GIAC is pleased to announce our new Digital Badging Program! Click here to learn more.

Security Certification: GCED

Security Certification:

GIAC Certified Enterprise Defender (GCED)


The GCED builds on the security skills measured by the GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident Handling, and Malware Removal.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*


  • 1 proctored exam
  • 115 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 68%


GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GCED exam has been determined to be 68% for all candidates receiving access to their certification attempts on or after December 20th, 2012. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at


Certifications must be renewed every 4 years. Click here for details.


NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam GIAC exams are delivered online through a standard web browser.


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Advanced Controls
The candidate will be familiar with advanced controls that can be deployed to protect network infrastructure
Advanced Packet Inspection For Intrusion Detection
The candidate will understand IDS and packet inspection technologies as well as how to detect the most common types of attacks.
Advanced Topics In Pen Testing
The candidate will an understanding of advanced attacks, tools, and defenses.
Alternate Data Streams
The candidate will understand what alternate data streams are as well as tools and techniques that can be used to detect, analyze, and remove them.
Attack Tools and Techniques
The candidate will be familiar with common tools use to carry out network infrastructure attacks and their basic capabilities.
Built In Windows Tools
The candidate will understand how to use windows command line tools to aid in identifying and removing malware.
Containment, Eradication, and Recovery
The candidate will know containment, eradication, recovery, and lessons learned phases of the incident handling process as well as the tools that can be used to carry them out.
Data Classification
The candidate will demonstrate an understanding of standard data classification issues.
Data Loss Prevention
The candidate will understand risks and vectors associating with confidential data leakeage, and be able to implement best practices to detect and prevent data loss.
External Tools
The candidate will understand the features and usage of HijackThis, Process Explorer, TCPView, Listdlls, and other tools use to remove malware.
Hardening Routers and Switches
The candidate will understand the CIS level 1 and 2 benchmarks as they apply to Cisco routers and the SANS Gold Standard for Switch configurations
IDS Testing
The candidate know how to validate the performance of an IDS, and be familiar with useful tools and testing options.
Incident Handling and Forensics Methodology
The candidate will understand the essential incident handling and forensics methodology.
Insider Threats
The candidate will demonstrate an understanding of the severity and types of insider threats and how to protect against them.
IPS and Open Source Options
The student will understand what IPS is and be familiar with open source options for IDS/IPS.
Network Infrastructure Security Challenges
The candidate will understand the challenges associated with securing the network infrastructure including Cisco devices.
Packet Analysis with Wireshark
The candidate will understand how to use the ubiquitous sniffer Wireshark to filter and analyze network traffic.
Pen Testing Overview
The candidate will understand penetration testing methodology, techniques, and tools.
Preparation and Identification
The candidate have an in-depth understanding of the tools and techniques that can be used in the preparation and identification phases of the incident handling process.
Risk Management
The candidate will demonstrate an understanding of how to manage risk, threats, and vulnerabilities.
The candidate will understand the characteristics and capabilities of rootkits as well as tools that can be used for detection and removal.
Using the Web to Identify Malware
The candidate will understand web-based sandboxes and the features of three popular options.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at