Cyber-attacks are becoming increasingly more targeted, more damaging and more elusive. To address today's security challenges, companies need a way to validate that the cyber security professionals they hire have the necessary knowledge and skills to protect their organizations from all types of attacks.
At the same time, cyber security professionals need the combination of discipline-specific certifications with practical testing to enhance their ability to build and maintain a strong career path, with increased opportunities for new responsibilities and better pay. GIAC recognized this industry-wide need, and developed CyberLive - hands-on, real-world practical testing - to fill the gaps in the market.
Although a digitally connected world is ushering in an era of efficiency, innovation and improved customer- and citizen-centric services, this virtually connected world is opening new avenues for adversaries to exploit vulnerabilities in networked systems to access organizations' critical information.
Moreover, adversaries have time to do real damage once they access a network, often moving laterally within the network to identify systems with vulnerabilities and weak or misconfigured security controls. Eighty-three days is the median time between when attackers gain unauthorized access to victim networks and when incidents are first detected, according to the 2018 Trustwave Global Security Report.
Given the current threat environment, security personnel who can assess target networks, systems and applications to find vulnerabilities - as well as think like an advanced attacker as they conduct penetration tests to find significant flaws in systems - are in high demand, according to the latest research by CyberSeek.org.
To that end, hands-on, real-world testing must become a critical component of cyber security certifications. GIAC, which has set the standard for cyber security certifications over the past two decades, is raising the bar even higher with CyberLive, which is virtual machine-based, practical testing incorporated into several of GIAC's existing multiple-choice exams.
CyberLive provides a new tool for identifying advanced practitioners in key disciplines—a vital concern given the increasing complexity of the cyber threat landscape.
At present, CyberLive is incorporated into the GIAC GXPN exam for exploit researchers and advanced penetration testers, as well as four other certification exams— GCIA, GCIH, GPEN, and GCFA. CyberLive will be added to an additional five or six exams in the near future.
Adding Value to Traditional Knowledge-Based Testing
It is important to note, CyberLive does not replace traditional knowledge-based testing. Instead, it provides a value-add. CyberLive uses actual programs, actual code, live virtual-machines, and actual networks to present an environment to cyber practitioners in which they prove their knowledge, understanding, and skill.
As part of some exams, practitioners are asked practical questions that require them to perform real-world-like tasks in a virtual machine environment. The gamification of exams adds a cool factor, but it has practical ramifications as well, providing both cyber professionals and employers or prospective employers with a measure of the practitioner's real-world abilities.
"If you're a great practice player, but not as good at the game, then there's diminished value," says Jason Nickola, a SEC560 instructor who holds multiple GIAC certifications, including the expert-level GSE. "Being able to answer questions about things isn't the same as being able to do those things."
If a cyber practitioner is on a computer that has a malicious process running on it, can they determine which process is malicious? Or if the practitioner is presented a .conf file that has an error in it that causes a program to crash, can they identify the error and fix that file? Can the practitioner identify what type of traffic is occurring in a packet capture file? These are the types of hands-on scenarios that will help hiring managers identify qualified, advanced cyber professionals as well as better gauge the real-world abilities of prospective employees who have little or no previous job experience, such as newly graduated students. Students can demonstrate their abilities through their GIAC certification as a substitute for previous job experience.
The demand for hands-on testing is growing among practitioners, and hiring managers have pushed for the use of practical questions in exams to identify advanced candidates. As a result, GIAC established CyberLive to add value to its leading certification program. Real-world scenarios are the future of cyber security certification and GIAC, with its granular approach to certification, is leading the wave.
The following certs currently have CyberLive testing:
Exploit Researcher and Advanced Penetration Tester (SEC660)
- Network Attacks, Crypto, Network Booting, and Restricted Environments
- Python, Scapy, and Fuzzing
- Exploiting Windows and Linux for Penetration Testers
Intrusion Analyst (SEC503)
- Fundamentals of Traffic Analysis and Application Protocols
- Open-Source IDS: Snort and Zeek
- Network Traffic Forensics and Monitoring
Incident Handler (SEC504)
- Incident Handling and Computer Crime Investigation
- Computer and Network Hacker Exploits
- Hacker Tools (Nmap, Nessus, Metasploit and Netcat)
Penetration Tester (SEC560)
- Comprehensive Pen Test Planning, Scoping, and Recon
- In-depth Scanning and Exploitation, Post-Exploitation, and Pivoting
- In-depth Password Attacks and Web App Pen Testing
GCFA: GCFA: Forensic Analyst
Forensic Analyst (FOR508)
- Advanced Incident Response and Digital Forensics
- Memory Forensics, Timeline Analysis, and Anti-Forensics Detection
- Threat Hunting and APT Intrusion Incident Response