GIAC Security Expert (GSE) Certification
GSE Overview and Target Audience
The GSE certification is the most prestigious credential in the IT Security industry. The exam was developed by subject matter experts and top industry practitioners. The GSE's performance based, hands-on nature sets it apart from any other certifications in the IT security industry. The GSE will determine if a candidate has truly mastered the wide variety of skills required by top security consultants and individual practitioners.
Those who pursue an in-depth technical education in all areas of information security are the target audience for the GSE certification. Knowledge in a particular area, Intrusion Detection or Incident Handling is both important and valuable. Individuals who earn any of the GIAC certifications have worked hard, demonstrated essential technical skill, and should rightfully take pride in their accomplishment. But individuals who make the effort to not only learn, but to master all of the essential elements of information security belong in a very special group. These individuals will be the elite of Information Security, the top practitioners in the field. Those who pursue an in-depth technical education in all areas of information security are the target audience for the GSE certification.
- GSEC, GCIH, GCIA with two gold
- GSEC, GCIH, GCIA with one gold and one substitute
- GSEC, GCIH, GCIA with no gold and two substitutes
- GCWN, GCUX, GCIH, GCIA with one gold
- GCWN, GCUX, GCIH, GCIA with no gold and one substitute
GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two gold certifications. The GSEC pre-requisite is unique because of dual windows and unix coverage.
Pre-requisite Substitution Options
- GCWN & GCUX combined can act as a substitute for GSEC
- Higher level certifications can act as substitutes for gold papers. Visit the GIAC Certification Roadmap for details.
In addition, you must have real world, hands-on experience in these subject areas. The GSE hands-on examination ensures each candidate has a high-degree of competence in all certification objectives.
The GSE exam has two parts:
Part 1: Multiple Choice Exam:
The GSE multiple choice exam must be scheduled to be taken at a proctored location, like any other GIAC exam. Click here for instructions on How to Schedule Your GIAC Proctored Exam. Passing this exam qualifies a person to sit for the GSE hands-on lab.
- GSE Multiple Choice Exam Requirements
- 1 proctored exam
- 150 questions
- Time limit of 3 hours
- Minimum Passing Score of 75%
- The GSE multiple choice exam follows GIAC's standard retake policy.
- GSE Multiple Choice Exam Delivery
GIAC certification attempts will be activated in your GIAC account after your application has been approved based on adherence to according to the published prerequisites. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Once you successfully complete Part 1, you must sit for the GSE lab within 18 months of the date of completion. Failure to do so may require Part 1 to be re-completed.
Part 2: Hands-On Lab:
Part 2 of the GSE Certification Attempt is a 2-day, in person, hands-on lab exam. The Lab is generally offered twice a year, corresponding to national SANS conferences.
- Day 1 consists of an incident response scenario requiring the candidate to analyze data and present their results via written report.
- Day 2 consists of a rigorous battery of hands-on exercises drawn from all of the domains listed below.
GIAC reserves the right to request candidates who are unsuccessful in one domain of the GSE lab complete additional work outside of the GSE lab before awarding the credential. GIAC reserves the right to require any candidate to retake the entire lab. To reserve a seat for a GSE lab, you must have met the following two requirements at least 30 days prior to the lab date:
- Successfully pass Part 1: Multiple Choice Exam
- Pay the Lab registration and requested a seat at your desired Lab offering.
- Once you have completed the necessary pre-requisites, you may apply for the multiple choice exam by clicking the Register Now button.
- Once your application is reviewed and approved you may complete the registration process and pay the $429 exam fee.
- Upon passing the multiple choice exam, you will be eligible to attempt the GSE hands-on lab. The lab fee is an additional $2,199.
- Please allow up to 10 business days for application processing and approval.
GSE Certification Objectives
The skills required to successfully earn the GSE certification can be broken up into three major groups:
- General security skills
- Incident handling skills
- Intrusion detection and analysis skills During the GSE lab, GIAC will provide you a laptop with the following tools installed:
- Windows 7 Professional
- LibreOffice (version 4.4)
- VMWare Player (version 7.1)
- The Putty SSH suite and WinSCP
- Burp Suite
- A virtual machine with a customized configuration of Kali Linux 1.1.0a, with included security tools.
- We have also installed Snort, SiLK and Bro IDS.
- You can find a list of standard tools included with Kali Linux here (http://tools.kali.org/tools-listing).
- Virtual machines with Ubuntu Linux Server
To ensure a level playing field for all candidates, you will not be permitted to load data, software, or electronic references onto the computer for the exam. We will provide external mice, but you will not be permitted to attach additional peripherals (monitors, keyboards) to the candidate laptops. To complete the exercises, you must exclusively use the tools and virtual machines provided by GIAC. Failure to comply will result in dismissal from the examination.
The following is a partial list of some tools and techniques you can expect to encounter during GSE exercises.
- sniffers/IDS - wireshark, snort
- Scanners - nmap, Nessus vulnerability scanning results
- utilities - netcat, ssh, gpg, iptables
- miscellaneous - metasploit, command line tools, and common attack techniques
All Exercises are Derived from the following General Objectives
|Objective||Outcome - The GIAC promise is that holders of the GSE will have the following capabilities.|
|IDS and Traffic Analysis Domain|
|Capture Traffic||Demonstrate competence with common IDS tools and techniques for capturing traffic.|
|Analyze Traffic||Demonstrate the ability to decipher the contents of packet capture headers.|
|Interpret Traffic||Make correct judgments as to the nature of traffic to or from specific hosts in packet captures.|
|IDS Tools||Demonstrate proficiency using common Open Source IDS tools including Snort, tcpdump, and Wireshark|
|Incident Handling Domain|
|IH Process||Demonstrate mastery of the Incident Handling process.|
|Common Attacks||Demonstrate a broad knowledge of computer and network attacks.|
|Malware||Demonstrate solid understanding of malware and how to handle infected computers.|
|Preserving Evidence||Demonstrate the ability to preserve evidence relevant to an Incident investigation.|
|Windows Security||Demonstrate general knowledge of Windows Security and proficiency in a Windows environment.|
|Unix Security||Demonstrate knowledge of Unix Security and proficiency in a Unix environment.|
|Secure Communications||Demonstrate an understanding of basic cryptography principles, techniques, and tools.|
|Protocols||Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS, and other common protocols.|
|Security Principles||Consistently demonstrate and practice bedrock security principles.|
|Security Technologies Domain|
|Firewalls||Demonstrate competence with firewalls.|
|Vulnerability Scanners, and Port Scanners||Demonstrate competence with scanning tools including vulnerability and port scanners.|
|Sniffers and Analyzers||Demonstrate competence with Sniffers and Protocol Analyzers|
|Common Tools||Demonstrate competence with common tools including netcat, SSH, Ettercap, p0f, etc...|
|Soft Skills Domain|
|Security Policy and Business Issues||Demonstrate an understanding of the security policy and business issues including continuity planning.|
|Information Warfare and Social Engineering||Demonstrate an understanding of Information Warfare and Social Engineering.|
|Ability To Write||Demonstrate the ability to write quality technical reports or articles.|
|Ability to Analyze||Demonstrate the ability to analyze complex problems that involve multiple domains and skills.|
GIAC reserves the right to:
GSE Lab Retake Policy — A person who has unsuccessfully attempted the hands-on lab must wait one (1) year before they are eligible for another attempt. If you wish to retake prior to 1 year, you may apply for a waiver by filling out the following form and emailing it to firstname.lastname@example.org.The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3 attempt limit* on GSE lab attempts.
GSE Certification Maintenance
The GSE is renewed every four years by taking the current version of the GSE multiple choice exam. The GSE may not be renewed via CPE's. Renewing your GSE will renew all other GIAC certifications in good standing.