Cyber Security Certification: GCTI
GIAC Cyber Threat Intelligence (GCTI)
"The GIAC Cyber Threat Intelligence (GCTI) certification, to me, marks an important moment in our field where we begin to move the art of cyber threat intelligence to science and codify our knowledge. In our complex and ever changing threat landscape it is important for all analysts to earn the GCTI whether or not they are directly involved in generating intelligence. Technical training has become common and helped further our security field the same has not been true for structured analysis training, until now. Many of security practitioners consider themselves analysts but have not fully developed analysis skills in a way that can help us think critically and amplify our technical knowledge. It is in this structured analysis that we can challenge our biases, question our sources, and perform core skills such as intrusion analysis to better consume and generate intelligence. It is through cyber threat intelligence that organizations and their personnel can take on focused human adversaries and ensure that security is maintained. Intelligence impacts us all and we are furthering the field together in a way that will extraordinarily limit the success of adversaries." - Robert M. Lee, Course Author FOR578: Cyber Threat Intelligence
Areas Covered
- Strategic, operational, and tactical cyber threat intelligence application & fundamentals
- Open source intelligence and campaigns
- Intelligence applications and intrusion analysis
- Analysis of intelligence, attribution, collecting and storing data sets
- Kill chain, diamond model, and courses of action matrix
- Malware as a collection source, pivoting, and sharing intelligence
Who is GCTI for?
- Incident response team members
- Threat hunters
- Security operations center personnel
- Information security practitioners
- Experienced digital forensic analysts
- Federal agents and law enforcement officials
Requirements
- 1 proctored exam
- 75 questions
- Time limit of 2 hours
- Minimum Passing Score of 71%
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
The topic areas for each exam part follow:
- Analysis of Intelligence
- The candidate will demonstrate an understanding of the techniques employed in analyzing information. The candidate will also demonstrate an understanding obstacles to accurate analysis, such as fallacies and bias, and how to recognize and avoid them.
- Campaigns and Attribution
- The candidate will demonstrate an understanding of identifying and profiling intrusion characteristics and external intelligence into campaigns. The candidate will demonstrate an understanding of the importance of attribution and the factors that are considered when making an attribution.
- Collecting and Storing Data Sets
- The candidate will demonstrate an understanding of collecting and storing data from collection sources such as threat feeds, domains, TLS certificates, and internal sources.
- Intelligence Application
- The candidate will demonstrate an understanding of the practical application of gathering, analyzing, and using intelligence. Additionally, the candidate will demonstrate an understanding of how well-known cyber attacks can inform cyber intelligence professionals today.
- Intelligence Fundamentals
- The candidate will demonstrate an understanding of fundamental cyber threat intelligence definitions and concepts. The candidate will also demonstrate a basic working knowledge of technologies that provide intelligence analysts with data, such as network indicators, log repositories, and forensics tools.
- Kill Chain, Diamond Model, and Courses of Action Matrix
- The candidate will demonstrate an understanding of the Kill Chain, Diamond Model, and Courses of Actions Matrix and how they are used together to analyze intrusions.
- Malware as a Collection Source
- The candidate will demonstrate an understanding of malware analysis tools and techniques to derive intelligence.
- Pivoting
- The candidate will demonstrate an understanding of pivoting to expand intelligence, pivot analysis, the ability to use link analysis tools, and ability perform domain analysis to expand intelligence collections.
- Sharing Intelligence
- The candidate will demonstrate an understanding of methods and practices of storing intelligence from various sources. The candidate will demonstrate an understanding of the processes, tools, and techniques used in sharing intelligence. The candidate will demonstrate an understanding of effectively sharing tactical intelligence with executives by writing accurate and effective reports and using such capabilities as assessments.
*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*
Other Resources
- Training is available in a variety of modalities including live conference training, online, and self study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found athttps://www.giac.org/about/procedures/grievance.
