Cyber Security Certification: GDSA

Cyber Security Certification: GDSA


"The GIAC Defensible Security Architecture (GDSA) certificate is an industry certification that proves an individual is capable of looking at an enterprise defense holistically. A GDSA no longer emphasizing security through a single control but instead applies multiple controls ranging from network security, cloud security, and data-centric security approaches to properly prevent, detect, and respond. The end result is defense-in-depth that is maintainable and works." - Justin Henderson, SANS SEC530 Course Author

"Holders of the GIAC Defensible Security Architect (GDSA) certification have proved to be all-round defenders, capable of designing, implementing and tuning an effective combination of network-centric and data-centric controls to balance prevention, detection, and response. Certified GDSA professionals are versatile blue-teamers and cyber defenders possessing an arsenal of skills to protect an organization's critical data, from the endpoint to the cloud, across networks and applications. Armed with these skills, certified GDSA individuals possess, not only a strategic but also a tactical, hands-vision, that empowers them to continually improve an organization's security posture, knowing how to best defend now and in the future." - Ismael Valenzuela, SANS SEC530 Course Author

Areas Covered

Who is GDSA for?

Requirements

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Cloud-based Security Architecture
The candidate will show an understanding of the concepts involving cloud security, securing on-premise hypervisors, network segmentation, surface reduction, delivery models, and container security.
Data Discovery, Governance, and Mobility Management
The candidate will demonstrate an understanding of file classification, Data Loss Prevention (DLP), database governance, and Mobile Device Management (MDM).
Data-Centric Security
The candidate will demonstrate an understanding of the concepts involving data-centric security. Specifically, have an understanding of reverse proxies, web application firewalls, database firewalls, and database activity monitoring.
Fundamental Layer 3 Defense
The candidate will demonstrate an understanding of the concepts related to securing basic Layer 3 hardware, protocols and services and have an awareness of common attack vectors. In particular, demonstrate a knowledge of CIDR, Layer 3 routing attacks and mitigations, Layer 2/3 benchmark and auditing tools, securing SNMP and NTP protocols, and bogon filtering.
Fundamental Security Architecture Concepts
The candidate will demonstrate a basic understanding of the concepts of perimeter-focused deficiencies, presumption of compromise, Zero Trust Model, Intrusion Kill Chain, Diamond Model, software-defined networking, micro-segmentation, threat vector analysis and attack surface analysis.
IPv6
The candidate will demonstrate an understanding of the concepts of IPV6. Specifically,have an understanding of addressing, dual stack systems, tunneling; and IPv6 router advertisement attacks and mitigation.
Layer 1/Layer 2 Defense
The candidate will demonstrate an understanding of the concepts related to securing Layer 1 and Layer 2 services, applications and protocols and be aware of common vectors for these attacks. Specifically,have an understanding of the structure and deployment of VLANs, CDP, MAC spoofing, ARP cache poisoning, DHCP starvation, VLAN hopping, 802.1X, and NAC.
Network Defenses
The candidate will demonstrate an understanding of the concepts related to network defense. In particular, show a knowledge of NIDS, NIPS, network security monitoring, sandboxing, encryption, and DDOS protections.
Network Encryption and Remote Access
The candidate will demonstrate an understanding of secure remote access, dual factor for all remote access VPNs and Jump Boxes.
Network Proxies and Firewalls
The candidate will demonstrate an understanding of Web proxies,SMTP proxies, and next generation firewalls.
Zero Trust Endpoints
The candidate will show an understanding of the concepts of securing Zero Trust Endpoints. In particular, demonstrate an understanding of patching via automation, end-user privilege reduction, host hardening, host IDS/IPS; endpoint firewalls, and scaling endpoint log collection.
Zero Trust Fundamentals
The candidate will demonstrate an understanding of the concepts involving Zero Trust Architecture, credential rotation, and responding to pivoting adversaries and insider threats.
Zero Trust Networking
The candidate will demonstrate a basic understanding of the concepts of Zero Trust Networking. Specifically, demonstrate an understanding of authenticating and encrypting endpoint traffic, Domain Isolation, Single Packet Authentication, red herring defenses, and proactive defenses to change attacker behaviors.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources