Most In-Demand Certifications from GIAC

Thousands of information security professionals around the world received their “masters” level certifications from the SANS Institute’s Global Information Assurance Certification (GIAC). The SANS GIAC program remarkably highly specialized certifications intended to enable security professionals the opportunity to confirm their expertise in their chosen field.

GIAC Certified Incident Handler (GCIH) Certification, GIAC Security Essentials Certification (GSEC), GIAC Certified Intrusion Analyst (GCIA) Certification, GIAC Certified Forensic Analyst (GCFA) Certification, GIAC Penetration Tester (GPEN) Certification, GIAC Security Leadership (GSLC) Certification, GIAC Certification, GCIH Online Test, GCIH Practice Test, GCIH Syllabus, GCIH Certification Syllabus, GIAC Penetration Testing Certification, GSEC Practice Test, GSEC Syllabus, GSEC Certification Syllabus, GIAC Cyber Defense Certification, GSEC Study Guide, GSEC Online Test, GCIA Online Test, GIAC GCIA Certification, GCIA Practice Test, GCIA Syllabus, GCIA Certification Syllabus, GIAC GCIA Training, GIAC Penetration Testing Certification, GPEN Online Test, GPEN, GIAC GPEN Certification, GPEN Practice Test, GPEN Study Guide, GPEN Syllabus, GPEN Books, GPEN Certification Syllabus, GIAC GPEN Training, GIAC GPEN Books, GSLC Online Test, GSLC, GIAC GSLC Certification, GSLC Practice Test, GSLC Study Guide, GSLC Syllabus, GSLC Books, GSLC Certification Syllabus, GIAC GSLC Training, GIAC Management Audit Legal Certification, GIAC GSLC Books

Certification topics from the SANS Institute comprise security essentials, intrusion detection, hacking techniques, and incident response, mobile device security, network defense, auditing, digital forensics, and relevant security topics. The "information" component of SANS includes the SANS Reading Room, a comprehensive library of downloadable security research documents; the Internet Storm Center, which controls and reports on mean attacks and presents weekly bulletins and alerts; free security policy templates; the CIS Critical Security Controls for cyber defense and more.

Some of these certifications invite to general audiences and have thousands of certificate holders, others are extremely focused and have only a few hundred certified professionals. In this article, we review the some most in-demand SANS GIAC certifications and explain how they can develop your information technology career.

GIAC Certified Incident Handler (GCIH)

Given the number of security incidents reported lately, there’s a high need for proficient incident response personnel. That’s one of the reasons that at least 25,546 individuals have obtained the GIAC Certified Incident Handler (GCIH) certification. The GCIH certification exam includes the steps of the incident handling process, understanding of identifying and noticing attacks and vulnerabilities and identifying the root motives of security incidents to better controls and prevent future incidents.

The GCIH exam, administered through the Pearson VUE proctored testing centers, needs completing a 150 question exam within a four-hour time. Applicants must obtain a passing score of 72 percent by answering 108 of the exam questions accurately. Applicants may prepare for the GCIH through a blend of practical experience, training, and self-study.

GIAC Security Essentials Certification (GSEC)

GIAC does offer some certifications that have mass market demand, and it’s no wonder that one of them is the most popular GIAC certification. More than 37,106 individuals hold the entry-level GIAC Security Essentials Certification (GSEC). That’s nowhere near to the more than 100,000 individuals holding the more well-known Certified Information Systems Security Professional (CISSP) and more than 45,000 individuals with the CompTIA Security+ certification. While CISSP and Security+ remain to rule the general security certification field, however, GSEC definitely holds a decent market share.

Achieving your GSEC certification demands passing a single multiple-choice exam given through a proctored testing center. The exam consists of 180 questions and applicants have five hours to complete the test. Topics included in the exam cover the extent of information security, from network security to setting operating systems and managing security incidents. Earning the certification requires obtaining a minimum passing score of 73 percent, which explains to giving correct answers for 132 of the exam questions.

GIAC Certified Intrusion Analyst (GCIA)

Appearing in fourth is yet another certification concentrated on responding to thriving security attacks. The GIAC Certified Intrusion Analyst (GCIA) certification focuses on ensuring that candidates can configure and monitor intrusion detection systems, identifying and interpreting the signs of an attack. More than 10,687 individuals own the GCIA certification. The exam topics for GCIA are extremely technical, rooting in on the security and networking skills required to work sincerely with intrusion detection systems. Topics comprised in the exam syllabus include creating intrusion detection rules, practicing the Wireshark protocol analyzer, tuning IDS performance and correlating outcome with an output from other security systems.

As with other GIAC certifications, obtaining the GCIA certification needs completing a proctored exam. The GCIA exam comprises 150 questions administered over four hours. The passing score for GCIA exam is 67 percent, corresponding to answering 101 questions rightly to join the best ranks of GCIA certified security professionals.

GIAC Certified Forensic Analyst (GCFA)

The next most in-demand certification also comprises the skills required in the aftermath of a security incident. The GIAC Certified Forensic Analyst (GCFA) certification certifies that an applicant has the skills required to gather and interpret security data from both Windows and Linux systems in the wake of an intrusion or another event. Currently, more than 11,028 individuals own the GCFA certification. Exam syllabus topics include deep forensic skills, including file carving and data extraction, file system structures, acquiring and preserving forensic images, managing timeline analysis and managing volatile data.

The GCFA exam is concise than other GIAC certification exams, coming in at 115 questions administered over three hours. Passing the exam requires answering 80 questions rightly to achieve the passing score of 69 percent.

GIAC Penetration Tester (GPEN)

It isn’t until we approach the fifth slot on the top certifications list that we find a specific certification that concentrates on preventing attacks, rather than answering to successful system gaps. The GIAC Penetration Tester (GPEN) certification ensures employers that a security professional has the expertise required to assess systems and networks to recognize known vulnerabilities. The exam itself includes penetration testing techniques, legal issues, and technical approaches to penetration testing.

GSEC certification is a multiple choice examination. As with GCFA, the GPEN exam is on the shorter side with 115 questions to answer in three hours. The passing score for this exam is 74 percent, expecting that applicants answer 86 questions rightly.

GIAC Security Leadership (GSLC)

Technical managers looking to work in the information security field also may crave to approve their skills. The GIAC Security Leadership (GSLC) certification is composed of these individuals in mind. It carries some of the technical topics found on the GSEC exam, such as software security, network security, and attack techniques. Also, applicants will find a variety of security management topics that would be less applicable to technical professionals. These include writing security policy, conducting negotiations, governing legal liability, leading staff and understanding the total cost of ownership (TCO).

The multiple choice exam for the GSLC certification comes in with 150 questions. Applicants have four hours to answer the 102 questions rightly to obtain a passing score of 68 percent.


The GIAC certifications are some of the mainstay certifications of the information security field. If you already own a foundation level security certification, such as the Security+, CISSP or GIAC GSEC certification that confirms your understanding of security knowledge, considering getting one of the GIAC certifications to confirm your knowledge in one or more restricted areas of technical expertise. In addition to the most in-demand certifications covered in this article, GIAC offers a broad variety of other certifications, covering security administration, software security, legal issues, auditing, and other topics.

Rating: 5 / 5 (26 votes)