Those who are familiar with SANs knows the quality of their training and the value of their GIAC certifications. So, I’ve compiled a list of their current most popular certifications based on the number of certified professionals who have passed the exams.
Last Updated May 2, 2016:
1. GIAC Security Essentials (GSEC)
Currently placed on the top of the list at 38000+ professionals is the GSEC. GSEC is a comprehensive entry point for security professionals that covers and builds on the fundamentals of security. It’s popular due to the the breadth of materials that’s covered as well as it’s introductory nature to security. Although labeled as an essentials course, it is not recommended to IT novices as it demands the candidate to have a good level of understanding of IT as well as requires the candidate to have technical hands on capabilities. The areas that are covered are networking concepts, principles of network security, internet security technologies, secure communications (cryptography), Windows security, and Linux security. For those who may find this too technical, there’s a more entry level exam and course the GISF – Information Security Fundamentals that may help bridge the gap. The course for this exam covers the DoDD 8570 (IAT Level II) training requirement.
2. GIAC Certified Incident Handler (GCIH)
At number two is the GCIH with 27000+ certified professionals. The GCIH has had a long history with some of it’s first professionals certified since 2000. As the title of this certification infers, the the GCIH tackles the incident handling process by visiting a industry vetted 6 step model. In addition to incident handling, GCIH also covers the ways in detecting malicious activity, explores common attack techniques, detecting and analyzing system and network vulnerabilities and ultimately discover the root cause of incidents. The course for this certification also satisfies the DoDD 8570 (IAT Level III) requirement.
3. GIAC Certified Forensic Analyst (GCFA)
Currently at 11000+ certified forensic analyst professionals, the GCFA arms the candidate with an in-depth incident response and and an advanced hands on skill set for tackling breaches from APTs, organized crime syndicates and hactivism. A GCFA professional will be able to determine, how the breach occurred, what the compromised and affected systems are, what the attackers took or changed and handle incident containment and remediation. The course for this certification also satisfies the DoDD 8570 (CNDSP incident responder) requirement.
4. GIAC Certified Intrusion Analyst (GCIA)
At 11000+ certified professionals. The GCIA is targeted at security analysts who deal with network host monitoring, traffic analysis and intrusion detection and prevention. In-depth knowledge and hands on skill on packet analysis of TCP/IP and common applcation protocols such as HTTP is to be expected from an expert with GCIA. A GCIA will not be foreign to tools such as tcpdump, wireshark, snort, and bro to look at pcaps as well as be able to use the vmware distribution “Packetrix” to help perform packet and traffic analysis. The course for this certification also satisfies DoDD 8570 (CND Analyst) requirements.
5. GIAC Penetration Tester (GPEN)
With 10000+ certified pros, the GPEN gives you the bragging rights for the title “Penetration Expert”. GPEN professionals possesses the skills, tools, techniques and methodologies to perform network penetration testing and ethical hacking know-how. These include performing detailed reconnaissance, studying a target’s infrastructure by mining blogs, search engines, social networking sites, and other internet and intranet infrastructures. The GPEN professional will also be capable in using the best pen test tool sets to gain access and measure real business risks, dive deep into post exploitation, password attacks, and web-apps modeled based on real world bad guys.