CloseUp: The SANS GIAC Program
With information security as white-hot as ever, a vast array of security certification programs and credentials are available to the public. But for the discerning few, and for those who really understand how the certification game is best played, the 50-plus credentials available on both the vendor-neutral and vendor-specific sides of the street quickly boil down to a handful of real contenders. Among these is the program from the SANS (SysAdmin, Audit, Network, Security) Institute known as the Global Information Assurance Certification (GIAC) program.
SANS has been a major security player in the United States since the mid-1990s, with key roles on government task forces and other public bodies, a highly regarded security-focused Internet portal and a highly regarded conference and training program that aims squarely at key infosec topics. Thus, the organization’s GIAC certifications also garner lots of interest, accolades and industry attention, bolstered by an excellent cadre of instructors and a broad and diverse set of security certifications. When it comes to hands-on, no-holds-barred security coverage and activity, in fact, this organization is hard to beat.
The GIAC program encompasses a wide array of credentials that fall into various levels and job roles:
- GIAC Security Essentials Certification (GSEC): A foundation-level certification that must be renewed every two years, the GSEC provides an entry into the field of information security for all kinds of professionals and managers. It teaches the knowledge, skills and abilities that promote the adoption and application of best infosec practices within any organization.
- GIAC Certified Firewall Analyst (GCFW): An intermediate-level certification that must be renewed every four years, this credential identifies individuals who can handle the responsibilities associated with designing, implementing, configuring and monitoring secure organizational perimeters. Technologies and topics covered include firewalls, routers, virtual private networks (VPNs), remote access and secure network design.
- GIAC Certified Intrusion Analyst (GCIA): An intermediate-level certification that must be renewed every four years, this credential identifies individuals who can read, interpret and analyze network traffic and key trace and log files, and configure and monitor intrusion detection systems.
- GIAC Certified Incident Handler (GCIH): An intermediate-level certification that must be renewed every two years, this credential identifies individuals who can manage incidents, who understand network and system attack techniques, signatures and tools, and who know how to defend against, document and respond to such attacks if and when they happen.
- GIAC Certified Windows Security Administrator (GCWN): An intermediate-level certification that must be renewed every two years, this credential identifies individuals with a strong working knowledge of common Windows platforms, including Windows NT, XP and 2000 systems, services and networks, who can secure and audit such systems and important services like Active Directory, IIS, Certificate Services and the like.
- GIAC Certified UNIX Security Administrator (GCUX): An intermediate-level certification that must be renewed every two years, this credential identifies individuals with a strong working knowledge of UNIX or Linux systems who are able to secure, audit, monitor and maintain such systems, as well as key services they deliver.
- GIAC Information Security Officer (GISO): An entry-level certification that must be renewed every two years, this credential identifies individuals who can handle information assurance functions and who understand risk management and defense-in-depth techniques or who must write, implement or guide compliance with security policy. It’s aimed at the ISO role, for those involved in guiding organizations’ adoption and use of information technology, particularly from the security perspective.
- GIAC Systems and Network Auditor (GSNA): An intermediate-level certification that must be renewed every two years, this credential identifies individuals who can secure and audit information systems, including auditors who seek to demonstrate technical understanding of systems they audit in the line of duty. Those who obtain this certification can apply basic risk analysis techniques and conduct technical audits of information systems.
- GIAC Certified Forensic Analyst (GCFA): An intermediate-level certification that must be renewed every four years, this credential identifies individuals who understand forensic examinations and analysis work, advanced incident handling and formal incident investigation tools, rules and techniques. Those who obtain this certification can manage advanced incident handling, conduct formal investigations and apply forensic investigation and analysis techniques to networks and systems.
- GIAC IT Security Audit Essentials (GSAE): A foundation-level certification that must be renewed every two years, this credential identifies individuals who can audit organizational security policy and procedures and who can assess conformance to organizational risk management and security policy guidelines. Those who obtain this certification understand basic infosec principles and issues and can develop best practice audit checklists; they can also perform limited risk assessments as well.
- GIAC Security Engineer (GSE): An advanced-level certification with a renewal period still to be determined, this credential identifies individuals who possess in-depth knowledge, skills and understanding on multiple aspects of infosec. Typical GSEs work as expert practitioners or security consultants. To obtain the GSE, individuals must first obtain GCFW, GCIA, GCIH, GCWN and GCUX credentials, with honors in at least one area, then pass additional exam and reporting requirements.
To obtain GIAC certification, most candidates either attend instructor-led training at a SANS conference or take online classes. Exam challenges that omit training are also available from SANS. For more information about this broad, topical and interesting security certification program, explore the Web site at www.giac.org.
Ed Tittel is president of LANwrights Inc. and is contributing editor for Certification Magazine. Ed can be reached at firstname.lastname@example.org.