GIAC: The Hands-On IT Security Certification
When GIAC founder Stephen Northcutt moved from network management to the information assurance function, he observed that many people came to work day after day to produce policies or run tools with no understanding of the fundamental technologies and principles of security. They were often stressed out, secretive, edgy and defensive because they knew they did not have the understanding or mastery of tools they needed to be effective. And unskilled security professionals do not reduce risk; in fact, they put their organizations in jeopardy.
To address this concern, in 1999, Northcutt – a renowned pioneer of intrusion detection who currently serves as president of the SANS Technology Institute – created the Global Information Assurance Certification (GIAC) program, which has since credentialed more than 20,000 professionals and is leading the industry in technical, job task-based IT security certification. Unlike many other IT security certifications with a broader focus, GIAC is unique in offering 25 different IT security certifications tailored to specific skill sets.
GIAC's mission is to provide assurance to employers that their people can do the job. The objectives for each GIAC certification are developed in collaboration with some of the top subject matter experts in the industry.
The most popular GIAC certifications include GCFA (Forensics), GCIA (Intrusion Analysis), GCIH (Incident Handling and Hacker Exploits), GSEC (Security Essentials), GSLC (Security Leadership) and GREM (Reverse Engineering Malware). Most of these certifications are unique in the industry, and updating each certification to reflect the latest standards is a continuous process.
The GREM certification, which validates the skills of those responsible for detecting and reverse engineering malware, is being updated with the latest techniques for analyzing worms, Trojans and other malware plaguing the industry. According to Lenny Zeltser, lead author of the SANS course "Reverse-Engineering Malware" and co-author of the book Malware: Fighting Malicious Code, "The evolution of malware demands a broader and more comprehensive skill set from the analysts, and GIAC has met this need by expanding the GREM certification. I don't know of any other professional designation that certifies this unique group of people."
Because of the specialized skill sets validated by GIAC certifications, they are recognized as some of the most relevant in the industry. According to Wayne Ho, business information security officer at Global Bank, "GIAC certifications are the only hardcore, hands-on technical certifications available in the market." As an example of how certifying specialized skill sets translates to getting the job done, Ho said, "GIAC proves that I have a solid technical background to support any challenge I deal with every day. There are so many new tools coming up daily, but the underlying background affirmed by GIAC essentially remains the same."
Benefits of GIAC Certification
For individuals, a GIAC certification validates a job-based skill set that favorably influences job security and a higher rate of pay. It also reinforces that the person has the knowledge and skills to handle the job at hand. Peter Leight of Universal Orlando said, "There is no question in my mind that my SANS/GIAC experiences gave me a far greater knowledge base to draw on when faced with the need to create unique security and compliance solutions for my company. The resulting implementations made us dramatically safer and reduced the overall cost of compliance significantly."
For employers, a GIAC certification offers increased confidence in their employees' skills and is a great indicator of job-related knowledge. Some employers use GIAC certifications as an aide in their promotion and payroll decisions. Jeffrey Wiley of Raytheon uses GIAC to help in his hiring process: "Being a GIAC certification holder myself, I know what it represents, and when interviewing [for a position], I frequently move GIAC holders' resumes to the top of the interview stack. GIAC is an invaluable cert to have. It ensures that the holder truly has hands-on skills."
In addition to the obvious benefits that come with a recognized credential, several GIAC certifications are included in the Department of Defense 8570 program. The DOD 8570 directive says that those who work for the Department of Defense and hold an IT security-related position must demonstrate they have an adequate level of practical IT security knowledge. The 8570 directive enforces this premise by approving a select group of IT security certifications.
Top-performing GIAC certification holders also will find additional benefits as members of the GIAC Advisory Board. The GIAC Advisory Board is made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program. Membership on the Advisory Board is available to those who score better than 90 percent – which is considered honors level – on a GIAC certification exam.
GIAC looks to the Advisory Board first when input is needed from industry subject matter experts on certification development. GIAC Advisory Board members often have additional opportunities to get involved with SANS and GIAC, including access to a closed mailing list of Advisory Board members with whom they can collaborate regarding the issues they are facing in the field.
The GIAC program is ANSI/ISO/IEC 17024 accredited. This ANSI (American National Standards Institute) accreditation means GIAC is a responsible, fair and quality-oriented testing and certification-granting organization within the high-stakes testing and certification industry. GIAC is expanding its scope to include other specialized certifications later this year.
The first step to becoming GIAC certified is to choose a certification domain. The second step is to determine the specific skill sets you would like to validate, and then map these skills to the corresponding certification. The third step is to determine if you need additional training; GIAC offers knowledge assessments and practice tests to help you ascertain your skill level. The final step is to take your certification exam.
GIAC certification domains include:
- Audit domain: Duties consist of auditing the security posture of networks and systems or auditing systems for compliance with policy.
- Legal domain: Covers legal issues related to IT security.
- Management domain: Covers the skills needed to manage a technical staff of administrators, analysts and IT security personnel.
- Security administration: This is by far GIAC's most popular domain. If you are a technical person with technical hands-on duties and you want to validate and improve your skills, this domain is for you. GIAC offers 13 specializations in this domain at varying levels of complexity.
- Software security: Programmers and code auditors certify here. This important domain is growing quickly because it represents the best chance to correct vulnerabilities before they appear in production code that is subject to attack.
If you are already a subject matter expert seeking certification, you can register directly for a GIAC certification exam. For those needing to learn more or brush up on their skills before they attempt GIAC certification, the SANS Institute offers training courses that correspond to most GIAC Silver certifications.
There are different levels of GIAC certification; each level more rigorously validates a candidate's skill than the previous. All candidates start out with GIAC Silver Certification examinations that are comprised of a multiple-choice exam of approximately 150 to 200 questions. Questions are written to best assess hands-on skills using complex scenarios and targeting pragmatics. Multiple-choice exams enable remote administration for large numbers of candidates; however, there are limits to multiple-choice exams.
For those who demand a more in-depth credential, GIAC offers the Gold program. An applicant chooses a research topic and works with a GIAC adviser to create an original research document in an effort to prove that his or her skills translate to the real-world in a tangible way and give back to the community.
The most prestigious GIAC credential is the GSE (GIAC Security Expert). This is an elite certification geared for the "top guns" in information security and validates hands-on skills directly. The GSE (Security Expert), GSE-Malware and GSE-Compliance are the only certifications in the IT security industry that require candidates to perform the task before they can achieve the certification. Each consists of several days of rigorous hands-on testing.
The Global Information Assurance Certification program serves the IT security industry by offering a large group of specialized certifications that correspond directly to specific hands-on skill sets required for critical ITSEC job roles.
Jeff Pike serves as technical director of GIAC. He can be reached at editor (at) certmag (dot) com.