www.giac.org




Registration for GSE is open.

You may apply for the GSE if you have the pre-requisite certifications. For GSE they are GSEC, GCIA, and GCIH with 2 of 3 gold. Once your application is approved (pending an voice interview) you may register for the multiple choice exam associated with your chosen path and pay the discounted $399 fee. Upon passing the multiple choice exam you are eligible to attempt the GSE hands-on lab. The lab fee is an additional $1099. The GSE lab will be offered December 11th and 12th this year at CDI East in Washington, DC.

"Those who have made the effort to complete the gold papers and the certifications should really consider sitting the GSE exams."

"The experience is well worth it. Planning for the exam is a process that makes you learn and sharpens your professional skills. More importantly, the contacts you make through the process really add value to it." Craig Wright - GSE-Compliance, GSE-Malware

The GSE exam is by far the most prestigious in the IT Security industry, period. The current exam was developed by subject matter experts and the top practitioners in the industry. Its performance based, hands-on nature makes it stand out in the IT Security industry. The GSE will determine if a candidate has truly mastered the wide variety of skills required by top security consultants and individual practitioners.

"The GSE shouldn't give you any problems if you have a handle on the material and some well-rounded real world experience." Jared McLaren - GSE

The GSE exam is given in two parts. The first part is a multiple choice exam which may be taken at a proctored location just like any other GIAC exam. Passing this exam qualifies a person to sit for the GSE hands-on lab. The first day of the two day GSE lab consists of a rigorous battery of hands on exercises drawn from all of the domains listed below. The second day consists of on Incident Response Scenario that requires the candidate to analyze data and report their results in a written incident report as well as an oral report.

GSE Skillset

The skills required to successfully complete the GSE exam can be broken up into three major groups:

To get more information on the skillsets for each group and to find out which SANS course can help you obtain these skills, click HERE.

"Technically speaking The GSE-M was challenging but fair. Passing the GSE was not only about proving technical abilities but also about showing that I have well rounded abilities and the motivation and enthusiasm as well." Andrew Martin - GSE-Malware

If you are ready to sit for the GSE exam you will need the following:

We will also provide a virtual network of targets and other machines needed to complete the exercises hosted on our servers. We will provide a USB drive with the virtual machines and tools needed to complete the hands on portion of the exercises including the following:

To ensure a level playing field for all candidates, you will not be permitted to use any pre-installed favorite tools that you may have on your laptop. To complete the exercises you must exclusively use the tools and virtual machines provided by GIAC. Failure to comply will result in dismissal from the examination.

The following is a partial list of some tools and techniques you can expect to encounter during GSE exercises.

Before a person can attempt the GSE, they must successfully complete three GIAC certifications (GSEC, GCIA and GCIH) with GIAC Gold in at least two. In addition, you must have real world, hands on experience in these subject areas. The GSE hands on examination ensures each candidate has a high-degree of competence in each of the objectives listed below.

All exercises are derived from the following general objectives

Objective Outcome - The GIAC promise is that holders of the GSE will have the following capabilities.
IDS and Traffic Analysis Domain
Capture Traffic Demonstrate competence with common IDS tools a techniques for capturing traffic.
Analyze Traffic Demonstrate the ability to decipher the contents of packet capture headers.
Interpret Traffic Make correct judgments as to the nature of traffic to or from specific hosts in packet captures.
IDS Tools Demonstrate proficiency using common Open Source IDS tools including Snort, tcpdump, and Ethereal
Incident Handling Domain
IH Process Demonstrate mastery of the Incident Handling process.
Common Attacks Demonstrate a broad knowledge of computer and network attacks.
Malware Demonstrate solid understanding of malware and how to handle infected computers.
Preserving Evidence Demonstrate the ability preserve evidence relevant to an Incident investigation.
ITSEC Domain
Windows Security Demonstrate general knowledge of Windows Security and proficiency in a Windows environment.
Unix Security Demonstrate knowledge of Unix Security and proficiency in a Unix environment.
Secure Communications Demonstrate an understanding of basic cryptography principles, techniques, and tools.
Protocols Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS, and other common protocols.
Security Principles Consistently demonstrate and practice bedrock security principles.
Security Technologies Domain
Firewalls Demonstrate competence with firewalls.
Vulnerability Scanners, and Port Scanners Demonstrate competence with scanning tools including vulnerability and port scanners.
Sniffers and Analyzers Demonstrate competence with Sniffers and Protocol Analyzers
Common Tools Demonstrate competence with common tools including netcat, SSH, Ettercap, p0f, etc...
Soft Skills Domain
Security Policy and Business Issues Demonstrate an understanding of the security policy and business issues including continuity planning.
Information Warfare and Social Engineering Demonstrate an understanding of Information Warfare and Social Engineering.
Ability To Write Demonstrate the ability to write quality technical reports or articles.
Ability to Present Demonstrate the ability to successfully present their research to an audience of their peers.
Ability to Analyze Demonstrate the ability to analyze complex problems that involve multiple domains and skills.
Teamwork Demonstrate the ability to work with team members who are taking the same exam.

Note: Specific versions of tools, operating systems, and objectives are subject to change without prior notice.

Certified Professionals

Those who pursue an in-depth technical education in all areas of information security are the target audience for the GSE certification. Knowledge in a particular area, Intrusion Detection or Incident Handling are both important and valuable. Individuals who earn any of the GIAC certifications have worked hard, demonstrated essential technical skill, and should rightfully take pride in their accomplishment. But individuals who make the effort to not only learn, but to master all of the essential elements of information security belong in a very special group. These individuals will be the elite of Information Security, the top practitioners in the field. Candidates who receive and maintain all of the GSE track certifications*, earn gold status in at least 2 certifications are eligible to sit for the GIAC Security Expert (GSE) certification.

GIAC Testing and Certification offers individuals the opportunity to demonstrate their comprehensive and real world knowledge through intensive testing subject areas including Information Security, Intrusion Detection and Incident Handling. The SANS Institute offers training to prepare you for these certifications through conferences and other learning opportunities.


Number of certified professionals: 23,593
CDI 2008 - skyscraper