GIAC Security Operations Certified (GSOC) icon

GIAC Security Operations Certified (GSOC)

Practitioner Certification

The GIAC Security Operations Certified (GSOC) certification validates a practitioner's ability to defend an enterprise using essential blue team incident response tools and techniques. GSOC-certified professionals are well-versed in the technical knowledge and key concepts needed to run a security operations center (SOC).

Areas Covered

  • SOC monitoring and incident response using incident management systems, threat intelligence platforms, and SIEMs
  • Analysis and defense against the most common enterprise-targeted attacks
  • Designing, automating, and enriching security operations to increase efficiency

Who is GSOC for?

  • Security Analysts
  • Incident Investigators
  • Security Engineers and Architects
  • Technical Security Managers
  • SOC Managers looking to gain additional technical perspective on how to improve analysis quality, reduce turnover, and run an efficient SOC
  • Anyone looking to start their career on the blue team 

Exam Format

  • 1 proctored exam
  • 75 questions
  • 2 hours
  • Minimum passing score of 67%


NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Exam Certification Objectives & Outcome Statements

  • Analytic Design and Tuning
    The candidate will understand how to design, enrich, test, share, and improve analytics.
  • Blue Team Defense Concepts
    The candidate will be able to explain the purpose of a SOC / Blue Team, its role in organizational risk, and common SOC monitoring and incident response methods.
  • Endpoint Defense
    The candidate will be familiar with common endpoint attacks, how to defend against them, and how endpoints log events.
  • HTTP(S) Analysis and Attacks
    The candidate will understand how to identify common attacks against HTTP(S) traffic, and how to defend against them.
  • Interpreting Events
    The candidate will be familiar with common events in Windows and Linux, how those events are represented and located in logs, and how to extract information from potentially malicious files.
  • Intrusion Triage and Analysis
    The candidate will understand how to prioritize incidents, and how to include organizational factors in analysis and response.
  • Network Traffic Analysis
    The candidate will have a high-level understanding of the architecture and monitoring of enterprise networks, how to review network traffic, and identify and protect against DNS attacks.
  • Operational Improvement
    The candiate will understand how to improve Blue Team operational efficiency through automation of tasks, orchestration of response, and training.
  • Protocol Attacks and Analysis
    The candidate will understand the purpose of common network protocols (such as SMTP, SMB, DHCP, ICMP, FTP, and SSH), common attack tactics, how to defend against them.
  • SOC Management Systems
    The candidate will be familar with the role and function of common Incident Management Systems, Threat Intelligence Platforms, and SIEMs.

Other Resources

  • Training is available in a variety of modalities including live conference training, online, and self-study.
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or study through another program may meet the needs for mastery.
  • Get information about the procedure to contest exam results.
  • *No specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering computer information security. Another option is any relevant courses from training providers.

Practice Tests

  • These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
  • Practice exams are a gauge to determine if your preparation methods are sufficient.
  • The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
  • Practice exams never include actual exam questions.
  • Purchase a GSOC practice test here.
  • GIAC recommends leveraging additional study methods for test preparation.

Find Affiliate Training

Explore affiliate training options to prepare for your GIAC certification exam.