GIAC Security Leadership (GSLC) icon

GIAC Security Leadership (GSLC)

Practitioner Certification

The GIAC Security Leadership (GSLC) certification validates a practitioner's understanding of governance and technical controls focused on protecting, detecting, and responding to security issues. GSLC certification holders have demonstrated knowledge of data, network, host, application, and user controls along with key management topics that address the overall security lifecycle.


Areas Covered

  • Building a security program that meets business needs
  • Managing security operations and teams
  • Managing security projects and the lifecycle of the program

Who is GSLC for?

  • Information security managers
  • Security professionals with leadership responsibilities
  • IT and other managers

Exam Format

  • 1 proctored exam
  • 115 questions
  • 3 hours
  • Minimum passing score of 70%

Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GSLC exam has been determined to be 70% for all candidates receiving access to their certification attempts on or after June 17, 2023. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at


NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Exam Certification Objectives & Outcome Statements

  • Cryptography Concepts for Managers
    The candidate will demonstrate knowledge of common cryptographic terminology, and an understanding of how symmetric, asymmetric, and hashing encryption works
  • Incident Response and Business Continuity
    The candidate will demonstrate an understanding of the phases of incident response, and managing business continuity and disaster recovery programs
  • Managing a Security Operations Center
    The candidate will demonstrate an understanding of the components, structure, and management of a Security Operations Center (SOC)
  • Managing Application Security
    The candidate will demonstrate an understanding of security issues affecting software, including infrastructure as code, as well as integrating security into the software development lifecycle (SDLC) and DevOps processes
  • Managing Cloud Security
    The candidate will demonstrate an understanding of cloud-based services and platforms, and managing the security and risks of cloud-based infrastructure
  • Managing Encryption and Privacy
    The candidate will demonstrate an understanding of using encryption to secure data in transit or at rest, and how to identify and address privacy and compliance requirements
  • Managing Negotiations and Vendors
    The candidate will demonstrate an understanding of effective negotiation and vendor management techniques
  • Managing Projects
    The candidate will demonstrate familiarity with project management methodology, terminology, and how to gain support from the business
  • Managing Security Awareness
    The candidate will demonstrate an understanding of how to assess an organization's human risks and build a security awareness program that can mature with the organization's security program
  • Managing Security Policy
    The candidate will demonstrate an understanding of the role of security policies, standards, guidelines, processes, and baselines in meeting an organization's security needs and risk appetite
  • Managing System Security
    The candidate will demonstrate an understanding of common types of client-side attacks and malicious code, and the strategies used to monitor and protect endpoints
  • Managing the Program Structure
    The candidate will be able to design a security program with an understanding of organizational culture and reporting structures, program governance, and managing personnel
  • Network Monitoring for Managers
    The candidate will demonstrate an understanding of centralized logging and monitoring strategies and tools, including SIEM, SOAR, and machine learning technologies
  • Network Security Architecture
    The candidate will demonstrate an understanding of security architecture, trust models, and security controls for addressing common network threats and vulnerabilities
  • Networking Concepts for Managers
    The candidate will demonstrate an understanding of network protocols, technologies, and common network threats
  • Risk Management and Security Frameworks
    The candidate will demonstrate the ability to evaluate and manage risk in alignment with business objectives and adopting security frameworks and risk management techniques to help mature the security program
  • Vulnerability Management
    The candidate will demonstrate an understanding of how to build a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities

Other Resources

  • Training is available in a variety of modalities including live training and OnDemand
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or self paced study through another program or materials may meet the needs for mastery.
  • Get information about the procedure to contest exam results.

Practice Tests

  • These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
  • Practice exams are a gauge to determine if your preparation methods are sufficient.
  • The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
  • Practice exams never include actual exam questions.
  • Purchase a GSLC practice test here.
  • GIAC recommends leveraging additional study methods for test preparation.

Find Affiliate Training

Explore affiliate training options to prepare for your GIAC certification exam.