- SOC monitoring and incident response using incident management systems, threat intelligence platforms, and SIEMs
- Analysis and defense against the most common enterprise-targeted attacks
- Designing, automating, and enriching security operations to increase efficiency
Who is GSOC for?
- Security Analysts
- Incident Investigators
- Security Engineers and Architects
- Technical Security Managers
- SOC Managers looking to gain additional technical perspective on how to improve analysis quality, reduce turnover, and run an efficient SOC
- Anyone looking to start their career on the blue team
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 67%
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Analytic Design and Tuning The candidate will understand how to design, enrich, test, share, and improve analytics.
- Blue Team Defense Concepts The candidate will be able to explain the purpose of a SOC / Blue Team, its role in organizational risk, and common SOC monitoring and incident response methods.
- Endpoint Defense The candidate will be familiar with common endpoint attacks, how to defend against them, and how endpoints log events.
- HTTP(S) Analysis and Attacks The candidate will understand how to identify common attacks against HTTP(S) traffic, and how to defend against them.
- Interpreting Events The candidate will be familiar with common events in Windows and Linux, how those events are represented and located in logs, and how to extract information from potentially malicious files.
- Intrusion Triage and Analysis The candidate will understand how to prioritize incidents, and how to include organizational factors in analysis and response.
- Network Traffic Analysis The candidate will have a high-level understanding of the architecture and monitoring of enterprise networks, how to review network traffic, and identify and protect against DNS attacks.
- Operational Improvement The candiate will understand how to improve Blue Team operational efficiency through automation of tasks, orchestration of response, and training.
- Protocol Attacks and Analysis The candidate will understand the purpose of common network protocols (such as SMTP, SMB, DHCP, ICMP, FTP, and SSH), common attack tactics, how to defend against them.
- SOC Management Systems The candidate will be familar with the role and function of common Incident Management Systems, Threat Intelligence Platforms, and SIEMs.
- Training is available in a variety of modalities including live conference training, online, and self-study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or study through another program may meet the needs for mastery.
- Get information about the procedure to contest exam results.
- *No specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering computer information security. Another option is any relevant courses from training providers.