Security certifications hold more weight now than they ever have before. Each day brings a new data breach from a well known company, while many more data breaches happen to individuals privately as well. Organizations need to employ not only the right people, but the people with the best experience and most credentials when it comes to cybersecurity positions. Certifications such as EC-Councils’ Certified Ethical Hacker (CEH), CompTIA’s Security+ and PenTest+, and ISC2’s Certified Information Systems Security Professional (CISSP) are a few great examples of top notch security certifications.
In this installment of Cleared & Certified, we will be discussing the Global Information Assurance Certification catalog of security certifications. GIAC offers many different levels of certifications such as introductory, intermediate and advanced. Additionally, within GIAC’s certification catalog there are different categories such as Cyber Defense, ICS, Penetration Testing, Digital Forensics and Incident Response, Developer, Management and Leadership, and GIAC Security Expert. Ultimately, it will depend on the individual to decide which path to take according to their career aspirations.
GIAC CERTIFICATIONS BACKGROUND
Being that there are so many GIAC certifications, it is hard to focus on just one, so here is an overview of GIAC as a whole. Founded in 1999, GIAC ventured out to validate the skills of individuals working in the information security field. Here is a snippet from GIAC’s about page:
“GIAC (Global Information Assurance Certification) was founded in 1999 to validate the skills of information security professionals. The purpose of GIAC is to provide assurance that a certified individual has the knowledge and skills necessary for a practitioner in key areas of computer, information and software security. GIAC certifications are trusted by thousands of companies and government agencies, including the United States National Security Agency (NSA).”
Since 1999, GIAC has created 30 security certifications. Within their certification program you can learn the following skills:
- Intrusion Detection
- Incident Handling
- Firewalls and perimeter protection
- Hacker Techniques
- Windows and Unix operating system security
- Secure Software and application coding
There is a security flavor for just about any professional out there that is looking to bolster their skills. Since February of 2000, over 140,000 security professionals have become GIAC certified.
GIAC TRAINING AVAILABLE
The InfoSec Institute offers GIAC training courses such as the GIAC Security Essentials (GSEC) which is a great introduction to GIAC certifications The GSEC training course offered by the InfoSec Institute includes the following:
- Five days of infosec training with a leading security expert, bringing field experience and insight
- Infosec digital courseware (physical textbooks available to purchase)
- GSEC sample exam questions
- Prepaid card to cover the cost of exam fees
- 90-day access to replays of daily lessons (Flex Pro)
- 100% satisfaction guarantee
According to Infosecinstitute.com, “GSEC certificate holders are expected to have an understanding of theoretical topics, including access control theory, legal aspects of incident handling and incident handling fundamentals, as well as more practical aspects such as dealing with wireless attacks, implementing defense in depth, reading packets and securing Windows server services.” Just in this one certification from GIAC, you can see the value that holding it would have in your career. This kind of training does not come cheap, and you should see what you can do to get your employer to cover some if not all of the class that can run upwards of $6,000.
GIAC EXAM DETAILS
Being that there are so many GIAC certifications, exams will vary. Most are multiple choice with some requiring interactive hands on experience. Now, brace yourself for the sticker shock… GIAC exams cost around $1,899! With an exam cost that high it really prohibits anyone from being a “paper certified professional.” Each exam retake attempt will set you back $799.
Certifications such as CISSP are a good next step moving on from GIAC. Additionally, obtaining multiple GIAC certifications can be very lucrative. If you have mastered the introductory certifications, graduate to taking the intermediate exams and so forth.
IS GIAC FOR ME?
If you are a seasoned (15+ years) security expert, then this is a logical next step and could prove to elevate your resume to the next level. If you are a junior administrator or a beginner in the IT field, absolutely not. The GIAC certifications are not something you just skate by on; you have to be prepared and have the knowledge in order to pass the exam. Being that they are so pricey, they might be cost prohibitive for most. Evaluate your current situation and take stock of your current certifications. If you feel like there is a gap in certifications, GIAC might be a great addition, just make sure it fits your budget.