Cyber Security Certification: GMOB

Cyber Security Certification: GMOB


The GIAC Mobile Device Security Analyst (GMOB) certification ensures that people charged with protecting systems and networks know how to properly secure mobile devices that are accessing vital information. GMOB certification holders have demonstrated knowledge about assessing and managing mobile device and application security, as well as mitigating against malware and stolen devices.

Areas Covered

Who is GMOB for?

Requirements

Note:

GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GMOB exam has been determined to be 71% for all candidates receiving access to their certification attempts on or after December 24th, 2016. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts.

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Analyzing Mobile Applications
The candidate will demonstrate the understanding of techniques to evaluate mobile application binaries and permissions in order to detect potentially harmful behavior.
Assessing Mobile Application Security
The candidate will demonstrate the ability to assess the security of mobile applications with respect to privacy, data protection, and undesirable application behavior.
Attacking Encrypted Traffic
The candidate will demonstrate an understanding of tools and techniques that can exploit SSL/TLS channels and render encryption ineffective during mobile device penetration testing.
Managing Android Devices and Applications
The candidate will demonstrate familiarity with Android configuration, security models, and applications, and how they affect security posture.
Managing iOS Devices and Applications
The candidate will demonstrate familiarity with iOS configuration, security models, and applications, and how they affect security posture.
Manipulating Mobile Application Behavior
The candidate will demonstrate the understanding of security evasion techniques to test the security of mobile applications in order to detect potentially harmful behavior.
Manipulating Network Traffic
The candidate will demonstrate an understanding of typical techniques a penetration tester can use to manipulate how a mobile device interacts with networks and services to capture and manipulate network traffic.
Mitigating Against Mobile Malware
The candidate will be able to demonstrate how to protect mobile device data, and mitigate against malware targeted to mobile devices.
Mitigating Against Stolen Mobile Devices
The candidate will be able to demonstrate how to mitigate against the threat of data loss from stolen mobile devices.
Reverse Engineering Mobile Applications
The candidate will demonstrate an understanding of the core concepts associated with reverse-engineering applications on the most commonly used mobile device operating systems.
Unlocking and Rooting Mobile Devices
The candidate will demonstrate understanding of the concept and processes behind rooting, jailbreaking, and unlocking mobile devices and the security ramifications.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources