Cyber-attacks are becoming increasingly more targeted, more damaging, and more elusive. To address today’s security challenges, companies need a way to prove that the cyber security professionals they hire have the critical knowledge and skills to protect their organizations from all types of attacks.
At the same time, cyber security professionals need the combination of discipline-specific certifications with practical testing to enhance their ability to build a strong career path with more opportunities for new roles and better pay. GIAC recognized this industry-wide need, and developed CyberLive - hands-on, real-world practical testing - to fill the gaps in the market.
Although a digitally connected world is ushering in an era of efficiency, innovation, and improved customer-centric services, this virtually connected world is opening new avenues for adversaries to exploit vulnerabilities in networked systems to access enterprises’ critical information.
Additionally, adversaries have time to do significant damage once they access a network, often moving laterally within the network to identify systems with vulnerabilities and weak or misconfigured security controls. Eighty-six days is the median time between when attackers gain unauthorized access to victim networks and when incidents are first detected, according to the 2020 Trustwave Global Security Report.
Given the current threat environment, security practitioners who can assess target networks, systems, and applications to find vulnerabilities - and who can think like an advanced attacker as they conduct penetration tests to find significant flaws in systems - are in high demand, according to the latest research by CyberSeek.org.
To that end, hands-on, real-world testing must become a critical component of cyber security certifications. GIAC, known for setting the standard for cyber security certifications over the past two decades, is raising the bar even higher with CyberLive, which is virtual machine-based, practical testing incorporated into some of GIAC’s existing multiple-choice exams.
CyberLive provides a new tool for identifying advanced practitioners in key disciplines-a vital concern given the increasing complexity of the cyber threat landscape.
At present, CyberLive is incorporated into the GIAC GXPN exam for exploit researchers and advanced penetration testers, as well as six other certification exams - GCIA, GCIH, GPEN, GWAPT, GSEC, and GCFA. CyberLive will be added to additional exams in the near future.
Adding Value to Traditional Knowledge-Based Testing
It is important to note, CyberLive does not replace traditional knowledge-based testing. Instead, it provides a value-add. CyberLive uses actual programs, code, and networks in a virtual machine environment where cyber practitioners prove their knowledge, understanding, and skill.
As part of some exams, practitioners are asked practical questions that require them to perform real-world-like tasks in a virtual machine environment. This gamification of exams adds a cool factor, but it has practical ramifications as well, providing both cyber professionals and employers with a measure of the practitioner’s real-world abilities.
"If you’re a great practice player, but not as good at the game, then there’s diminished value," says Jason Nickola, an expert-level GSE certification holder and SEC560 instructor, "Being able to answer questions about things isn’t the same as being able to do those things."
If a cyber practitioner is on a computer that has a malicious process running on it, can they determine which process is malicious? Or if the practitioner is presented a .conf file that has an error in it that causes a program to crash, can they identify the error and fix that file? Can the practitioner identify what type of traffic is occurring in a packet capture file? These are the types of hands-on scenarios that will help hiring managers identify qualified, advanced cyber professionals as well as better gauge the real-world abilities of prospective employees who have little or no previous job experience, such as newly graduated students. Students can demonstrate their abilities through their GIAC certification as a substitute for previous job experience.
The demand for hands-on testing is growing among practitioners, and hiring managers have pushed for the use of practical questions in exams to identify advanced candidates. As a result, GIAC developed CyberLive to add value to its leading certification program. Real-world scenarios are the future of cyber security certification and GIAC, with its granular approach to certification, is leading the wave.
The Following Certifications Currently Feature CyberLive Testing:
GXPN: Exploit Researcher and Advanced Penetration Tester (SEC660)
- Network Attacks, Crypto, Network Booting, and Restricted Environments
- Python, Scapy, and Fuzzing
- Exploiting Windows and Linux for Penetration Testers
GCIA: Intrusion Analyst (SEC503)
- Fundamentals of Traffic Analysis and Application Protocols
- Open-Source IDS: Snort and Zeek
- Network Traffic Forensics and Monitoring
GCIH: Incident Handler (SEC504)
- Incident Handling and Computer Crime Investigation
- Computer and Network Hacker Exploits
- Hacker Tools (Nmap, Nessus, Metasploit and Netcat)
GPEN: Penetration Tester (SEC560)
- Comprehensive Pen Test Planning, Scoping, and Recon
- In-depth Scanning and Exploitation, Post-Exploitation, and Pivoting
- In-depth Password Attacks and Web App Pen Testing
GCFA: Forensic Analyst (FOR508)
- Advanced Incident Response and Digital Forensics
- Memory Forensics, Timeline Analysis, and Anti-Forensics Detection
- Threat Hunting and APT Intrusion Incident Response
GWAPT: Web Application Penetration Tester (SEC542)
- Web application overview, authentication attacks, and configuration testing
- Web application session management, SQL injection attacks, and testing tools
- Cross site request forgery and scripting, client injection attack, reconnaissance and mapping
GSEC: Security Essentials (SEC401)
- Active defense, networking & protocols, and network security
- Incident handling & response, vulnerability scanning and penetration testing
- Windows & Linux security, cryptography, virtualization, and cloud security