Security Certification: GCTI

Security Certification:

GIAC Cyber Threat Intelligence (GCTI)

The GCTI Certification will be Available Late December 2017

Description

"The GIAC Cyber Threat Intelligence (GCTI) certification, to me, marks an important moment in our field where we begin to move the art of cyber threat intelligence to science and codify our knowledge. In our complex and ever changing threat landscape it is important for all analysts to earn the GCTI whether or not they are directly involved in generating intelligence.

Technical training has become common and helped further our security field the same has not been true for structured analysis training, until now. Many of security practitioners consider themselves analysts but have not fully developed analysis skills in a way that can help us think critically and amplify our technical knowledge. It is in this structured analysis that we can challenge our biases, question our sources, and perform core skills such as intrusion analysis to better consume and generate intelligence. It is through cyber threat intelligence that organizations and their personnel can take on focused human adversaries and ensure that security is maintained.

Intelligence impacts us all and we are furthering the field together in a way that will extraordinarily limit the success of adversaries," Robert M. Lee, Course Author FOR578: Cyber Threat Intelligence

Areas Covered on the GCTI

  • Strategic, Operational, and Tactical Cyber Threat Intelligence
  • Open Source Intelligence and Campaigns
  • Intelligence Applications and Intrusion Analysis

SANS FOR578 Alumni will be eligible to challenge the GCTI exam. All alumni of FOR578 will receive a special offer email with a discount code once the exam is live to the public in late December.

Find affiliated training for GCTI now.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Requirements

  • 1 proctored exam
  • 70 questions
  • Time limit of 2 hours
  • Minimum Passing Score To Be Determined

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.

Links


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Attribution and Strategic Sharing
The candidate will demonstrate an understanding of the importance of attribution and the factors that are considered when making an attribution as well as understand the importance of weaknesses associated with attribution. The candidate will demonstrate an understanding of sharing tactical intelligence with executives by writing accurate and effective reports, and using such capabilities as assessments.
Campaigns
The candidate will demonstrate their understanding of identifying and profiling intrusion characteristics and external intelligence into campaigns.
Intelligence Application
The candidate will demonstrate an understanding of the practical application of intelligence fundamentals, such as creating Indicators of Compromise and avoiding analytical mistakes. Additionally, the candidate will demonstrate an understanding of how well-known cyber attacks can inform cyber intelligence professionals today.
Intelligence Fundamentals
The candidate will demonstrate an understanding of fundamental cyber threat intelligence definitions and concepts. The candidate will also demonstrate a basic working knowledge of technologies that provide intelligence analysts with data, such as network indicators, log repositories, and forensics tools.
Kill Chain, Diamond Model, and Courses of Action Matrix
The candidate will demonstrate an understanding of the Kill Chain, Diamond Model, and Courses of Actions Matrix and how they are used together to analyze intrusions.
Operational Intelligence Concepts and Application
The candidate will demonstrate an understanding of methods and practices of storing, sharing, and gathering intelligence from various sources.
OSINT from Malware
The candidate will demonstrate their understanding of malware analysis tools and techniques to derive intelligence.
OSINT Pivoting, Link Analysis, and Domains
The candidate will demonstrate an understanding of pivot analysis, ability to use link analysis tools, and ability to perform domain analysis to expand intelligence from open source intelligence collections.
Sharing: Operational
The candidate will demonstrate an understanding of the processes, tools, and techniques used in sharing operational intelligence, such as working with partners and collaborators and using CybOX/STIX/TAXII.
Sharing: Tactical
The candidate will demonstrate an understanding of the processes, tools, and techniques used in sharing tactical intelligence, such as threat data feeds, and YARA.
Strategic Intelligence Concepts. Analysis, and Application
The candidate will demonstrate an understanding of the obstacles to accurate analysis, such as fallacies and bias, and how to recognize and avoid them. The candidate will also demonstrate an understanding and use of the Analysis of Competing Hypotheses method to ensure complete analysis.
Tactical Intelligence Concepts and Application
The candidate will demonstrate an understanding of the processes, tools, and techniques used by tactical intelligence analysts, those who are most directly involved with day-to-day security operations. The candidate will demonstrate an understanding of tactics, techniques, and procedures (TTPs) and Indicators of Compromise and how such intelligence is conveyed to defenders.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.