The SANS Institute was founded in 1989 to provide IT security and administration information and vendor-neutral training on those subjects. Since its inception, SANS has trained more than 165,000 individuals via in-class courses, training events and technical conferences held throughout the world, self-paced online training (called SANS OnDemand) and interactive virtual training (called SANS vLive).
Course topics from the SANS Institute include security essentials, hacking techniques, intrusion detection and incident response, network defense, mobile device security, auditing, digital forensics and related security topics. The "information" component of SANS includes the SANS Reading Room, an extensive library of downloadable security research documents; the Internet Storm Center, which monitors and reports on malicious attacks and provides weekly bulletins and alerts; free security policy templates; the CIS Critical Security Controls for cyber defense and more.
SANS GIAC certification program overview
SANS formed the Global Information Assurance Certification (GIAC) program to act as the certification arm for its training courses, ensuring that individuals meet knowledge and skills standards in specific areas of IT security. More than 110,000 GIAC credentials have been issued. GIAC certifications are well known and highly respected among employers and the information security industry. Even the United States National Security Agency (NSA) recognizes GIAC certifications.
GIAC offers more than 30 security certifications across introductory, intermediate, advanced and expert levels. According to SANS, GIAC certifications are unique because "they measure specific skills and knowledge areas rather than general infosec knowledge." That means a typical GIAC certification requires rigorous preparation and hands-on experience. That's why SANS training comes highly recommended.
Note: Another component of SANS is the SANS Technology Institute, which offers two security-related master's degrees — the Information Security Engineering (MSISE) and the Information Security Management (MSISM). Beginning in May 2018, the MSISM will undergo a curriculum review. Applications for new degree candidates will be closed during this review period. The SANS Technology Institute also offers four post-baccalaureate certificate programs: cybersecurity engineering, cyber defense operations, incident response, and penetration testing and ethical hacking.
SANS GIAC Certification Tracks
GIAC certifications fall within six specific domains, each with its own certification track:
- Cyber Defense: Boasting 10 credentials (eight of which are advanced certs), the Cyber Defense certification family is the largest of the SANS GIAC certification domains. Cyber defense certifications are geared to professionals who identify and defend against cybersecurity threats.
- Industrial Control Systems (ICS): SANS GIAC offers three ISC certifications, one at the intermediate and two at the advanced levels. ISC certifications are geared toward control system engineers and other security professionals charged with cyber security for control system infrastructures and technology along with automation security.
- Penetration Testing: SANS GIAC certified pen test professionals possess the skills necessary to perform tasks such as evaluating attack techniques and methods, recommending security best practices to prevent security incidents, and formulating plans to defend against security incidents when they occur. The second largest certification domain, credentials are offered for a variety of scenarios including web applications, mobile devices, Python coding, wireless networks, ethical hacking, and more.
- Digital Forensics and Incident Response: This domain targets InfoSec professionals including IT administrators, security engineers, and security analysts. Also included are law enforcement and legal professionals who respond to security incidents and related cyber breaches, conduct forensic investigations, and examine and gather incident artifacts and related evidence.
- Developer: Developer certifications aim at developers and anyone else interesting in building secure programs and applications. Three certs are offered – Java programming, web applications and .NET programming.
- Management and Leadership: The management and leadership domain is focused on professional. They may have (or lack) technical skills, but provide managerial or project management support. They are also instrumental in developing and implementing security policies on an organization-wide basis. These credentials include certs for auditors, project managers, CISOs, data security law, and InfoSec professionals.
Another certification "category" is the pinnacle GIAC certification – namely, the GIAC Security Expert (GSE). Some industry officials consider the GSE to be the premier security-related certification available today. Whereas most GIAC certifications can be achieved by passing a single multiple-choice exam, the GSE exam includes both a multiple-choice component and a hands-on lab.
SANS GIAC Certification Levels
SANS offers four levels of certifications, including introductory, intermediate, advanced and expert. The table below is a modified version of the GIAC certification roadmap, which lists each certification by level and certification tracks.
Digital Forensics and Incident Handling
Management and Leadership
- GCED: Certified Enterprise Defender
- GPPA: Certified Perimeter Protection Analyst
- GCIA: Certified Intrusion Analyst
- GCWN: Certified Windows Security Administrator
- GCUX: Certified UNIX Security Administrator
- GMON: Continuous Monitoring Certification
- GCDA: Certified Detection Analyst
- GCCC: Critical Controls Certification
- GRID: Response and Industrial Defense
- GCIP: Critical Infrastructure Protection
- GPEN: Certified Penetration Tester
- GWAPT: Web Application Penetration Tester
- GPYC: Python Coder
- GMOB: Mobile Device Security Analyst
- GAWN: Assessing Wireless Networks
- GXPN: Exploit Researcher and Advanced Penetration Tester
Digital Forensics and Incident Response
- GCFA: Certified Forensic Analyst
- GNFA: Network Forensic Analyst
- GCTI: Cyber Threat Intelligence
- GASF: Advanced Smartphone Forensics
- GREM: Reverse Engineering Malware
- GWEB: Certified Web Application Defender
- GSSP-JAVA: Secure Software Programmer – Java
- GSSP-NET: Secure Software Programmer - .NET
Management and Leadership
- GSLC: Security Leadership Certification
- GSTRT: Strategic Planning, Policy, and Leadership
- GCPM: Certified Project Manager Certification
- GLEG: Law of Data Security and Investigations
- GSNA: Systems and Network Auditor
Other than the GSE, GIAC certifications require passing one exam and have no prerequisites. That said, GIAC highly recommends SANS training courses, especially for candidates who don't have adequate hands-on experience and aren't able to self-study.
Once an application has been approved, candidates have four months to attempt the associated exam. (GIAC does not administer exams immediately upon conclusion of a training event; candidates must wait at least seven days to sit for the exam.) The cost of each GIAC exam is currently $1,699, which includes two practice exams. (If you purchase SANS training, the cost of the exam drops to $729.) The lab exam for the GSE is $2,309, and the written exam is $449. [Note: Students can purchase and take an exam as part of a training course or they may purchase and take an exam by itself.]
SANS GIAC certification renewal
To remain certified, credential holders must renew their GIAC certifications every four years by earning 36 continuing professional education (CPE) credits. CPE credits may be earned by completing approved training or certifications, participating in continuing education, publishing a technical paper, completing certain graduate-level courses, getting community or work experience or participating in cyber range activities. A renewal fee of $429 is also required.
Related Jobs and training resources
GIAC certifications cover the gamut of job roles in IT security today. GIAC-certified professionals work as security analysts or specialists (two of the most common roles), information security engineers, network security admins, database administrators, developers, forensic specialists, risk managers and auditors. Large organizations with security operations centers (SOCs) need SOC analysts, engineers and supervisors as well as directors of cybersecurity. A bevy of companies also hire employees and consultants who perform incident response, penetration testing and the like.
With more than 200,000 security-related jobs open in the U.S. alone (and 1 million globally), a reasonably educated and experienced person stands a good chance of getting hired fairly quickly. Adding a security certification or two to your resume not only validates your skills, but it may get you noticed by a hiring manager or give you more leverage during salary negotiations.
SANS training courses and events vary in format and price, but candidates can expect to pay around $5,800 to $6,200 for a training course. Although the price tag is high, many candidates recommend SANS training for its quality and depth as well as its usefulness in eventually achieving GIAC certification. SANS instructors are usually industry experts and/or full-time security practitioners, and invariably get glowing reviews from course attendees.
Candidates who attempt GIAC certification exams should consider taking practice tests beforehand. A practice test mimics an actual exam and is, therefore, a terrific study aid. All GIAC certification attempts (except for the GSE) come with two free practice exams. A few practice tests are also included with training courses. Candidates who don't take training can purchase practice tests for $149 each by clicking a link in their SANS/GIAC portal account.