Security Certification: GSE

Security Certification:

GIAC Security Expert (GSE) Certification

Overview and Target Audience | Prerequisites | Part 1: Multiple Choice Exam | Part 2: Hands-On Lab
Application Process | Certification Objectives | Certification Renewal | Certified Professionals

2019 GSE Hands-On Lab Offerings:

Spring: March 21-22, 2019 in Arlington, VA
Fall: October 3-4, 2019 in Arlington, VA

Please email to reserve your spot!

GSE Overview and Target Audience

The GSE certification is the most prestigious credential in the IT Security industry. The exam was developed by subject matter experts and top industry practitioners. The GSE's performance based, hands-on nature sets it apart from any other certifications in the IT security industry. The GSE will determine if a candidate has truly mastered the wide variety of skills required by top security consultants and individual practitioners.

Knowledge in a particular area, Intrusion Detection or Incident Handling is both important and valuable. Individuals who earn any of the GIAC certifications have worked hard, demonstrated essential technical skill, and should rightfully take pride in their accomplishment. But individuals who make the effort to not only learn, but to master all of the essential elements of information security belong in a very special group. These individuals will be the elite of Information Security, the top practitioners in the field. Those who pursue an in-depth technical education in all areas of information security are the target audience for the GSE certification.

GSE Pre-requisites:

  1. GSEC, GCIH, GCIA with two Gold
  2. GSEC, GCIH, GCIA with one Gold and one substitute*
  3. GSEC, GCIH, GCIA with no Gold and two substitutes*
  4. GCWN, GCUX, GCIH, GCIA with one Gold
  5. GCWN, GCUX, GCIH, GCIA with no Gold and one substitute*

GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two Gold certifications. Information on Gold papers can be found here.
The GSEC pre-requisite is unique because of dual Windows and Unix coverage.

Pre-requisite Substitution Options

  1. GCWN & GCUX combined can act as a substitute for GSEC.
  2. Advanced level GIAC certifications can act as substitutes for Gold papers. Visit the GIAC Certification Roadmap for details.
    You must also have real world, hands-on experience in these subject areas. The GSE hands-on examination ensures each candidate has a high degree of competence in all certification objectives.

In addition, you must have real world, hands-on experience in these subject areas. The GSE hands-on examination ensures each candidate has a high-degree of competence in all certification objectives.

The GSE exam has two parts:

Part 1: Multiple Choice Exam:

The GSE multiple choice exam must be scheduled to be taken at a proctored location, like any other GIAC exam. Click here for instructions on How to Schedule Your GIAC Proctored Exam. Passing this exam qualifies a person to sit for the GSE hands-on lab.

  • GSE Multiple Choice Exam Requirements
    • 1 proctored exam
    • 150 questions
    • Time limit of 3 hours
    • Minimum Passing Score of 75%
    • The GSE multiple choice exam follows GIAC's standard retake policy.

  • GSE Multiple Choice Exam Delivery
    GIAC certification attempts will be activated in your GIAC account after your application has been approved based on adherence to according to the published prerequisites. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

    Once you successfully complete Part 1, you must sit for the GSE lab within 18 months of the date of completion. Failure to do so may require Part 1 to be re-completed.

Part 2: Hands-On Lab:

Part 2 of the GSE Certification Attempt is a 2-day, in person, hands-on lab exam. The Lab is generally offered twice each year, corresponding to national SANS conferences.

  • Day 1 consists of an incident response scenario requiring the candidate to analyze data and present their results via written report.
  • Day 2 consists of a rigorous battery of hands-on exercises drawn from the domains listed below.

To reserve a seat for a GSE lab, you must have met the following requirements at least 45 days prior to the lab date:

  1. Successful completion of Part 1: Multiple Choice Exam
  2. Prior indication to of your intention to attend a GSE Lab offering.
  3. Full payment of the Lab registration fee

GSE Lab Cancellation policy (Effective as of Network Security 2017)

Due to limited GSE Lab seating capacity, cancellation of any approved registration for the GSE lab within 45 days prior to the start of the Lab will be subject to forfeiture of the full $2,459 lab fee. This fee must be remitted prior to reserving a spot at a future lab offering.

Exceptions to Cancellation Policy may be made at GIAC's discretion based on documented reasons involving a medical emergency, severe illness, death in the family, or military deployment/leave.

Retake of the GSE multiple choice exam may be necessary if a Lab cancellation results in surpassing the 18-month eligibility window following your initial passing the GSE exam.

GIAC reserves the right to:

  • Require candidates who are unsuccessful in one domain of the GSE lab by a slim margin complete additional work outside of the GSE lab before awarding any credential
  • Require any candidate to retake the entire lab
  • Change exam specifications at any time, up to 45 days prior to a scheduled Lab offering

GSE Lab Retake Policy - Candidates who fail the hands-on lab must wait one (1) year to be eligible for another attempt. If you wish to retake prior to 1 year, you may apply for a waiver by submitting this form to

The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3 attempt limit* on GSE lab attempts.


GSE Application Process

  • Once you have completed the necessary pre-requisites, you may apply for the multiple choice exam by clicking the Register Now button.
  • Once your application is reviewed and approved you may complete the registration process and pay the $499 exam fee.
  • Upon passing the multiple choice exam, you will be eligible to attempt the GSE hands-on lab. The lab fee is an additional $2,459.
  • Please allow up to 10 business days for application processing and approval.

GSE Certification Objectives

The skills required to successfully earn the GSE certification can be broken up into three major groups:

  1. General security skills
  2. Incident handling skills
  3. Intrusion detection and analysis skills During the GSE lab, GIAC will provide you a laptop with the following tools installed:
    • Windows 7 Professional
      • LibreOffice
      • VMWare Player
      • Wireshark
      • GPG4Win
      • The Putty SSH suite and WinSCP
      • Burp Suite
      • Notepad++
    • A virtual machine with a customized configuration of Kali Linux 2018.1, with included security tools.
      • We have also installed Snort, SiLK and Bro IDS.
      • You can find a list of standard tools included with Kali Linux here
    • Virtual machines with Ubuntu Linux Server

To ensure a level playing field for all candidates, you will not be permitted to load data, software, or electronic references onto the computer for the exam. We will provide external mice, but you will not be permitted to attach additional peripherals (monitors, keyboards) to the candidate laptops. To complete the exercises, you must exclusively use the tools and virtual machines provided by GIAC. Failure to comply will result in dismissal from the examination.

The following is a partial list of some tools and techniques you can expect to encounter during GSE exercises.

  • sniffers/IDS - wireshark, snort
  • Scanners - nmap, Nessus vulnerability scanning results
  • utilities - netcat, ssh, gpg, iptables
  • miscellaneous - metasploit, command line tools, and common attack techniques

All Exercises are Derived from the following General Objectives

Objective Outcome - The GIAC promise is that holders of the GSE will have the following capabilities.
IDS and Traffic Analysis Domain
Capture Traffic Demonstrate competence with common IDS tools and techniques for capturing traffic.
Analyze Traffic Demonstrate the ability to decipher the contents of packet capture headers.
Interpret Traffic Make correct judgments as to the nature of traffic to or from specific hosts in packet captures.
IDS Tools Demonstrate proficiency using common Open Source IDS tools including Snort, tcpdump, and Wireshark
Incident Handling Domain
IH Process Demonstrate mastery of the Incident Handling process.
Common Attacks Demonstrate a broad knowledge of computer and network attacks.
Malware Demonstrate solid understanding of malware and how to handle infected computers.
Preserving Evidence Demonstrate the ability to preserve evidence relevant to an Incident investigation.
ITSEC Domain
Windows Security Demonstrate general knowledge of Windows Security and proficiency in a Windows environment.
Unix Security Demonstrate knowledge of Unix Security and proficiency in a Unix environment.
Secure Communications Demonstrate an understanding of basic cryptography principles, techniques, and tools.
Protocols Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS, and other common protocols.
Security Principles Consistently demonstrate and practice bedrock security principles.
Security Technologies Domain
Firewalls Demonstrate competence with firewalls.
Vulnerability Scanners, and Port Scanners Demonstrate competence with scanning tools including vulnerability and port scanners.
Sniffers and Analyzers Demonstrate competence with Sniffers and Protocol Analyzers
Common Tools Demonstrate competence with common tools including netcat, SSH, Ettercap, p0f, etc...
Soft Skills Domain
Security Policy and Business Issues Demonstrate an understanding of the security policy and business issues including continuity planning.
Information Warfare and Social Engineering Demonstrate an understanding of Information Warfare and Social Engineering.
Ability To Write Demonstrate the ability to write quality technical reports or articles.
Ability to Analyze Demonstrate the ability to analyze complex problems that involve multiple domains and skills.

GSE Lab Retake Policy — A person who has unsuccessfully attempted the hands-on lab must wait one (1) year before they are eligible for another attempt. If you wish to retake prior to 1 year, you may apply for a waiver by filling out the following form and emailing it to

The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3 attempt limit* on GSE lab attempts.

GSE Renewal

Renewing your GSE will renew all of your active GIAC certifications! The GSE is renewed every four years by taking the current version of the GSE multiple choice exam. The GSE may not be renewed via CPE's. At the time of registering for a GSE Renewal, you have the option to receive courseware books for the SANS course corresponding to certifications you hold.

Certified Professionals

Click here to View GSE Professionals