SANS GIAC Certification Guide: Overview and Career Paths

• The SANS Institute offers well-known and valuable information technology (IT) security and administration training courses.
• GIAC certifications fall within six domains: cyber defense; industrial control systems; digital forensics and incident response; offensive operations; cloud security; and management, legal and audit.
• With the increased demand for IT professionals, numerous career paths are available ― especially for those with advanced training and certifications.
• This article is for IT professionals interested in learning more about SANS GIAC certifications to advance their careers.

The SANS Institute was founded in 1989 to provide IT security and administration information, thought leadership and vendor-neutral training for individuals and businesses. SANS presents in-class courses, training events and technical conferences worldwide. It also offers self-paced online training (SANS OnDemand) and interactive virtual training (SANS Live Online).

Course topics include the following:

• Security essentials
• Hacking techniques
• Intrusion detection and incident response
• Network defense
• Mobile device security
• Open-source intelligence (OSINT)
• Auditing
• Digital forensics 

The SANS information arm includes the following: 

• The SANS Information Security White Papers, an extensive library of downloadable security research documents
• The Internet Storm Center, which monitors and reports on malicious attacks and provides weekly bulletins and alerts
• Free security policy templates
• The CIS Critical Security Controls for cyberdefense

The SANS Technology Institute

The SANS Technology Institute is another SANS component. It offers one security-related master’s degree in cybersecurity. The SANS Technology Institute also offers eight graduate certificate programs focused on the following: 

• Cybersecurity engineering (CORE)
• Cyberdefense operations
• Incident response
• Industrial control systems security
• Penetration testing and ethical hacking
• Cloud security
• Cybersecurity management
• Purple team operations

SANS GIAC certification program overview

SANS formed the Global Information Assurance Certification (GIAC) program as the certification arm for its training courses, ensuring that individuals meet knowledge and skills standards in specific IT security areas. GIAC certifications are well known and highly respected among employers and are considered among the best infosec and cybersecurity certifications professionals can achieve. Even the United States National Security Agency (NSA) recognizes GIAC certifications.

GIAC offers more than 40 security certifications across multiple topics. According to SANS, GIAC certifications are unique because “they measure specific skills and knowledge areas rather than general infosec knowledge.” That means a typical GIAC certification requires rigorous preparation and hands-on experience. That’s why SANS training comes highly recommended for professionals who want to identify and prevent network security threats.

SANS GIAC certifications and tracks

The GIAC Security Expert (GSE) certification is the pinnacle GIAC certification. Some industry officials consider the GSE the premier security-related certification available today. Whereas most GIAC certifications can be achieved by passing a single multiple-choice exam, the GSE exam includes both a multiple-choice component and a hands-on lab.

Aside from the GSE, GIAC certifications fall within six specific focus areas designed to align with industry trends.

1. Cyberdefense certifications

Boasting 14 credentials, the cyberdefense certification family is the largest of the SANS GIAC certification domains. Cyberdefense certifications are geared toward professionals who identify and defend against cybersecurity threats.

Certifications include the following:

Blue team operations certifications  

• GIAC Open Source Intelligence (GOSI) (new): This certification covers (according to the GIAC website):
  
  • OSINT methodologies and frameworks
  • OSINT data collection, analysis and reporting
  • Harvesting data from the dark web
    
    
• GIAC-certified Windows Security Administrator (GCWN): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 66 percent. This certification covers (according to the GIAC website):
  • Defensible networking
  • Endpoint protection
  • Operating system and application hardening
  • Public key infrastructure management
  • Restricting administrative compromise
  • Securing PowerShell

• GIAC Defensible Security Architecture (GDSA): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 63 percent. This certification covers (according to the GIAC website):
  
  • Defensible security architecture (network-centric and data-centric approaches)
  • Network security architecture (hardening applications across the TCP/IP stack)
  • Zero trust architecture (secure environment creation with private, hybrid or public clouds)
    
    
• GIAC Security Operations-certified (GSOC): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 67 percent. This certification covers (according to the GIAC website):
  
  • SOC monitoring and incident response using incident management systems, threat intelligence platforms and security information and event management (SIEM)
  • Analysis and defense against the most common enterprise-targeted attacks
  • Designing, automating and enriching security operations to increase efficiency
    
    
• GIAC-certified Intrusion Analyst (GCIA): You’ll take one proctored four-hour online exam with 106 questions. Passing score is 67 percent. This certification covers (according to the GIAC website):
  
  • Fundamentals of traffic analysis and application protocols
  • Open-source IDS: Snort and Zeek
  • Network traffic forensics and monitoring

• GIAC Continuous Monitoring Certification (GMON): You’ll take one proctored three-hour online exam with 82 to 115 questions. Passing score is 74 percent. This certification covers (according to the GIAC website):
  
  • Security architecture and security operations centers (SOCs)
  • Network security architecture and monitoring
  • Endpoint security architecture, automation and continuous monitoring

• GIAC-certified Detection Analyst (GCDA): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 79 percent. This certification covers (according to the GIAC website):
  
  • SIEM architecture and SOF-ELK
  • Service profiling, advanced endpoint analytics, baselining and user behavior monitoring
  • Tactical SIEM detection and post-mortem analysis

Cyberdefense Essentials Certifications: Essential cybersecurity skills

• GIAC Information Security Fundamentals (GISF): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 72 percent. This certification covers (according to the GIAC website):
  
  • Cybersecurity terminology
  • The basics of computer networks
  • Security policies
  • Incident response
  • Passwords
  • Introduction to cryptographic principles

• GIAC-certified Enterprise Defender (GCED): You’ll take one proctored three-hour online exam with 115 questions. Passing score is 69 percent. This certification covers (according to the GIAC website):
  
  • Defensive network infrastructure
  • Packet analysis and penetration testing
  • Incident handling and malware removal

• GIAC Information Security Professional (GISP): You’ll take one proctored five-hour online exam with 250 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Asset security
  • Communications and network security
  • Identity and access management
  • Security and risk management
  • Security assessment and testing
  • Security engineering
  • Security operation
  • Software development security

• GIAC Security Essentials (GSEC): You’ll take one proctored four- to five-hour online exam with 106 to 180 questions. Passing score is 73 percent. This certification covers (according to the GIAC website):
  
  • Defense in depth, access control and password management
  • Cryptography: basic concepts, algorithms and deployment and application
  • Cloud: Amazon Web Services (AWS) fundamentals and Microsoft Cloud
  • Defensible network architecture, networking and protocols and network security
  • Incident handling and response, data loss prevention, mobile device security, vulnerability scanning and penetration testing
  • Linux fundamentals, hardening and securing
  • SIEM, critical controls and exploit mitigation
  • Web communication security, workspace virtualization and cloud security and endpoint security
  • Windows: access controls, automation, auditing, forensics, security infrastructure and services

• GIAC-certified Incident Handler (GCIH): You’ll take one proctored four-hour online exam with 106 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Incident handling and computer crime investigation
  • Computer and network hacker exploits
  • Hacker tools (Nmap, Metasploit and Netcat)

Purple team certifications

• GIAC Foundational Cybersecurity Technologies (GFACT): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Core computing components: hardware and virtualization, networking, operating systems, web, cloud and data storage
  • IT fundamentals and concepts: logic and programming, Windows and Linux
  • Security foundations and threat landscape: concepts, exploitation and mitigation, forensics and post-exploitation

• GIAC Defending Advanced Threats (GDAT): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Advanced persistent threat models and methods
  • Detecting and preventing payload deliveries, exploitation and post-exploitation activities
  • Using cyberdeception to gain intelligence for threat hunting and incident response

2. Offensive operations certifications

SANS GIAC offers 11 operations certifications and ensures professionals are well-versed in essential offensive abilities. The main areas of study include red and purple team operations and penetration testing. These credentials support security practitioners, penetration testers, ethical hackers (also called white hat hackers) and system administrators, among others.

Certifications include the following. 

Red team operations certifications 

• GIAC-certified Incident Handler (GCIH): You’ll take one proctored four-hour online exam with 106 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Incident handling and computer crime investigation
  • Computer and network hacker exploits
  • Hacker tools (Nmap, Metasploit and Netcat)

• GIAC Enterprise Vulnerability Assessor (GEVA): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Vulnerability assessment framework planning and methodology in an enterprise environment
  • Discovery and validation of vulnerabilities using tactics like network scanning and PowerShell scripting
  • Remediation and reporting techniques utilizing proper data management

• GIAC Python Coder (GPYC): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 67 percent. This certification covers (according to the GIAC website):
  
  • Information security professionals
  • Python developers
  • Forensic analysts
  • Network defenders
  • Penetration testers

Penetration-testing certifications

• GIAC Penetration Tester (GPEN): You’ll take one proctored three-hour online exam with 82 questions. Passing score is 75 percent. This certification covers (according to the GIAC website):
  
  • Comprehensive pen test planning, scoping and recon
  • In-depth scanning and exploitation, post-exploitation and pivoting
  • In-depth password attacks

• GIAC Mobile Device Security Analyst (GMOB): You’ll take one proctored two-hour online exam with 82 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Managing Android and iOS devices and applications, jailbreaking and rooting mobile devices
  • Assessing application security, manipulating mobile application behavior and static application analysis
  • Analyzing applications and network activity and intercepting encrypted network traffic
  • Mitigating against mobile malware and stolen mobile devices and penetration testing mobile devices

• GIAC Assessing and Auditing Wireless Networks (GAWN): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Attacking weak business data encryption, 802.11 fuzzing attacks and Bluetooth attacks
  • Bridging the air gap, digital enhanced cordless telecommunications, DoS on wireless networks, high-frequency radio-frequency identification (RFID) attacks and RFID applications
  • Hotspots, low-frequency RFID attacks, near-field communications, practical software defined radio attacks and rogue networks
  • Sniffing wireless, wireless basics, wireless client attacks, WPA2 and Zigbee

• GIAC Web Application Penetration Tester (GWAPT): You’ll take one proctored three-hour online exam with 82 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Web application overview, authentication attacks and configuration testing
  • Web application session management, Structured Query Language injection attacks and testing tools
  • Cross-site request forgery and scripting, client injection attack, reconnaissance and mapping

• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN): You’ll take one proctored three-hour online exam with 60 questions. Passing score is 67 percent. This certification covers (according to the GIAC website):
  
  • Network attacks, crypto, network booting and restricted environments
  • Python, Scapy and Fuzzing
  • Exploiting Windows and Linux for penetration testers

• GIAC Cloud Penetration Tester (GCPN): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Cloud penetration testing fundamentals, environment mapping and service discovery
  • AWS and Azure cloud services and attacks
  • Cloud applications with containers and continuous integration and continuous delivery (CI/CD) pipelines

Purple team certifications

• GIAC Foundational Cybersecurity Technologies (GFACT): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Core computing components: hardware and virtualization, networking, operating systems, web, cloud and data storage
  • IT fundamentals and concepts: logic and programming, Windows and Linux
  • Security foundations and threat landscape: concepts, exploitation and mitigation, forensics and post-exploitation

• GIAC Defending Advanced Threats (GDAT): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 70 percent. This certification covers (according to the GIAC website).
  
  • Advanced persistent threat models and methods
  • Detecting and preventing payload deliveries, exploitation and post-exploitation activities
  • Using cyberdeception to gain intelligence for threat hunting and incident response

3. Cloud security certifications

This domain is dedicated to mastering the cloud computing skills necessary to protect applications and systems from dangerous threats. It offers six certifications geared toward attack- and defense-focused professionals, Cloud and DevOps engineers and application engineers and architects. Five certifications cover cloud security techniques while one applies to cloud penetration testing.  

Cloud security technique certifications

• GIAC Cloud Security Essentials (GCLD): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 61 percent. This certification covers (according to the GIAC website):
  
  • Evaluation of cloud service provider similarities, differences, challenges and opportunities
  • Planning, deploying, hardening and securing single and multicloud environments
  • Basic cloud resource auditing, security assessment and incident response

• GIAC Cloud Security Automation (GCSA): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 61 percent. This certification covers (according to the GIAC website):
  
  • Using cloud services with Secure DevOps principles, practices and tools to build and deliver secure infrastructure and software
  • Automating configuration management, continuous integration, continuous delivery and continuous monitoring
  • Use of open-source tools, the AWS toolchain and Azure services

• GIAC Cloud Threat Detection (GCTD): This is a new exam with few details released. This certification covers (according to the GIAC website):
  
  • Detecting attacks in the cloud
  • Cloud investigations and cyberthreat intelligence
  • Assessments and automation in AWS and Azure

• GIAC-certified Web Application Defender (GWEB): You’ll take one proctored three-hour online exam with 75 questions. Passing score is 68 percent. This certification covers (according to the GIAC website):
  
  • Access control, asynchronous JavaScript and XML technologies, security strategies, security testing and authentication
  • Cross-origin policy attacks and mitigation, cross-site request forgery, encryption and protecting sensitive data
  • File upload, response readiness, proactive defense, input-related flaws and input validation
  • Modern application framework issues and serialization, session security and  business logic
  • Application and HTTP basics, web architecture, configuration and security

• GIAC Public Cloud Security (GPCS): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 64 percent. This certification covers (according to the GIAC website):
  
  • Evaluation and comparison of public cloud service providers
  • Auditing, hardening and securing public cloud environments
  • Introduction to multicloud compliance and integration

Cloud penetration and testing certification

• GIAC Cloud Penetration Tester (GCPN): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Cloud penetration testing fundamentals, environment mapping and service discovery
  • AWS and Azure cloud services and attacks
  • Cloud applications with containers and CI/CD pipelines

4. Industrial control systems certifications

SANS GIAC offers three International Information System Security Certification Consortium, or (ISC)², certifications geared toward control system engineers and other security professionals charged with cybersecurity for control system infrastructures, technology and automation security.

• Global Industrial Cyber Security Professional (GICSP): You’ll take one proctored three-hour online exam with 82 to 115 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Industrial control system components, purposes, deployments, significant drivers and constraints
  • Control system attack surfaces, methods and tools
  • Control system approaches to system and network defense architectures and techniques
  • Incident-response skills in a control system environment
  • Governance models and resources for industrial cybersecurity professionals
• GIAC Critical Infrastructure Protection (GCIP): You’ll take one proctored three-hour online exam with 75 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  • BES Cyber System identification and strategies for lowering their impact rating
  • Nuances of NERC-defined terms and CIP standards applicability
  • Strategic implementation approaches for supporting technologies
  • Recurring tasks and strategies for CIP program maintenance

• GIAC Response and Industrial Defense (GRID): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 74 percent. This certification covers (according to the GIAC website):
  
  • Active defense concepts and application, detection and analysis in an ICS environment
  • Discovery and monitoring in an ICS environment, ICS-focused digital forensics and ICS-focused incident response
  • Malware analysis techniques, threat analysis in an ICS environment and threat intelligence fundamentals

5. Digital forensics and incident response

SANS GIAC certifications are among the best digital forensics certifications in the industry. This domain targets infosec professionals, including skilled IT managers, security engineers and security analysts. Also included are law enforcement and legal professionals who respond to security incidents and related data breaches, conduct forensic investigations and examine and gather incident artifacts and related evidence. 

There are 11 certifications in two areas: operating systems and devices and incident response and threat hunting.

Operating system and devices certifications

• GIAC iOS and macOS Examiner (GIME): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 67 percent. This certification covers (according to the GIAC website):
  
  • Mac and iOS file systems, system triage, user and application data analysis
  • Mac and iOS incident response, malware and intrusion analysis

• GIAC-certified Forensic Examiner (GCFE): You’ll take one proctored three-hour online exam with 82 to 115 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Windows forensics and data triage
  • Windows registry forensics, USB devices, shell items, email forensics and log analysis
  • Advanced web browser forensics (Chrome, Edge and Firefox)

• GIAC Battlefield Forensics and Acquisition (GBFA): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 69 percent. This certification covers (according to the GIAC website):
  
  • Efficient data acquisition from a wide range of devices
  • Producing actionable intelligence rapidly
  • Identifying and acquiring data manually

• GIAC Advanced Smartphone Forensics (GASF): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 69 percent. This certification covers (according to the GIAC website):
  
  • Fundamentals of mobile forensics and conducting forensic exams
  • Device file system analysis and mobile application behavior
  • Event artifact analysis and the identification and analysis of mobile device malware

Incident response and threat-hunting certifications

• GIAC Cloud Forensics Responder (GCFR): You’ll take one proctored three-hour online exam with 82 questions. Passing score is 62 percent. This certification covers (according to the GIAC website):
  
  • Log generation, collection, storage and retention in cloud environments
  • Identification of malicious and anomalous activity that affects cloud resources
  • Extraction of data from cloud environments for forensic investigations

• GIAC Network Forensic Analyst (GNFA): You’ll take one proctored two- to three-hour online exam with 50 to 66 questions. Passing score is 70 percent. This certification covers (according to the GIAC website).
  
  • Network architecture, network protocols and network protocol reverse engineering
  • Encryption and encoding, NetFlow analysis and attack visualization, security event and incident logging
  • Network analysis tools and usage, wireless network analysis and open-source network security proxies

• GIAC Reverse Engineering Malware (GREM): You’ll take one proctored two- to three-hour online exam with 66 to 75 questions. Passing score is 73 percent. This certification covers (according to the GIAC website):
  
  • Analysis of malicious document files, analyzing protected executables and analyzing web-based malware
  • In-depth analysis of malicious browser scripts and in-depth analysis of malicious executables
  • Malware analysis using memory forensics and malware code and behavioral analysis fundamentals
  • Windows assembly code concepts for reverse-engineering and common Windows malware characteristics in Assembly
    
    
• GIAC Response and Industrial Defense (GRID): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 74 percent. This certification covers (according to the GIAC website):
• • Active defense concepts and application, detection and analysis in an ICS environment
  • Discovery and monitoring in an ICS environment, ICS-focused digital forensics and ICS-focused incident response
  • Malware analysis techniques, threat analysis in an ICS environment and threat intelligence fundamentals

• GIAC-certified Forensic Analyst (GCFA): You’ll take one proctored three-hour online exam with 82 questions. Passing score is 72 percent. This certification covers (according to the GIAC website):
  
  • Advanced incident response and digital forensics
  • Memory forensics, timeline analysis and anti-forensics detection
  • Threat hunting and advanced persistent threat intrusion incident response

• GIAC Cyber Threat Intelligence (GCTI): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Strategic, operational and tactical cyberthreat intelligence application and fundamentals
  • OSINT and campaigns
  • Intelligence applications and intrusion analysis
  • Analysis of intelligence, attribution, collecting and storing data sets
  • Kill chain, diamond model and courses of action matrix
  • Malware as a collection source, pivoting and sharing intelligence

• GIAC-certified Incident Handler (GCIH): You’ll take one proctored four-hour online exam with 106 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Incident handling and computer crime investigation
  • Computer and network hacker exploits
  • Hacker tools (Nmap, Metasploit and Netcat)

6. Management, legal and audit certifications

The management and legal domain is focused on professionals who may have (or lack) technical skills but provide managerial or project management support. They are also instrumental in developing and implementing security policies on an organization-wide basis. These credentials include certs for auditors, project managers, chief information security officers, data security law, IT managers and infosec professionals.

Management certifications

• GIAC Security Leadership (GSLC): You’ll take one proctored three-hour online exam with 115 questions. Passing score is 65 percent. This certification covers (according to the GIAC website):
  
  • Cryptography concepts and applications for managers, networking concepts and monitoring for managers
  • Managing a security operations center, application security, negotiations and vendors and program structure
  • Managing security architecture, security awareness, security policy and system security
  • Risk management and security frameworks, vulnerability management, incident response and business continuity

• GIAC-certified Project Manager (GCPM): You’ll take one proctored three-hour online exam with 115 questions. Passing score is 70 percent. This certification covers (according to the GIAC website):
  
  • Project management structure and framework
  • Time and cost management, communications and human resources
  • Quality and risk management, procurement, stakeholder management and project integration

• GIAC Strategic Planning, Policy and Leadership (GSTRT): You’ll take one proctored three-hour online exam with 75 questions. Passing score is 76 percent. This certification covers (according to the GIAC website):
  
  • Business and threat analysis
  • Security programs and security policy
  • Effective leadership and communications

• GIAC Security Operations Manager Certification (GSOM): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 66 percent. This certification covers (according to the GIAC website):
  
  • Designing, planning and managing an effective SOC program 
  • Prioritization and collection of logs, development of alert use cases and response playbook generation 
  • Selecting metrics, analytics and long-term strategy to assess and continuously improve SOC operations

Legal certifications

• GIAC Law of Data Security & Investigations (GLEG): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 70.7 percent. This certification covers (according to the GIAC website):
  
  • Business policies and compliance, contracts and third-party agreements
  • Data retention and e-discovery, fraud and misuse
  • Intellectual property, privacy and personally identifiable information

Audit certifications

• GIAC Systems and Network Auditor (GSNA): You’ll take one proctored three-hour online exam with 115 questions. Passing score is 72 percent. This certification covers (according to the GIAC website):
  
  • Auditing, risk assessments and reporting
  • Network and perimeter auditing and monitoring and web application auditing
  • Auditing and monitoring in windows and Unix environments

• GIAC Critical Controls Certification (GCCC): You’ll take one proctored two-hour online exam with 75 questions. Passing score is 71 percent. This certification covers (according to the GIAC website):
  
  • Background, purpose and implementation of the CIS Critical Security Controls and related security standards
  • Auditing principles
  • Inventory and control of enterprise assets
  • Account management, access control management and email and web browser protections
  • Continuous vulnerability management, malware defenses and audit log management
  • Network infrastructure management

SANS GIAC certification details

Here is some additional information about obtaining SANS GIAC certifications. 

• Certification requirements: Other than the GSE, GIAC certifications require passing one exam and have no prerequisites. Once GIAC approves a certification application, candidates have four months to attempt the associated exam. 
• Training options: GIAC highly recommends SANS training courses, especially for candidates who don’t have adequate hands-on experience and can’t self-study. SANS training courses and events vary in format and price, but candidates can expect to pay an average of $8,275 for a training course. Although the price tag is high, many candidates recommend SANS training for its quality and depth as well as its usefulness in eventually achieving GIAC certification. SANS instructors are usually industry experts or full-time security practitioners and invariably get glowing reviews from course attendees.
• Practice tests: Candidates who attempt GIAC certification exams should consider taking practice tests beforehand. A practice test mimics an actual exam and is an excellent study aid. All GIAC certification attempts (except for the GSE) come with two free practice exams. A few practice tests are also included with training courses. Candidates who don’t take training can purchase practice tests for $399 via their SANS-GIAC portal account.
• Pricing: Students can purchase and take an exam as part of a training course or by itself. The cost of each GIAC exam with SANS training is currently $949, which includes two practice exams. The lab exam for the GSE is $2,699 and the written exam is $559. 
• Renewals: To remain certified, credential holders must renew their GIAC certifications every four years by earning 36 continuing professional education (CPE) credits or by taking the current exam for their certification again. CPE credits may be earned by completing approved training or certifications, participating in continuing education, publishing a technical paper, completing certain graduate-level courses, getting community or work experience, or participating in cyberrange activities. A renewal fee of $469 is also required.

Related jobs and training resources

GIAC certifications cover the gamut of job roles in IT security today. GIAC-certified professionals work as security analysts or specialists (two of the most common roles), information security engineers, network security admins, database administrators, developers, forensic specialists, risk managers and auditors.

Large organizations with SOCs need SOC analysts, engineers and supervisors as well as cybersecurity directors. Additionally, many companies hire employees and consultants who perform incident response and penetration testing.

Even with an estimated 4.7 million people in the cybersecurity workforce today, the need for more professionals continues to increase. According to the most recent (ISC)² Cybersecurity Workforce Study, the field is short 3.4 million workers globally. A reasonably educated and experienced person stands a good chance of getting hired fairly quickly. 

Adding a security certification or two to your resume validates your in-demand career skills and may get you noticed by a hiring manager or give you more leverage during salary negotiations.

Get ahead with GIAC certification

With the increasing need for security professionals worldwide, advanced training and certification can open new and exciting career paths for new and experienced workers alike. Hiring managers want to attract and retain the best employees and SANS training and its related GIAC certifications provide job candidates with well-recognized credentials in a growing industry. 

Casey Conway contributed to this article.