The GIAC Experienced Forensics Examiner (GX-FE) Applied Knowledge Certification is now live!
You might be thinking, ‘So what? What's the big deal? And why all the excitement—it's just an exam!’ Well, let me explain...
The GIAC Security Expert (GSE) certification has been around for well over 15 years, and it's well-known to be a prized certification for those who've put in the hard work to achieve it. It’s also highly regarded by employers seeking to hire cybersecurity experts who really know what they're talking about. When GIAC remodeled the journey to obtaining the GSE last year, they also introduced the GIAC Security Professional (GSP) certification as a mid-point to the GSE. Both the GSP and GSE certifications elevate your certification status, as they comprise multiple other certifications at both the Practitioner and Experienced levels. I certainly look for and value these when I see them on a resume during recruitment.
What's this got to do with the GX-FE?
The GSE (and now GSP) has historically not been focused on Digital Forensics and Incident Response (DFIR). So, in short, despite me admiring the qualification for years, it wasn't something I really had an option of pursuing in my field. But that all changed last year when the structure of GIAC certifications changed and the Applied Knowledge certifications were introduced and expanded to include more DFIR-focused certifications. First came the GIAC Experienced Forensics Analyst (GX-FA), and now we also have the GIAC Experienced Forensic Examiner (GX-FE) certification. I'm so excited because it's now possible to achieve a fully DFIR-focused GSP!
How hard are the Applied Knowledge Certifications?
I'm known by friends and colleagues for being far too honest, and this is no exception... They're hard. They're meant to be achievable if you've been working in the field for a few years and have a lot of knowledge and experience, so they're meant to be hard! The GX-FA was the first one I'd ever attempted. I ran out of time and I came out of the exam feeling like I still didn't know where to even start on at least one or two of the questions. But you know what? I had a lot of fun doing it because it was all practical; it's all CyberLive. If you've ever done a Practitioner exam with a CyberLive component, imagine an entire exam like that (but with more difficult problems to solve); that's an Applied Knowledge exam.
Should I be worried about the exam being CyberLive?
I get a lot of questions about CyberLive. People seem to be much more apprehensive about that element of GIAC exams than the multiple choice questions. I always say that I much prefer CyberLive to multiple choice questions. With CyberLive, you get to solve the problem yourself using whatever tools you like in the virtual machine; it doesn't matter how you get to the answer as long as you can work it out. With multiple choice questions, you need to know or be able to find the answer in whatever printed materials you brought to the exam. For me, working something out is much more fun than just knowing or looking up an answer!
Back to the GX-FE...
This is the exam I've most looked forward to since the new Applied Certifications were announced. Windows Forensics is my bread-and-butter; FOR500 Windows Forensic Analysis is the course I have the pleasure of teaching. I'm incredibly grateful to the GIAC team for putting this exam together and for inviting me to take the Alpha run of the certification. As they're well aware, I really couldn't hide my excitement (understatement: I was bouncing off the walls!) when I found out it would exist, when invited into Alpha, or when actually sitting the exam, and I really hope that feedback from me and others in Alpha and Beta helped make it even more awesome. I know the team is incredibly proud of the work they've done on this, and they should be.
What did taking these exams teach me, and why should others take them?
Every GIAC certification I've done (every forensics-related exam, because I'm just that crazy!) has taught me what I know and what I still need to learn. Every field in cybersecurity is a never-ending learning experience, and certifications are just one part of that journey. I find certifications a really useful part of the journey to practice skills, test knowledge, and to add to my resume so others can see what I know after all these years. Having taken two Applied Knowledge certifications and knowing just how difficult they are, if I saw any of them on a resume during a recruitment drive, I'd be much more likely to invite that person for an interview. Same for anyone with a GSP or GSE, particularly with a DFIR focus. I'd say that Practitioner exams show a level of knowledge in that subject; Applied Knowledge exams, the GSP, and the GSE show a person has experience.
Like I mentioned, I've taken a lot of GIAC exams, so if you have any questions, please do reach out; I'm always happy to chat through concerns or give you tips on prepping. I also wrote a blog providing hints and tips to prepare for an exam, so feel free to check that out here.
Best of luck to everyone sitting for an exam!
Ready to take your DFIR expertise to the next level? Discover more about the GX-FE Certification and see how it can elevate your career. Explore the details and start your journey today: Unlock the GX-FE Certification!