GIAC AI Security Automation Engineer (GASAE)

• Automating asset discovery, configuration management and incident response workflows
• Using automated offensive tools and adversary emulation to identify vulnerabilities
• Deploying scripts and configurations to remediate Windows and Linux hosts
• Applying AI concepts such as LLMs, RAG and agentic AI to detection and response
• Building automation with scripting, Infrastructure as Code and collaborative red/blue team tools
• Analyzing host artifacts and integrating automation into SOC operations
• Implementing Azure and AWS security automation for monitoring and incident response
• Using automated attack chaining and breach and attack platforms to assess defensive readiness

• Security Operation Center Analysts
• Incident Responders and Forensic Analysist
• Red Team Operators and Penetration Testers
• Purple Team Engineers
• Security Automation and Orchestration Engineers
• Cloud Security Engineers
• Detection Engineers and Threat Hunters
• DevSecOps and Infrastructure as Code Engineers
• Security Architects

GASAE with CyberLive™ Hands-On, Real-World Skill Validation

GIAC knows that cyber security professionals need:

• Discipline-specific certifications
• Practical testing that validates their knowledge and hands-on skills

In response to this industry-wide need, GIAC developed CyberLive™ - hands-on, real-world practical testing.

CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:

• Actual programs
• Actual code
• Virtual machines

Candidates are asked practical questions that require performance of real-world-like tasks that mimic specialized job roles.

Find out more about CyberLive here.

NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

• Adversary Emulation Fundamentals
  The candidate will demonstrate an understanding of adversary emulation frameworks and automation techniques, tools and breach-and-attack simulation platforms to model and chain offensive attack behaviors.
• Artificial Intelligence Fundamentals
  The candidate will demonstrate an understanding of artificial intelligence fundamentals, including how AI processes text, large language models, retrieval-augmented generation, different types of AI models, and the characteristics of agentic AI.
• Automating Offensive Workflows
  The candidate will demonstrate an understanding of how to deploy and automate offensive security workflows using frameworks and tools such as agentic AI, cloud adversary emulation platforms, and orchestration techniques for chaining attacks to simulate real-world adversaries.
• Automating Workflows
  The candidate will demonstrate an understanding of workflow automation using scripting languages, infrastructure as code tools, and collaborative environments to support incident response, offensive operations, and purple team collaboration.
• AWS Cloud Security and Incident Response
  The candidate will demonstrate an understanding of AWS security and automation services and how they are applied to compliance, logging, automated incident response, and continuous security improvement. The candidate will also demonstrate an understanding of how AWS tools can be used to build AI-assisted security workflows.
• Azure Cloud Security and Incident Response Automation
  The candidate will demonstrate an understanding of the security controls and automation capabilities in Azure, including infrastructure as code, Microsoft Defender, Sentinel, and AI-driven services and how they support incident response, security monitoring, and continuous improvement.
• Defensive Security Automation
  The candidate will demonstrate an understanding of how automation supports defensive security operations, including agent deployment, incident artifact collection, enrichment, and integration into modern SOC and fusion center workflows.
• Security Automation Fundamentals
  The candidate will demonstrate an understanding of common security automation terminology, tools, and strategies for selecting, planning, and deploying automation workflows leveraging DevOps principles.
• Security Orchestration Automation and Response
  The candidate will demonstrate an understanding of how to utilize security orchestration and automation techniques to enhance incident response efficiency and effectiveness of a security operations team using playbooks, independent tool integrations, and common SOAR tools.
• Using Automation and AI for Detection Engineering and Incident Response
  The candidate will demonstrate an understanding of how automation and AI support detection engineering and incident response, including their application across incident response models, forensic tooling, SOAR playbooks, enrichment, and the integration of generative and agentic AI to enhance SOC capabilities.

• Training will be available in a variety of modalities including live training and OnDemand.
• Practical work experience can help ensure that you have mastered the skills necessary for certification.
• College level courses or self paced study through another program or materials may meet the needs for mastery.
• Get information about the procedure to contest exam results.

Practice Tests

• These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
• Practice exams are a gauge to determine if your preparation methods are sufficient.
• The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
• Practice exams never include actual exam questions.
• GIAC recommends leveraging additional study methods for test preparation.