What Is GIAC Certification? A Guide

The Global Information Assurance Certification (GIAC) is a worldwide, industry-leading certification entity specialising in information security. The SANS Institute, a cybersecurity think tank, founded the organisation in 1999. In the years since it has built a reputation for developing some of the world's most rigorous and well-recognised information security certification standards. 

GIAC provides more than 60 information security-related certifications for professionals [1]. Each certification covers a skill-specific domain or focus area, such as ethical hacking, cyber defence, and penetration testing. 

Obtaining a SANS GIAC certification is a credible way to validate your cybersecurity knowledge and let employers know you’re trained in the latest information security thinking and techniques. 

What is GIAC certification?

GIAC certification ensures that cybersecurity professionals meet and demonstrate specific levels of technical proficiency. You’ll get hands-on training in the latest cybersecurity skills across various roles, meaning you can put your certification expertise to work immediately.

Certification types

Becoming certified through GIAC means you have learned and mastered cybersecurity fundamentals. GIAC now offers stackable certifications that validate your cybersecurity abilities:

• Practitioner certifications: These options offer those new to certification options to build foundational knowledge and credibility across a spectrum of infosec topics. GIAC currently offers them in areas such as offensive operations, cyber defence, cloud security, DFIR, management, and ICS. Practitioner Certifications are stackable, meaning you can use them to build toward GIAC's more advanced applied knowledge and portfolio certifications.

• Applied knowledge certifications These credentials provide a more challenging tier of subject matter and testing intended to validate certification holders' expertise. The hands-on exams showcase testers' technical knowledge and skills by solving complex real-world security scenarios.

• Portfolio certifications: These programmes allow security professionals to use stackability to customise their credentials around specific skill sets. GIAC Security Professionals (GSPs) is the first tier of portfolio certification (any three Practitioner Certifications plus two Applied Knowledge Certifications), followed by the highest certification level (any six Practitioner Certifications plus four Applied Knowledge Certifications), the GIAC Security Expert (GSE).

How long does certification take?

GIAC candidates preparing for the Practitioner exam spend an average of 55 hours or more studying [2]. The majority take an average of one practice exam before sitting for the official certification exam [2]. 

Certification renewal

GIAC certifications last four years, after which you’ll need to renew in one of two ways: 

• Retake the exam.

• Collect 36 continuing professional education (CPE) credits during the four years your certification is active [3].

How much does certification cost?

Renewal costs 499 USD every four years [4]. To cost of initial certification will vary depending on the certification level and type of exam (extensions, retakes, etc.) [5].

GIAC certification focus areas

You can classify GIAC certifications into six focus areas:

• Offensive operations

• Cyber defence

• Cloud security

• Industry control systems

• Cybersecurity leadership

• Digital forensics and incident response

Each area tests candidates on the skills necessary to meet the cybersecurity standards of firms across industries. 

Offensive operations

Offensive operations GIAC certifications focus on various security topics related to maintaining and securing devices, systems, networks, and hardware. You can expect to build vital skills necessary for identifying, assessing, and resolving flaws, threats, and breaches. Completing an offensive operations certification qualifies you to work with purple, exploit, and red development teams.

Cyber defence

With cyber defence GIAC certifications, you’ll develop skills to prevent and mitigate cyberattacks. You will learn how to identify cyber actions that threaten security against systems, devices, or other IT resources, and best practices for actively countering intrusions.

Cloud security

You’ll learn how to protect against data loss and design environments that detect and resolve threats, help minimise damage and prioritise remediation when necessary.

Cybersecurity and leadership

Learn to build, manage, and lead security teams and best practices for incorporating organisational leadership insight and input into security practices to help strengthen organisations’ security frameworks.

Industrial control systems

With a GIAC industrial control systems certification, you’ll learn to protect and defend information and data for essential infrastructure, such as power grids, telecommunications, and manufacturing systems, that play a crucial role in organisational and industry processes. 

Digital forensics and incident response

Strengthen your ability to identify when a system has been compromised and know what action to take to employ and preserve remediation.

Benefits of GIAC certification

Each focus area covered through GIAC certifications aligns with the cybersecurity needs of government, military, and business industry organisations worldwide. When you decide to pursue GIAC certification, you're putting yourself on the path to enhancing your skills and knowledge in the areas of infosec and cybersecurity. 

A GIAC certification:

• Represents a quantifiable understanding of the information security field

• Offers a path for you to build the specific skills and expertise you need to succeed in a cybersecurity role

• Demonstrates job readiness

• Serves as evidence of training and technical skills that align with career interests

• Illustrates your understanding of the current industry standards

• Certifies you as a trained professional

Is GIAC certification right for you?

GIAC certifications require your time and financial investment. But becoming GIAC certified will add another layer of industry-approved value to your qualifications. GIAC certification could be suitable for you if you will benefit from: 

• Choosing from an extensive range of certifications

• Obtaining certifications for job-focused tasks

• Leveraging access to a large community of cybersecurity professionals

Taking the next step in your cybersecurity career

GIAC is an internationally recognised certification that can help you in multiple areas of your cybersecurity career. However, you’ll also find other certificates and certifications available to aid your career. 

Start building job-ready skills in cybersecurity with the Google Cybersecurity Professional Certificate on Coursera. Get hands-on experience with industry tools and examine real-world case studies. Upon completion, you’ll have a certificate for your CV, which can prepare you to explore job titles like security analyst, SOC (security operations centre) analyst, and more.

Frequently asked questions (FAQs)