plans
- Critical controls
- Cryptography algorithms and deployment
- Cryptography application
- Defensible network architecture
- Endpoint security
- Enforcing Windows security policy
- Incident handling and response
- IT risk management
- Linux security: Structure, permissions and access
- Linux services: Hardening and securing
- Linux: Monitoring and attack detection
- Linux: Security utilities
- Log management and SIEM
- Malicious code and exploit mitigation
- Network device security
- Network security devices
- Networking and protocols
- Securing Windows network services
- Security policy
- Virtualization and cloud security
- Vulnerability scanning and penetration testing
- Web communication security
- Windows access controls
- Windows as a service
- Windows automation, auditing and forensics
- Windows security infrastructure
- Wireless network security
As you can see, the GSEC covers an extensive number of hands-on topics. Candidates should keep in mind that GIAC requires its certification holders to possess information security knowledge beyond that of simple concepts and terminology.
GSEC Exam Information
- Number of questions: 180
- Length of exam: 5 hours
- Exam question format: Multiple-choice and advanced innovative questions
- Passing score: 73%
- Testing Center: A proctored-only version is delivered online at Pearson VUE sites
- Proctored, open-book format, but not open-internet or open-computer
CISSP or GSEC?
Both are valued credentials and requires investment in time and money to achieve and maintain
So which certification will it be? Once decided, you should know there are long-term requirements for maintaining your credentials.
In order to maintain the Certified GSEC designation, Continuing Professional Education (CPE) credits can be applied to retain the credential. The same also goes for if you hold the CISSP certification that requires CPE credits — they can be obtained by, for example, attending industry events or conferences.
To help you decide which credential is right for you, consider the following factors and points of comparison.
|Name of certification||Level||Topic covered||Requirements||Fees|
|Certified Information Systems Security Professional (CISSP)||Advanced||Exam covers 8 topic domains of CISSP CBK The broad spectrum of topics are listed in the CISSP certification exam outline||Eligibility for those with five years of full-time experience and a college degree. Recertification is required every three years, requiring 120 CPE credits||$599 exam cost. $85 annual maintenance fee|
|GIAC Security Essentials||Basic||The exam objectives are listed on the GIAC website. Topic areas are also on SANS™ Institute’s website for the GSEC certification. A broad spectrum of topics is covered: from general security, networking, on to computing topics||No previous experience required. Recertification is required every four years, requiring 36 CPEs over this period to remain certified||$1,149 exam cost. (Note: GIAC Certification Attempts purchased independently from a SANS training package are $1,999.) There is also a $399 certification maintenance fee (due every four years)|
What is the best way to train for any of the certification exams?
For exam preparation, the (ISC)² and GIAC programs offer a great starting point for study.
- (ISC)²’s CISSP Training online self-paced course is a suitable option for preparing
- GIAC’s affiliate SANS Institute offers SEC401 (a Security Essentials Bootcamp Style course) can help to prepare for the rigorous GSEC certification exam
- You might consider taking relevant courses from authorized and approved training partners that offer skills training and certification boot camps that can fit anyone’s schedule, needs and learning style
As cybercrime, hacks and attacks continue to evolve, the role of security-savvy IT professionals cannot remain the same. In fact, today’s modern digital world has hiring firms leaning towards individuals who can demonstrate true talent, continue their knowledge-building and keep pace with the many changes in the IT security realm.
Certification can pinpoint specific expertise in hardware, software and networks while testing candidates on formal knowledge as well as tools of the trade, needed skills and hands-on abilities.
Explore your career options and then opt to acquire the relevant certification in line with the occupation you are seeking. Choosing between CISSP and GSEC might seem easier, with CISSP as the preferred option thanks to its worldwide reputation; however, GSEC and its technical hands-on focus can be even a better option for candidates with fewer years of experience or who aspire to roles like auditors, forensic analysts and penetration testers in addition to those as security managers and IT engineers.
- Cybersecurity Career Pathway, CyberSeek
- Security Certifications? You’re Certifiable, CSO
- A Guide to Information Security Certifications, Daniel Miessler
- Best Information Security Certifications 2019, Business News Daily
- The Top 9 Cybersecurity Certifications for Security Pros in 2019, Solutions Review
- Does Certification Really Matter — GSEC v. CISSP, GIAC
- CISSP – The World’s Premier Cybersecurity Certification, (ISC)²
- GIAC Security Essentials (GSEC), GIAC
- CISSP vs. the GSEC Certification, (ISC)²
- GSEC vs. CISSP, seangoodwin.blog
- My CISSP Success Story, seangoodwin.blog
- CISSP versus SANS GSEC Certification, SecurityCerts.org