Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

SANS GIAC Certification Guide: Overview And Career Paths

SANS GIAC Certification Guide: Overview And Career Paths
By , Kim Lindros

The SANS Institute offers a number of IT certifications in the information security space. This certification guide will help you get started with SANS certs and develop your security career path.

The SANS Institute was founded in 1989 to provide IT security and administration information and vendor-neutral training on those subjects. Since its inception, SANS has trained more than 100,000 individuals via in-class courses, training events and technical conferences held throughout the world, self-paced online training (called SANS OnDemand) and interactive virtual training (called SANS vLive).

Course topics from the SANS Institute include security essentials, hacking techniques, intrusion detection and incident response, network defense, mobile device security, auditing, digital forensics and related security topics. The "information" component of SANS includes the SANS Reading Room, an extensive library of downloadable security research documents; the Internet Storm Center, which monitors and reports on malicious attacks and provides weekly bulletins and alerts; free security policy templates; the CIS Critical Security Controls for cyber defense and more.

MORE: Free InfoSec Training Resources for IT Pros

SANS GIAC certification program overview

SANS formed the Global Information Assurance Certification (GIAC) program to act as the certification arm for its training courses, ensuring that individuals meet knowledge and skills standards in specific areas of IT security. Nearly 90,000 GIAC credentials have been issued. GIAC certifications are well known and highly respected among employers and the information security industry; even the United States National Security Agency (NSA) recognizes GIAC certifications.

GIAC offers more than 30 security certifications across introductory, intermediate, advanced and expert levels. According to SANS, GIAC certifications are unique because "they measure specific skills and knowledge areas rather than general infosec knowledge." That means a typical GIAC certification requires rigorous preparation and hands-on experience. That's why SANS training comes highly recommended.

Note: Another component of SANS is the SANS Technology Institute, which offers two security-related master's degrees — Information Security Engineering (MSISE) and Information Security Management (MSISM) — as well as four post-baccalaureate certificate programs in cybersecurity engineering, cyber defense operations, incident response, and penetration testing and ethical hacking.

MORE: IT Career Paths & Certification Guides
MORE: Best IT Certifications
MORE: Best IT Training

SANS GIAC Certification Tracks

GIAC certifications fall within various specific certification tracks:

  • Audit: The lone certification in the Audit track requires candidates to have a firm grasp of auditing concepts, methodologies and risk management techniques. Further, candidates should be able to audit network services and critical systems, networking devices, Unix and Windows services and system information, and web applications. Candidates must also perform vulnerability assessments.
  • Forensics:  The Forensics track, with five certifications, focuses on the skills required for incident handling and investigations of Windows and Linux computer systems, and smartphones. Credential holders understand data collection and image acquisition, data preservation and analysis, use of the Sleuth Kit and similar tools, anti-forensic techniques, reverse engineering malware and so on.
  • Legal: The Legal track is aimed at paralegals, attorneys, accountants, auditors and others who must know about laws associated with contracts, business policies and compliance, data retention and e-discovery, intellectual property, and privacy and personally identifiable information. This track has one certification.
  • Management: The Management track includes three certifications, which focus on skills and knowledge required by security professionals in managerial or leadership positions, or security-related project managers. One of these certifications  ̶  the GIAC Information Security Professional (GISP)  ̶  measures a candidate's knowledge of the (ISC)2 Common Body of Knowledge. It's a natural fit or follow-on for those who've already earned the (ISC)2 Certified Information Systems Security Professional (CISSP) certification.
  • Security Administration: The Security Administration track is by far the largest, with 18 certifications. Topics include security essentials, incident handling, intrusion analysis, penetration testing (including web applications and exploit research), perimeter defense analysis, Windows and UNIX security administration, wireless networks, mobile device security, cybersecurity, industrial defense, continuous monitoring, critical controls and coder.
  • Software Security: The Software Security track offers three certifications, which measure a candidate's skills in secure software programming techniques in .NET or Java environments and web applications.

Another certification "category," which is the pinnacle GIAC certification, is the GIAC Security Expert (GSE). Some industry officials consider the GSE to be the premier security-related certification available today. Whereas most GIAC certifications can be achieved by passing a single multiple-choice exam, the GSE exam has a multiple-choice component as well as a hands-on lab.

SANS GIAC Certification Levels

SANS offers four levels of certifications, including introductory, intermediate, advanced and expert. The table below is a modified version of the GIAC certification roadmap, listing each certification by level and certification tracks.

      Introductory Level
Security administration• GIAC Information Security Fundamentals (GISF)
• GIAC Global Industrial Cyber Security Professional (GICSP)
      Intermediate Level
Forensics• GIAC Certified Forensics Examiner (GCFE)
Management• GIAC Information Security Professional (GISP)
Security Aadministration• GIAC Security Essentials Certification (GSEC)
      Advanced Level
Audit• GIAC Systems and Network Auditor (GSNA)
Forensics• GIAC Certified Forensic Analyst (GCFA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Advanced Smartphone Forensics (GASF)
Legal• GIAC Law of Data Security & Investigations (GLEG)
Management• GIAC Security Leadership Certification (GSLC)
• GIAC Certified Project Manager Certification (GCPM)
Security Administration• GIAC Certified Perimeter Protection Analyst (GPPA)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified UNIX Security Administrator (GCUX)
• GIAC Certified Windows Security Administrator (GCWN)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Penetration Tester (GPEN)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Mobile Device Security Analyst (GMOB)
• GIAC Critical Controls Certification (GCCC)
• GIAC Continuous Monitoring Certification (GMON)
• GIAC Python Coder (GPYC)

• GIAC Response and Industrial Defense (GRID)*
Software Security• GIAC Secure Software Programmer -- .NET (GSSP-NET)
• GIAC Secure Software Programmer -- Java (GSSP-JAVA)
• GIAC Certified Web Application Defender (GWEB)
      Expert Level
Forensics• GIAC Reverse Engineering Malware (GREM)
GSE• GIAC Security Expert (GSE)
Security Administration• GIAC Assessing Wireless Networks (GAWN)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

* Available as of July 7, 2017.

Other than the GSE, GIAC certifications require passing one exam and have no prerequisites, although GIAC highly recommends SANS training courses, especially for candidates who don't have adequate hands-on experience and aren't able to self-study.

Once an application has been approved, candidates have four months to attempt the associated exam. (GIAC does not administer exams immediately upon conclusion of a training event; candidates must wait at least seven days to sit for the exam.) The cost of each GIAC exam is currently $1,249. (If you purchase SANS training, the cost of the exam drops to $689.) The lab exam for the GSE is $2,199, and the written exam is $429.
Note: Students can purchase and take an exam as part of a training course or independently.

SANS GIAC certification renewal

To remain certified, credential holders must renew their GIAC certifications every four years by earning 36 continuing professional education (CPE) credits. CPE credits may be earned by completing approved training or certifications, participating in continuing education, publishing a technical paper, completing certain graduate level courses, getting community or work experience or participating in cyber range activities. A renewal fee of $399 is required.

Related Jobs and training resources

GIAC certifications cover the gamut of job roles in IT security today. GIAC-certified professionals work as security analysts or specialists (two of the most common roles), information security engineers, network security admins, database administrators, developers, forensic specialists, risk managers and auditors. Large organizations with security operations centers (SOCs) need SOC analysts, engineers and supervisors as well as directors of cyber security. A bevy of companies also hire employees and consultants who perform incident response, penetration testing and the like.

With more than 200,000 security-related jobs open in the U.S. alone (and 1 million globally), a reasonably educated and experienced person stands a good chance of getting hired fairly quickly. Adding a security certification or two to your resume not only validates your skills, but it may get you noticed by a hiring manager or give you more leverage during salary negotiations.

SANS training courses and events vary in format and price, but candidates can expect to pay more than $5,000 for a training course. Although the price tag is high, many candidates recommend SANS training for its quality and depth as well as its usefulness in eventually achieving GIAC certification. SANS instructors are usually industry experts and/or full-time security practitioners, and invariably get stunningly positive reviews from course attendees.

Candidates who attempt GIAC certification exams should consider taking practice tests beforehand. A practice test mimics an actual exam and is therefore a terrific study aid. All GIAC certification attempts (except for the GSE) come with two free practice exams. A few practice tests are also included with training courses; candidates who don't take training can purchase practice tests for $139 each by clicking a link in their SANS/GIAC portal account.