Cybersecurity Certifications

Cybersecurity Certifications

Security Management, Legal, & Audit Certifications

Enterprise security isn't just the responsibility of an organization's cybersecurity professionals. Keeping the business secure requires input from all levels of leadership. Managers need technical knowledge as well as traditional management skills to be effective leaders for their infosec teams. GIAC's Management certifications confirm the practical skills to build and lead security teams, communicate with both technical teams and business leaders, and develop capabilities that strengthen your organization's security posture.

GIAC with CyberLive

Real world, virtual machine testing for specialized certifications

CyberTalent Assessments

Measure your skills and competency levels to decide what's next


Prove your ability to be an effective leader of cybersecurity teams.

Learn More


Prove your knowledge of the law related to information security.

Learn More


Confirm your ability to conduct audits of information systems.

Learn More

"I am GIAC Security Leadership certified. GSLC is important to me because I didn't just learn about security, I also learned how to manage security. The GSLC was beneficial for me, for my team, and for my organization. The GIAC GSLC offers great ROI." - Mirza Ahmed, GSLC, GSNA, GCCC

Management Certifications

GIAC Security Leadership Certification (GSLC)

The GSLC certification validates a practitioner's understanding of governance and technical controls focused on protecting, detecting, and responding to security issues.

  • Cryptography concepts & applications and networking concepts & monitoring for managers
  • Managing a SOC, application security, negotiations and vendors, and program structure
  • Managing security architecture, security awareness, security policy, and system security
  • Risk management & security frameworks, vulnerability management, incident response & business continuity

Affiliated Training: MGT512: Security Leadership Essentials for Managers

GIAC Strategic Planning, Policy, and Leadership (GSTRT)

The GSTRT certification validates a practitioner's understanding of developing and maintaining cyber security programs as well as proven business analysis, strategic planning, and management tools.

  • Business and Threat Analysis
  • Security Programs and Security Policy
  • Effective Leadership and Communications

Affiliated Training: MGT514: Security Strategic Planning, Policy, and Leadership

GIAC Certified Project Manager (GCPM)

The GCPM certification validates a practitioner's knowledge of technical project management methodology and implementation.

  • Project management structure and framework
  • Time and cost management, communications, and human resources
  • Quality and risk management, procurement, stakeholder management, and project integration

Affiliated Training: MGT525: IT Project Management and Effective Communication

GIAC Law of Data Security & Investigations (GLEG)

The GIAC Law of Data Security & Investigations (GLEG) certification validates a practitioner's knowledge of the law regarding electronically stored and transmitted records.

  • Business Policies and Compliance, Contracts and Third-Party Agreements
  • Data Retention and E-Discovery, Fraud and Misuse
  • Intellectual Property, Privacy and PII

Affiliated Training: LEG523: Law of Data Security and Investigations

Audit Certifications

GIAC Systems and Network Auditor (GSNA)

The GSNA certification validates a practitioner's ability to apply basic risk analysis techniques and to conduct technical audits of essential information systems.

  • Auditing, risk assessments, and reporting
  • Network and perimeter auditing and monitoring, web application auditing
  • Auditing and monitoring in windows and Unix environments

Affiliated Training: AUD507: Auditing & Monitoring Networks, Perimeters & Systems

GIAC Critical Controls Certification (GCCC)

The GCCC certification proves that practitioners have the knowledge and skills to implement and execute the Critical Security Controls and perform audits based on that standard.

  • Background, purpose, and implementation of the 20 CIS controls
  • Account monitoring, application software security, and boundary defense,
  • Data protection and data recovery capability, control of hardware and software assets and network ports
  • Maintenance, monitoring, and analysis of audit logs, secure configurations, and wireless access control

Affiliated Training: SEC566: Implementing and Auditing the Critical Security Controls - In-Depth