Get Certified: Roadmap

GIAC offers over 30 cyber security certifications in security administration, management, legal, audit, forensics and software security. A Certification Roadmap has been created to help you determine what certifications are right for specific job needs or career goals. Each GIAC certification is designed to stand on its own, and represents a certified individual's mastery of a particular set of knowledge and skills. There is no particular "order" in which GIAC certifications must be earned; though we recommend that candidates master lower level concepts before moving on to more advanced topics.

GIAC certifications align with individual job based disciplines and typically correspond to topics presented in SANS full 5-6 day courses. GIAC certification attempts have a 4 month time frame.

Level GIAC Certification Affiliate Training
Introductory GIAC Foundational Cybersecurity Technologies (GFACT) SEC275: Foundations - Computers, Technology, & Security

Cyber Defense
Level GIAC Certification Affiliate Training
Introductory GISF: GIAC Information Security Fundamentals SEC301: Intro to Information Security
Intermediate GSEC: GIAC Security Essentials SEC401: Security Essentials Bootcamp Style
Advanced GSOC: GIAC Security Operations Certified SEC450: Blue Team Fundamentals: Security Operations and Analysis
Advanced GOSI: GIAC Open Source Intelligence SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis
Advanced GCED: GIAC Certified Enterprise Defender SEC501: Advanced Security Essentials - Enterprise Defender
Advanced GCIA: GIAC Certified Intrusion Analyst SEC503: Intrusion Detection In-Depth
Advanced GCWN: GIAC Certified Windows Security Administrator SEC505: Securing Windows and PowerShell Automation
Advanced GMON: GIAC Continuous Monitoring Certification SEC511: Continuous Monitoring and Security Operations
Advanced GDSA: GIAC Defensible Security Architecture SEC530: Defensible Security Architecture
Advanced GCDA: GIAC Certified Detection Analyst SEC555: SIEM with Tactical Analytics
Advanced GDAT: GIAC Defending Advanced Threats SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

Level GIAC Certification Affiliate Training
Intermediate GICSP: Global Industrial Cyber Security Professional ICS410: ICS/SCADA Security Essentials
Advanced GRID: GIAC Response and Industrial Defense ICS515: ICS Active Defense and Incident Response
Advanced GCIP: GIAC Critical Infrastructure Protection ICS456: Essentials for NERC Critical Infrastructure Protection

Offensive Operations
Level GIAC Certification Affiliate Training
Intermediate GCIH: GIAC Certified Incident Handler SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
Advanced GEVA: GIAC Enterprise Vulnerability Assessor SEC460: Enterprise Threat and Vulnerability Assessment
Advanced GPEN: GIAC Certified Penetration Tester SEC560: Network Penetration Testing and Ethical Hacking
Advanced GWAPT: GIAC Web Application Penetration Tester SEC542: Web App Penetration Testing and Ethical Hacking
Advanced GPYC: GIAC Python Coder SEC573: Automating Information Security with Python
Advanced GMOB: GIAC Mobile Device Security Analyst SEC575: Mobile Device Security and Ethical Hacking
Advanced GCPN: GIAC Cloud Penetration Tester SEC588: Cloud Penetration Testing
Advanced GAWN: GIAC Assessing Wireless Networks SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses
Advanced GXPN: GIAC Exploit Researcher and Advanced Penetration Tester SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

Digital Forensics & Incident Response
Level GIAC Certification Affiliate Training
Intermediate GCFE: GIAC Certified Forensics Examiner FOR500: Windows Forensic Analysis
Intermediate GBFA: GIAC Battlefield Forensics and Acquisition FOR498: Battlefield Forensics & Data Acquisition
Advanced GCFA: GIAC Certified Forensic Analyst FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
Advanced GNFA: GIAC Network Forensic Analyst FOR572: Advanced Network Forensics and Analysis
Advanced GCTI: GIAC Cyber Threat Intelligence FOR578: Cyber Threat Intelligence
Advanced GASF: GIAC Advanced Smartphone Forensics FOR585: Advanced Smartphone Forensics
Advanced GREM: GIAC Reverse Engineering Malware FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Cloud Security
Level GIAC Certification Affiliate Training
Advanced GWEB: GIAC Certified Web Application Defender SEC522: Defending Web Applications Security Essentials
Advanced GCSA: GIAC Cloud Security Automation SEC540: Cloud Security and DevOps Automation
Advanced GCLD: GIAC Cloud Security Essentials SEC488: Cloud Security Essentials
Advanced GPCS: GIAC Public Cloud Security SEC510: Public Cloud Security: AWS, Azure, and GCP

Management & Leadership
Level GIAC Certification Affiliate Training
Intermediate GISP: GIAC Information Security Professional MGT414: SANS Training Program for CISSP® Certification
Advanced GSLC: GIAC Security Leadership Certification MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™
Advanced GSTRT: GIAC Strategic Planning, Policy, and Leadership MGT514: Security Strategic Planning, Policy, and Leadership
Advanced GCPM: GIAC Certified Project Manager Certification MGT525: IT Project Management and Effective Communication
Advanced GLEG: GIAC Law of Data Security & Investigations LEG523: Law of Data Security and Investigations
Advanced GSNA: GIAC Systems and Network Auditor AUD507: Auditing & Monitoring Networks, Perimeters & Systems
Advanced GCCC: GIAC Critical Controls Certification SEC566: Implementing and Auditing the Critical Security Controls - In-Depth

GIAC Security Expert
Level GIAC Certification
Expert GSE: GIAC Security Expert

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*