GIAC Program Overview (PDF

GIAC Program Overview 

Jeff Frisk – GIAC Director 

jfrisk@giac.org 

Q1 2013 Version 

Program Overview - GIAC Certification © 2012 1

What is GIAC? 

•GIAC is the ‘Global Information 

Assurance Certification’ program 

•GIAC assesses candidate knowledge in 

specific subject areas and grants 

credentials in the field of IT Security 

•GIAC has issued over 45,000 credentials 

over the past ten years 

Program Overview - GIAC Certification © 2013

Benefits of Certification 

• Personal Perks 

– Increased salary / upward mobility 

– Prestige / confidence 

– Demonstrated ability 

• Industry Benefits 

– Establishes benchmarks 

– Confirms individuals have specific technical skill sets 

– Stronger community bonds 

• Reinforcement of Education 

– Management Tool 

– Dusty books help no one 


The GIAC Certification Program: 

•Validates real-world competency 

•Focuses on hands-on concepts 

•Offers specific skills based certifications 

aligned with critical infosec job duties 

•Is highly respected among both industry 

leaders and technical practitioners 


GIAC Earns SC Magazine’s 2011 Award for 

Best Professional Certification Program 

• The prestigious, performance-based GIAC 

Security Expert Credential was named 

'Best Professional Certification' by SC 

Magazine in 2011 

• GIAC Credentials have been finalists in SC 

Magazine’s 2009, 2010, 2011, 2012 Best 

Professional Certification Program category 

(GCFA, GSEC, GCIA, GWAPT, GSE) 


Top 3 Reasons to Earn Your 

GIAC Certification 

1. Managers use GIAC certifications to 

ensure that candidates actually possess 

deep technical skills 

2. GIAC certifications help IT Security 

Professionals get promoted faster and 

earn more money 

3. GIAC candidates learn and absorb more 

of the detailed content through 

preparing for certification exams 


Salary Data and GIAC Reputation 

• 81% of hiring managers who participated in a recent Salary 

Survey consider certifications a factor in their hiring decisions 

• 41% of respondents from the same survey said their 

organizations use certifications as a factor when determining 

salary increases 

• There is a strong demand for qualified information security 

professionals and GIAC certification proves you have the skills to 

do the job 

• Foote Partners names four GIAC certifications in their list of the 

10 Hottest Certifications, including the #1 certification GIAC 

Certified Incident Handler (GCIH) 

www.baselinemag.com/c/a/Education/Ten-Hot-IT-Certifications- 

627829/ 


What Do Hiring Managers Say? 

Hiring managers use GIAC certifications to ensure that 

candidates actually possess deep technical skills… 

“We require all analysts to hold GIAC Intrusion 

Analyst certifications (GCIA) - and we tie this 

to promotions and additional salary. 

As a Security Operations Center Manager I 

have additional confidence in my team's 

abilities because they hold GIAC Certifications.“ 

Brent Deterding, SOC Manager LURHQ 


What Do Infosec Professionals Say? 

GIAC certifications help IT Security Professionals get 

promoted faster and earn more money… 

"The GIAC certification has enabled me to take 

the next step in my Information Security 

career. It allowed me to prove that my value 

was more than just that of a security minded 

Sys Admin." 

–J. Klein, Enterprise Information Systems, 

Cedars-Sinai Medical Center 


What Do Certified People Say? 

GIAC candidates learn and absorb more of the detailed 

content through preparing for certification exams 

"The SANS hands-on experience and the intensive GIAC 

certification process has garnered me the respect of my 

boss and peers. Now, when I speak, people listen. I 

have the confidence to get the job done. My boss looks 

at me with respect that simply wasn't there before 

SANS training and GIAC certification. Not only my boss, 

but managers and peers at other large organizations." 

- Matt Carpenter, Enterprise Information Systems 


GIAC Certifications 

• GSEC - Security Essentials 

• GCFW - Firewall Analyst 

• GCIA - Intrusion Analyst 

• GCIH - Incident Handler 

• GCFA - Forensics Analyst 

• GCUX - Unix Security 

• GCWN - Windows Security 

• GSSP - Secure Coding 

• GCED - Enterprise Defender 

• GCFE - Forensics Examiner 

• GWEB - Web App Defender 

• GXPN - Advanced Pen Test 

•GISF -Information Security Fundamentals 

•GSLC -Security Leadership 

•GSNA -System & Network Auditor 

•G2700 -ISO 17799/27001 

•GISP -Information Security Professional 

• GAWN - Auditing Wireless Networks 

•GREM -Reverse-Engineering Malware 

•GPEN -Penetration Tester 

•GWAPT -Web App Pen Testing 

•GCPM -InfoSec Project Management 

•GLEG -InfoSec Legal Issues 

For a complete list of GIAC Certifications 

http://www.giac.org/certifications/get-certified/roadmap 


GIAC Certification Options 

GIAC Certification 

– Multiple choice exam only 

GIAC Gold Status 

– Add a written technical report 

GIAC Expert Status 

– Highest certification level 


Registration 

•Register for GIAC certification 

–In addition to training, certification requires 

a $579 fee 

–You can add your certification attempt at 

the conference registration desk or by 

calling (301) 654-7267 

– Must add before end of conference or the 

price goes up to $849 

–Your certification attempt has a four month 

access window 


ISO/ANSI 17024 Accredited 

•ISO/ANSI 17024 is a quality standard for 

organizations granting certifications 

•The GIAC certification program (specifically 

GSEC and GSLC) was first accredited by the 

American National Standards Institute (ANSI) 

in December of 2007, under the ANSI/ISO/IEC 

17024 standard 

• In 2009 the GCIH, GCIA, and GCFA 

certifications were accredited under 17024 


US Department Of Defense 8570 

•DoD Directive 8570 provides guidance and 

procedures for the training, certification, and 

management of the DoD workforce conducting 

Information Assurance functions. It also 

provides guidance on reporting metrics. 

•The GIAC certification program has eight 

certifications included on the official 8570 list 

•GSE, GSEC, GCIA, GCIH, GSLC, GSNA, GCED, 

GISF 


Proctored Exams 

• ALL Certification exams are fully proctored 

• Exams are open book, but not open computer 

• As of April 15, 2012 Pearson VUE is GIAC’s 

official partner for administering exams 

• A full list of testing sites is available at: 

http://www.giac.org/exams/testing-centers 

• Pearson VUE has more than 3,400 Testing 

Centers located in 165 countries worldwide 


Web Based Scheduling System 


Select A Testing Center 


GIAC Exam Details 

• All GIAC certification exams are taken online, in a 

proctored environment 

• All material for a certification is covered in one exam 

• Exams are open book and notes (think paper), not open 

electronic devices (no Google or pdfs) 

• Common GIAC Exam formats: 

– 75 question, two hour exams 

– 115 question, three hour exams 

– 150 question, four hour exams 

– GSEC is 180 question, five hour exam 

• You receive two practice tests 

• Certification exams associated with this conference must 

be completed within 120 days of account activation 


Your Account 

•You will receive your 

account info about 10 

days after the conference 

• An up-to-date e-mail 

address is required! 


GIAC Certification Portal 


Preparing for Your GIAC Exam 

•Be familiar with exam objectives 

•Reread all the slides and notes 

sections from your course material 

•Build your hands-on skills by 

revisiting in-class exercises 

•Listen to the course audio mp3 files 

•Utilize your practice tests 


Study Time 

•Don’t wait until the last minute! 

•On average, students who pass their 

GIAC exams put in 55 hours of study 

time, in addition to classroom training 

•For GSEC the average is higher, over 70 

hours 

•Take time to prepare, it will pay off! 


You’re Certified! 

•Fill out the data input form after your 

exam and a framed GIAC Certification 

will be mailed to you, you only need to 

pay for shipping :) 

•Name and expiration dates for ALL 

GIAC certifications are posted on the 

GIAC Certified Professionals website 

•Utilize the official GIAC logos: 

http://www.giac.org/certifiedprofessionals/business-card-logos 


Your Certification 


Challenge Certifications 

•Attempting GIAC Certification without 

training from SANS 

•Same requirements apply 

•Practice exams are provided 

•Available for many certifications 


Extensions and Exam Failures 

• YOU must be conscious of your certification attempt 

deadline (UTC) 

• 45 Day extensions are $299, non-refundable 

– You can purchase extensions 15 days before through 30 days 

after your time has expired 

• In the case of exam failure, additional attempts are 

$549, non-refundable 

– 30 day waiting period after every exam failure 

• Purchasing an additional attempt after an exam failure 

adds one calendar month to your timeframe, in addition 

to the 30 day waiting period (60 days total) 

• After three (3) failed attempts candidates must wait 

one full year before continuing the certification attempt 


Certify Responsibly 

• Each candidate is bound by the GIAC Code of ethics 

• Multiple failures indicate you could be 

misrepresenting your abilities. 

– It is the candidate’s responsibility to put forth the effort to 

be able to demonstrate mastery of the certification 

objectives. Policies have been put in place to help uphold 

this standard. 

• You will need to wait a year before you can continue 

pursuing GIAC certification if you fail three times 

• Candidates are expected to complete GIAC 

certification attempts in a timely manner 

– All GIAC certification attempts must be completed within 24 

months regardless of circumstances. 


Certification Maintenance 

• Security changes rapidly! 

• GIAC certifications are valid for four years 

• $399 certification renewal fee due once every four 

years, includes current training material from SANS in 

you agree to pay for shipping 

• Multiple renewal options 

– Retest, continuing education, published technical paper 

• Discounts available for multiple certifications due 

within the same two-calendar-year period 

– After first one, all others within 2 calendar years are $199 

• Benefits to maintaining your certification: 

– The longer you hold the certification, the more valuable it is 

• www.giac.org/certification-renewal/ 


GIAC Gold Technical Report 

•Reinforcement of detailed knowledge 

in a given subject area 

•Hands-on learning 

•Community resource, paper is posted 

for the benefit of the community 

•No time limit to sign up, $349 

•Can be used to renew certifications 


GIAC Gold Advisors 

•Assigned to an Advisor for detailed, 

personalized feedback 

•A different expert in the field will 

do the grading 

•Extensive training for grading staff 


GIAC Expert Level Certification 

•Top of the Pyramid 

–GSE -GIAC Security Expert 

•Basic prerequisites are GSEC, GCIA and GCIH 

•Not a single training course 

•Several days of hands-on testing are 

required for certification 

•Earning an Expert Level Certification 

combines individual recertification 

requirements 


SANS Technology Institute 

•GIAC is one of the assessment and grading 

arms of the SANS Technology Institute 

•STI is a Masters degree program 

•STI is authorized by the Maryland Higher 

Education Commission to award MS Degrees 

• 16 students have graduated 

• About 65 students are currently enrolled 

• Applications are being accepted 

•http://www.sans.edu for more info 


GIAC Advisory Board 

•Open to anyone who earns an exam 

score of at least 90% when obtaining a 

GIAC certification 

•More than 2,000 active members 

•Honors and demonstrated interest 

•Opportunities 

•Benefits 

•Responsibilities 


GIAC Alumni & Social Media 

• GIAC has an ‘Alumni Groups’ on the social media networks 

• This helps fosters GIAC alumni communication outside of 

the conference setting 

• If you are GIAC certified and part of the LinkedIn 

community 

• http://www.linkedin.com/e/gis/38376/45794D211EFE 

• Become a fan of GIAC Global Forum on Facebook 

• http://www.facebook.com/group.php?gid=28603585600&v 

=app_2373072738#!/groupphp?gid=28603585600&v=wall 

• Follow GIAC on Twitter and gain access to our featured 

Question of the Week, updates to the program, and more! 

@GIAC_Certs 


A Note on Plagiarism 

•Plagiarism is representing someone 

else’s work as your own 

•ZERO TOLERANCE POLICY 

• Termination or Revocation 

• Read the Administrivia for 

guidance on the use of references, 

etc. 


Where Do I Go for Information? 

• GIAC web site: http://www.giac.org 

•SANS web site: http://www.sans.org 

•Copy of this presentation: 

http://www.giac.org/overview/program_overview.pdf 

• GIAC FAQ page: 

– http://www.giac.org/FAQ.php 

•GIAC general e-mail address: 

–info@giac.org 

•GIAC proctor questions: 

– proctor@giac.org 


QUESTIONS? 

Now is a time for you to ask any 

questions you have about 

SANS, GIAC, or the 

certification process 

OR 

E-mail any time to info@giac.org

GIAC Program Overview (PDF

Create successful ePaper yourself

Delete template?

Save as template?