What Is GIAC Certification? A Guide

GIAC Certifications is a leading certification body specialising in information security. The organisation was founded in 1999 by cybersecurity think tank the SANS Institute and has built a reputation for developing some of the most rigorous and well-recognised information security certification standards in the world. 

GIAC, formerly known as Global Information Assurance Certification, provides more than 40 information security-related certifications for professionals [1]. Each certification covers a skill-specific domain or focus area, such as ethical hacking, cyber defence, and penetration testing.  

Obtaining a SANS GIAC certification is a credible way to validate your cybersecurity knowledge and let employers know you’re trained in the latest information security thinking and techniques.  

What is GIAC certification?

GIAC certification ensures that cybersecurity professionals meet and demonstrate specific technical proficiency levels. You’ll get hands-on training in the latest cybersecurity skills across various roles, meaning you can put your certification expertise to work immediately.

Certification types

Becoming certified through GIAC means you have learned and effectively applied cybersecurity fundamentals. GIAC offers two tiers of stackable certifications that validate your cybersecurity abilities: Practitioner Certifications and Applied Knowledge Certifications. Building upon Practitioner and Applied Knowledge stackable certifications are Portfolio Certifications. Below is an overview of each.

Practitioner Certifications

Practitioner Certifications are designed for those new to certification and seeking to build foundational knowledge and credibility across a spectrum of infosec topics. GIAC currently offers more than 40 Practitioner Certifications in areas such as offensive operations, cyber defence, cloud security, digital forensics and incident response (DFIR), management, and industrial control systems (ICS). Practitioner Certifications are stackable, meaning they can be used to build toward GIAC's more advanced Applied Knowledge Certifications in addition to obtaining GIAC Security Professional (GSP) and/or a GIAC Security Expert (GSE) credentials.

Applied Knowledge Certifications

Applied Knowledge Certifications offer a more challenging tier of subject matter and testing intended to validate certification holders' expertise. The hands-on exams allow testers to showcase their technical knowledge and skills by solving complex real-world security scenarios. Stackable with Practitioner Certifications, the Applied Knowledge Certifications also serve as a gateway for becoming a GIAC Security Professional (GSP) and/or a GIAC Security Expert (GSE).

Portfolio Certifications

Porfolio Certifications allow security professionals to take advantage of stackability to customise their credentials around specific skill sets. GIAC Security Professionals (GSPs) is the first tier of portfolio certification (any three Practitioner Certifications plus two Applied Knowledge Certifications), followed by the highest certification level (any six Practitioner Certifications plus four Applied Knowledge Certifications), the GIAC Security Expert (GSE).

How long does certification take?

GIAC candidates preparing for the Practitioner exam spend an average of 55 hours or more studying and take an average of one practice exam before sitting for the official certification exam [2]. 

Certification renewal

GIAC certifications last four years, after which you’ll need to renew in one of two ways: 

• Retake the exam.

• Collect 36 continuing professional education (CPE) credits during the four years your certification is active [3].

The GIAC Certification maintenance or renewal fee is 479 USD as of July 2024 [4].

How much does certification cost?

Cost varies depending on certification level and type of exam (extensions, retakes, etc.). The table below outlines the pricing of GIAC’s stackable certifications, excluding any applicable sales tax [5]. 

GIAC certification focus areas

GIAC certifications are classified into six focus areas that are organised by industry trends. Categorising certifications by focus areas makes it simpler for employers to identify which certifications will meet their needs as an organisation and help reach industry-specific and organisation-specific goals. These GIAC certification focus areas include:

• Offensive operations

• Cyber defence

• Cloud security

• Industry control systems (ICS)

• Management, legal, and audit

• Digital forensics and incident response

Each area tests candidates on the skills necessary to meet the cybersecurity standards of firms across industries.

Offensive operations

Offensive operations GIAC certifications focus on a range of security topics related to maintaining and securing devices, systems, networks, and hardware. You can expect to build vital skills necessary for identifying, assessing, and resolving flaws, threats, and breaches. Successful completion of an offensive operations certification qualifies you to work with purple, exploit, and red development teams.

Cyber defence

With cyber defence GIAC certifications, you’ll develop skills to prevent and mitigate cyberattacks. You will learn how to identify cyber actions that threaten security against systems, devices, or other IT resources, and best practices for actively countering intrusions.

Cloud security

You’ll learn how to protect against data loss and design environments that detect and resolve threats, help minimise damage and prioritise remediation when necessary.

Management, legal, and audit

Learn to build, manage, and lead security teams and best practices for incorporating organisational leadership insight and input into security practices to help strengthen organisations’ security frameworks.

Industrial control systems

With a GIAC industrial control systems certification, you’ll learn to protect and defend information and data for essential infrastructure, such as power grids, telecommunications, and manufacturing systems, that play a crucial role in organisational and industry processes. 

Digital forensics and incident response

Strengthen your ability to identify when a system has been compromised and know what action to take to employ and preserve remediation.

Benefits of GIAC certification

Each of the focus areas covered through GIAC certifications aligns with the cybersecurity needs of government, military, and business industry organisations worldwide. When you decide to pursue GIAC certification, you're putting yourself on the path to enhancing your skills and knowledge in the areas of infosec and cybersecurity. 

A GIAC certification:

• Represents a quantifiable understanding of the information security field

• Offers a path for you to build the specific skills and expertise you need to succeed in a cybersecurity role

• Demonstrates job readiness

• Serves as evidence of training and technical skills that align with career interests

• Illustrates your understanding of the current industry standards

• Certifies you as a trained professional

Is GIAC certification right for you?

GIAC certifications require your time and financial investment. But becoming GIAC certified will add another layer of industry-approved value to your qualifications. GIAC certification could be right for you if you will benefit from: 

• Choosing from an extensive range of certifications

• Obtaining certifications for job-focused tasks

• Leveraging access to a large community of cybersecurity professionals

Taking the next step in your cybersecurity career

Certifications, including those offered by GIAC, serve as testimony to your knowledge and expertise in cybersecurity. Start building job-ready skills in cybersecurity with the Google Cybersecurity Professional Certificate on Coursera. Get hands-on experience with industry tools and examine real-world case studies, all at your own pace. Upon completion, you’ll have a certificate for your resume and be prepared to explore job titles like security analyst, security operations centre (SOC) analyst, and more.

Frequently asked questions (FAQs)