Get Certified: Roadmap

GIAC offers over 30 cyber security certifications in security administration, management, legal, audit, forensics and software security. A Certification Roadmap has been created to help you determine what certifications are right for specific job needs or career goals. Each GIAC certification is designed to stand on its own, and represents a certified individual's mastery of a particular set of knowledge and skills. There is no particular "order" in which GIAC certifications must be earned; though we recommend that candidates master lower level concepts before moving on to more advanced topics.

GIAC certifications align with individual job based disciplines and typically correspond to topics presented in SANS full 5-6 day courses. GIAC certification attempts have a 4 month time frame.

Cyber Defense
Level GIAC Certification Affiliate Training
Introductory GISF: GIAC Information Security Fundamentals SEC301: Intro to Information Security
Intermediate GSEC: GIAC Security Essentials SEC401: Security Essentials Bootcamp Style
Advanced GCED: GIAC Certified Enterprise Defender SEC501: Advanced Security Essentials - Enterprise Defender
Advanced GPPA: GIAC Certified Perimeter Protection Analyst
Advanced GCIA: GIAC Certified Intrusion Analyst SEC503: Intrusion Detection In-Depth
Advanced GCWN: GIAC Certified Windows Security Administrator SEC505: Securing Windows and PowerShell Automation
Advanced GCUX: GIAC Certified UNIX Security Administrator SEC506: Securing Linux/Unix
Advanced GMON: GIAC Continuous Monitoring Certification SEC511: Continuous Monitoring and Security Operations
Advanced GCDA: GIAC Certified Detection Analyst SEC555: SIEM with Tactical Analytics
Advanced GCCC: GIAC Critical Controls Certification SEC566: Implementing and Auditing the Critical Security Controls - In-Depth
Advanced GDAT: GIAC Defending Advanced Threats SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses New

ICS
Level GIAC Certification Affiliate Training
Intermediate GICSP: Global Industrial Cyber Security Professional ICS410: ICS/SCADA Security Essentials
Advanced GRID: GIAC Response and Industrial Defense ICS515: ICS Active Defense and Incident Response
Advanced GCIP: GIAC Critical Infrastructure Protection ICS456: Essentials for NERC Critical Infrastructure Protection

Penetration Testing
Level GIAC Certification Affiliate Training
Intermediate GCIH: GIAC Certified Incident Handler SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
Advanced GPEN: GIAC Certified Penetration Tester SEC560: Network Penetration Testing and Ethical Hacking
Advanced GWAPT: GIAC Web Application Penetration Tester SEC542: Web App Penetration Testing and Ethical Hacking
Advanced GPYC: GIAC Python Coder SEC573: Automating Information Security with Python
Advanced GMOB: GIAC Mobile Device Security Analyst SEC575: Mobile Device Security and Ethical Hacking
Advanced GAWN: GIAC Assessing Wireless Networks SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses
Advanced GXPN: GIAC Exploit Researcher and Advanced Penetration Tester SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

Digital Forensics & Incident Response
Level GIAC Certification Affiliate Training
Intermediate GCFE: GIAC Certified Forensics Examiner FOR500: Windows Forensic Analysis
Advanced GCFA: GIAC Certified Forensic Analyst FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
Advanced GNFA: GIAC Network Forensic Analyst FOR572: Advanced Network Forensics and Analysis
Advanced GCTI: GIAC Cyber Threat Intelligence FOR578: Cyber Threat Intelligence
Advanced GASF: GIAC Advanced Smartphone Forensics FOR585: Advanced Smartphone Forensics
Advanced GREM: GIAC Reverse Engineering Malware FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Developer
Level GIAC Certification Affiliate Training
Advanced GWEB: GIAC Certified Web Application Defender DEV522: Defending Web Applications Security Essentials
Advanced GSSP-JAVA: GIAC Secure Software Programmer - Java DEV541: Secure Coding in Java/JEE: Developing Defensible Applications
Advanced GSSP-NET: GIAC Secure Software Programmer - .NET DEV544: Secure Coding in .NET: Developing Defensible Applications

Management & Leadership
Level GIAC Certification Affiliate Training
Intermediate GISP: GIAC Information Security Professional MGT414: SANS Training Program for CISSP® Certification
Advanced GSLC: GIAC Security Leadership Certification MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™
Advanced GSTRT: GIAC Strategic Planning, Policy, and Leadership MGT514: Security Strategic Planning, Policy, and Leadership
Advanced GCPM: GIAC Certified Project Manager Certification MGT525: IT Project Management, Effective Communication, and PMP® Exam Prep
Advanced GLEG: GIAC Law of Data Security & Investigations LEG523: Law of Data Security and Investigations
Advanced GSNA: GIAC Systems and Network Auditor AUD507: Auditing & Monitoring Networks, Perimeters & Systems

GIAC Security Expert
Level GIAC Certification
Expert GSE: GIAC Security Expert

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Latest Tweets @CertifyGIAC

The only reliable means to reduce security risk is to invest [...]
January 23, 2019 - 8:59 PM

Job-specific, specialized focus. Deep, real-world knowledge. [...]
January 22, 2019 - 7:00 PM

Enterprises still need human capital to enforce security pro [...]
January 21, 2019 - 10:21 PM

 
 
 
Contact Us

Phone: 301-654-SANS(7267)
Mon-Fri: 9am-8pm ET (phone/email)
Sat-Sun: 9am-5pm ET (email only)
Questions: info@giac.org
More »