Cybersecurity Certifications

Cybersecurity Certifications

Cyber Defense Certifications

Cyber defenders play an essential role in securing the enterprise. Defending against attacks is only possible with the right skill set - and confidence in your abilities and those of your team. GIAC's Cyber Defense certifications span the entire defense spectrum and are focused in two areas: cyber defense essentials and blue teaming. Whether your needs are beginner-level, advanced, or for a specialized area of defense, GIAC has the credentials you need to keep your organization safe from the latest threats.

GIAC with CyberLive

Real world, virtual machine testing for specialized certifications

CyberTalent Assessments

Measure your skills and competency levels to decide what's next

Blue Team Operations

Prove your ability to detect, respond to, and recover from an attack.

Learn More

Cyber Defense Essentials

Prove your mastery of essential skills needed to defend the enterprise.

Learn More

Purple Team

Improve the "red-blue" feedback loop by certifying in cross-focus areas.

Learn More

"Working in a Managed Detection & Response team, my GSEC gave me the building blocks needed to become a well-rounded defender and has sparked my motivation to continue getting more education and certs. I am now enrolled in GCIH and I can already tell this course will boost my confidence and skills to protect organizations across the globe." - Nate Gonzalez, GSEC, GCIH

Blue Team Operations Certifications

GIAC Open Source Intelligence (GOSI)

The GOSI certification confirms that practitioners have a strong foundation in OSINT methodologies and frameworks and are well-versed in data collection, reporting, and analyzing targets.

  • Open Source Intelligence Methodologies and Frameworks
  • OSINT Data Collection, Analysis, and Reporting
  • Harvesting Data from the Dark Web

Affiliated Training: SEC487: Open-Source Intelligence (OSINT) Gathering & Analysis


GIAC Certified Intrusion Analyst (GCIA) with CyberLive

The GCIA with CyberLive certification validates a practitioner's knowledge of network and host monitoring, traffic analysis, and intrusion detection.

  • Fundamentals of Traffic Analysis and Application Protocols
  • Open-Source IDS: Snort and Zeek
  • Network Traffic Forensics and Monitoring

Affiliated Training: SEC503: Intrusion Detection In-Depth

GIAC Certified Windows Security Administrator (GCWN)

The GCWN certification validates a practitioner's ability to secure Microsoft Windows clients and servers and to configure and manage the security of Microsoft operating systems and applications.

  • Defensible networking and endpoint protection
  • Operating system and application hardening, PKI management
  • Restricting administrative compromise and securing PowerShell

Affiliated Training: SEC505: Securing Windows and PowerShell Automation

GIAC Continuous Monitoring Certification (GMON)

The GMON certification confirms a practitioner's ability to deter intrusions, perform continuous security monitoring, and quickly detect anomalous activity.

  • Security architecture and security operations centers (SOCs)
  • Network security architecture and monitoring
  • Endpoint security architecture, automation, and continuous monitoring

Affiliated Training: SEC511: Continuous Monitoring and Security Operations

GIAC Defensible Security Architecture (GDSA)

The GDSA certification proves that practitioners can design and implement an effective combination of network-centric and data-centric controls to balance prevention, detection, and response.

  • Defensible Security Architecture: network-centric and data-centric approaches
  • Network Security Architecture: hardening applications across the TCP/IP stack
  • Zero Trust Architecture: secure environment creation with private, hybrid or public clouds

Affiliated Training: SEC530: Defensible Security Architecture and Engineering

GIAC Certified Detection Analyst (GCDA)

The GCDA certification proves an individual knows how to collect, analyze, and tactically use modern network and endpoint data sources to detect malicious or unauthorized activity.

  • SIEM Architecture and SOF-ELK
  • Service Profiling, Advanced Endpoint Analytics, Baselining and User Behavior Monitoring
  • Tactical SIEM Detection and Post-Mortem Analysis

Affiliated Training: SEC555: SIEM with Tactical Analytics

GIAC Security Operations Certified (GSOC)

The GSOC certification validates a practitioner's ability to defend an enterprise using essential blue team incident response tools and techniques.

  • SOC monitoring and incident response using incident management systems, threat intelligence platforms, and SIEMs
  • Analysis and defense against the most common enterprise-targeted attacks
  • Designing, automating, and enriching security operations to increase efficiency

Affiliated Training: SEC450: Blue Team Fundamentals: Security Operations and Analysis

Cyber Defense Essentials Certifications

GIAC Information Security Fundamentals (GISF)

The GISF certification validates a practitioner's knowledge of security's foundation, computer functions and networking, introductory level cryptography, and cybersecurity technologies.

  • Cyber security terminology and the basics of computer networks
  • Security policies and incident response
  • Passwords and introduction to cryptographic principles

Affiliated Training: SEC301: Introduction to Cybersecurity

GIAC Security Essentials (GSEC)

The GSEC certification validates a practitioner's knowledge of information security beyond simple terminology and concepts.

  • Active defense, defense in depth, access control & password management
  • Defensible network architecture, networking & protocols, and network security
  • Incident handling & response, vulnerability scanning and penetration testing
  • Linux security, cryptography, and windows security
  • Security policy, contingency plans, critical controls and IT risk management
  • Web communication security, virtualization and cloud security, and endpoint security

Affiliated Training: SEC401: Security Essentials Bootcamp Style

GIAC Certified Enterprise Defender (GCED)

The GCED certification assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole.

  • Defensive network infrastructure
  • Packet analysis and penetration testing
  • Incident handling and malware removal

Affiliated Training: SEC501: Advanced Security Essentials - Enterprise Defender


GIAC Certified Incident Handler (GCIH) with CyberLive

The GCIH with CyberLive certification focuses on methods used to detect, respond, and resolve computer security incidents.

  • Incident Handling and Computer Crime Investigation
  • Computer and Network Hacker Exploits
  • Hacker Tools (Nmap, Nessus, Metasploit and Netcat)

Affiliated Training: SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

GIAC Information Security Professional (GISP)

The GISP certification validates a practitioner's knowledge of the 8 domains of cybersecurity knowledge as determined by (ISC)2 that form a critical part of CISSP® exam.

  • Asset Security, Communications and Network Security, and Identity and Access Management
  • Security and Risk Management, Security Assessment and Testing
  • Security Engineering, Security Operation, and Software Development Security

Affiliated Training: MGT414: SANS Training Program for CISSP® Certification

Purple Team Certifications

GIAC Foundational Cybersecurity Technologies Certification (GFACT)

The GFACT certification validates a practitioner's knowledge of essential foundational cybersecurity concepts.

  • Core Computing Components: Hardware and Virtualization, Networking, Operating Systems, Web, Cloud, and Data Storage
  • IT Fundamentals and Concepts: Logic and Programming, Windows, and Linux
  • Security Foundations and Threat Landscape: Concepts, Exploitation and Mitigation, Forensics and Post Exploitation

Affiliated Training: SEC275: Foundations - Computers, Technology, & Security

GIAC Defending Advanced Threats (GDAT)

The GDAT certification is unique in how it covers both offensive and defensive security topics in-depth.

  • Advanced persistent threat models and methods
  • Detecting and preventing payload deliveries, exploitation, and post-exploitation activities
  • Using cyber deception to gain intelligence for threat hunting and incident response

Affiliated Training: SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses