D'Arcy Davis, GSE #139, is a Principal Exam Development Engineer for GIAC where he develops and manages certifications. His primary focus is working with the digital forensics and incident response certifications. D’Arcy has been in information security for over two decades and has worked as a penetration tester, SOC team lead, incident handler, and forensic examiner. In this time, among other adventures, he has worked with enterprise clients to provide identification, remediation and advisory services during complicated, sensitive security breaches and forensic engagements.
With experience comes confidence, opportunity, and the ability to provide greater value to current and future employers. An experienced cybersecurity professional leverages their existing knowledge and ability to learn new skills faster and perform tasks more efficiently.
When I sat for the GIAC Security Expert (GSE) exam several years ago, my experience as an incident handler and penetration tester proved valuable; however, the experience I had as a forensics specialist allowed me to rapidly classify and understand the tasks to be accomplished during the exam. And even with almost 15 years of industry experience I found the GSE extremely challenging. In the end, it was my technical training and experience with real-world scenarios that helped me succeed. Earning the GSE felt like I reached the top of the mountain for professional certifications within my field.
The GIAC Experienced Forensic Analyst (GX-FA) certification is GIAC’s first Applied Knowledge Certification that measures a professional’s deep understanding of incident handling, threat hunting, and forensic analysis. GIAC designed the exam to assess the candidate’s ability to rapidly triage, process, and analyze enterprise forensics artifacts from a variety of sources. This exam requires the taker use all their knowledge, experience, and understanding of complex, interrelated events. Achieving this certification is a validation of the candidate’s forensic skills and experience.
With this newly added certification, GIAC now has four Applied Knowledge certifications. This new certification allows for more options and greater flexibility when pursuing GIAC’s Security Professional (GSP) or GSE certification. Each certification is added to your GIAC portfolio, tracking your journey to GSP or GSE certification. To learn more about the GSP and GSE requirements, be sure and check out this blog post on the GIAC website. Look for GIAC to release another Applied Knowledge certification before the end of 2023.
Over time all professionals find the area that they truly excel and enjoy. For me it was having the opportunity to take my first SANS course and GIAC exam. I knew immediately that information security was what I wanted to do, and it would be a steep climb that would require hard work to master the concepts, apply the knowledge, and become confident with my skills. As time passed, I grew more experienced as I took on new responsibilities with the various organizations where I worked. I started building open-source Snort IDS sensors, moved on to work in a SOC, and eventually found an opportunity to work in Forensics and Incident Response. It was then that I realized where I wanted to be and what I wanted to do as a profession. I learned through trial by fire with complicated cases, unfamiliar devices, and sometimes very little information to begin scoping engagements.
The GX-FA not only tests a candidate, but it also pushes them to the limits of their skills and abilities, calling them to use all their experience and knowledge to pass the test. Each portion of the exam provides a new and novel experience. The test environment replicates real case data in a forensics lab. Some data will seem familiar and comfortable. Other data will be foreign and require quick thinking and the application of creative techniques. To pass the test, the candidate must rely on their experience, knowledge, and perseverance.
As an employer, there are clear benefits to having a GX-FA certified employee on your team. An individual who possesses the GX-FA has shown that they have the forensic and incident handling ability, confidence, knowledge, and experience to rapidly perform complicated tasks. They can adapt to any environment, selecting from a variety of options to identify the goals, process the evidence, and analyze the data. The GX-FA will also help the candidates identify gaps in their knowledge, allowing them to train, research, and focus on the topics needed to become a stronger forensic professional.
The GX-FA certification is a must-have for any professional in the field of forensics and incident response. The skills and experience the GX-FA test for are indispensable to any digital forensics and incident response team. So, if you’re looking to advance your career, or if you’re forensics and/or incident response leader that needs to ensure your team has the required skills, the GIAC GX-FA is the perfect assessment.
* And don’t forget to use the code GXFA20 to receive 20% off your GX-FA Certification.
** The code can only be used on the GX-FA Certification. The discount will be applied to the Applied Knowledge certification price found here. Offer ends October 2, 2023.