Frequently Asked Questions

GIAC Certification Information

How do I apply for GIAC Gold?

Once an individual has earned GIAC Silver Certification, an option will appear in their Portal ( https://portal.sans.org ) account to apply for GIAC Gold. This option will only be available for as long as the individual maintains a valid GIAC Silver Certification.The individual has to maintain their GIAC Silver Certification while working on their GIAC Gold Certification. To apply for GIAC Gold Certification, an individual must complete the application form in the Portal account. The more initial information that is provided, the more likely it can be accepted promptly. Once the concept is accepted, the individual will need to pay the registration fee and will be contacted by their assigned GIAC Gold Adviser within 5 business days to begin setting the path to completion. The complete timeframe to complete the technical paper is six months.

What do I have to do to be a part of the GIAC Advisory Board?

Students who receive a total average score of 90% or above on GIAC certification exams are invited to join the GIAC Advisory Board. For example, most GIAC certifications require two exams, a score of 96% on the first exam and a score of 85% on the second exam, would qualify you for the advisory board, since the average score of the two exams is 90% or above. A score of 90% on the first exam and 80% on the second exam does not qualify you for the advisory board.

How do the certifications relate to each other?

The courses and certifications are designed to be taken either independently, or in series. Students can pursue individual courses and certifications to focus on specific areas of interest or responsibility. Or, they can be taken sequentially, to provide a progressive education in information security, from basic concepts to in-depth technical knowledge. The certification listing is sorted by category to show areas of similar study. 300 level courses are the lowest level, going up to 600 level being the most advanced courses. The GSEC is intended to ensure that graduates have a strong grounding in the fundamentals of information security and are prepared for the more specialized, technical certifications.

What do I need to do to earn the certification?

GIAC Silver certifications require one proctored exam. The exam will be delivered in a proctored environment through your portal account. For more information regarding the GIAC Proctor requirements, please see http://www.giac.org/proctor/. The exams are designed to test your knowledge of a subject and your ability to put that knowledge into practice. For specific certification requirements, please see the Certification Roadmap at http://www.giac.org/certifications/roadmap.php. For information on GIAC Gold certification, information will be posted at http://www.giac.org/gold/ as it becomes available.

What are the prerequisites to take the certification?

There are no official prerequisites to take the GIAC certifications. Any candidate who feels that he or she has the knowledge and ability to pass the certification requirements may take the certification. However, students should be aware of the technical level of the course they wish to take. The 500 level courses are more advanced than the 400 and the 400 more advanced than the 300. Be certain you are not starting at a level that is more difficult than you are prepared for. Some class descriptions provide a "quiz" to make sure you are prepared for that level course, such as Sec-502 and Sec-503 which assume that the student has a working knowledge of the technology in question and a firm grasp of TCP/IP. Please note that currently, some GIAC certifications are only offered in conjunction with a corresponding SANS training course. This is a temporary measure intended to allow us to fine-tune our certification process - to make sure that the exams are fair and objective, and that the courses themselves are comprehensive. A number of certifications are available for challenge; you can find a whole listing on the Challenge Certification page at http://www.giac.org/reginfo/challenge.php.

Do I have to take an Essentials certification before I take a higher level certification?

No. Security Essentials, Operations Essentials, Audit Essentials, and Management Essentials are all good starting points for the given area of study if you want a broad overview of security topics as opposed to focusing on a specific technology.

What is the difference between Silver and Gold certification?

The requirements for GIAC Silver certification is one proctored exam which demonstrates the candidate's knowledge of the subject matter. If a candidate wishes to further distinguish him or herself, GIAC Gold is a second level of certification which requires completion of a technical paper. Technical papers will cover an important area of security related to the certification the student is seeking. After completing the exam necessary to pass the GIAC Silver certification, students will have the option to apply for GIAC Gold Certification through their portal account. Candidates will work closely with an adviser through the process of developing their technical report. Once complete, the technical report will be reviewed for acceptance into the SANS Reading Room and the student earning GIAC Gold.

All GIAC certified professionals who previously completed a practical assignment under the old GIAC requirements are already considered GIAC Gold certified.

I am interested in GIAC Gold certification. Where can I find information?

Information on GIAC Gold can be seen at http://www.giac.org/gold/. Further information will be posted as it becomes available.

What kind of recognition does a GIAC certification get?

Current or prospective employers recognize GIAC certification as an indication of your demonstrated knowledge and skill in computer security. There are two basic differences between a GIAC certification and any other education or certification program. First, no one else covers this material! We have gone to extreme effort to fill in the gap, to identify the skills and knowledge that organizations wish their employees had and to find the faculty that could produce those courses. Second, you must master this material to pass. The "certificate suitable for framing" is not the purpose of the program. You are going to know the information and possess the skills that your employer desperately wants you to have. In fact, to earn a GIAC certification, you must prove you know how to do the tasks required. Employers who have reviewed the materials and the requirements have been unanimous in saying: "People who have this certification are exactly what we are looking for in our organization." In other words, the certifications will have the most valuable recognition of all - they'll be used to select employees for hiring and promotion.

Do I automatically earn a GIAC certification if I complete the course?

No. Earning a GIAC certification is a separate process. Simply completing the course does not mean that you are GIAC certified.

If I take the course, do I have to take the certification?

No. SANS Training and GIAC Certification are separate programs (though GIAC certifications are based on SANS training). SANS Training is intended to provide students with the best available education in the key areas of information security. GIAC Certifications are designed to provide an objective "benchmark" to show that an individual meets a minimum standard of skill and knowledge for people who want to demonstrate this ability for themselves or for a current or prospective employer. You do not have to take the certification if you take the course, though you have the option to do so.

Can I share my course materials with a colleague?

You can tell others what you have learned, but you can not show them the course materials, in hard copy or electronic format of pdfs and mp3s. You can not train anyone in your organization using any of our material for any reason, even as back-up to you.

How do I receive honors status?

To receive honors status, a student must hold a GIAC certification in which they have received a 90 or better on either of their exams

Why is my paper not posted in the SANS Reading Room?

By submitting your paper to GIAC, you are giving us the right to post it on our web site. We are also giving you the opportunity to be published. All certified students can find their papers posted under the appropriate certification listing. Naturally some papers are stronger or hold more community value than others. The best of the papers will also be placed in the Reading Room. It is an honor to be posted there, beyond the listing of all students.

What is the GSE (GIAC Security Expert) certification?

The GIAC Security Expert (GSE) is intended to represent the elite of the information security field.

Before a person can attempt the GSE, they must successfully complete three GIAC certifications (GSEC, GCIA and GCIH) with GIAC Gold in at least two.

The GSE became available in 2002.

Further information can be found at http://www.giac.org/certifications/gse.php.

Can you tell me how many certified students you have in specific countries?

At this point in time we are unable to give out geographical information on certified students. That may change, but for now, it's the case.

Challenge Certification

What is Challenge Certification?

GIAC Certification can be obtained separately from SANS training. Challenge Certifications are the same certifications available with SANS conference or self-study training, but without the training. When you register for a Challenge Certification, you will receive access to the certification exam(s). With registration for full certifications, you will also receive two sets of practice exams. You do not receive access to any course materials.

How long do I have to complete challenge exams?

Full certifications allow students 4 months from the date payment is received to complete your certification exams. STAR allows students 10 weeks to complete the exams.

Is there any difference between a Challenge Certification and the GIAC Certifications offered with SANS training?

No, they are exactly the same. The the exams and the certification are identical whether you challenge the certification or take it in conjunction with SANS training.

What if I start and find out I don't have time to finish?

The GIAC certifications must be completed within the specified time frame. Once you register to take the certification, your certification fee is non-refundable. Be sure you carefully consider the time commitment involved in completing the certification and plan accordingly.

How can I obtain an alumni discount code?

There is an alumni rate for students that have previously taken the specific SANS training for the certification or STAR they want to challenge. For example, if you previously took SANS Security Essentials through any of the SANS training programs (conference, online training, Local Mentor program, Instructor Led Online Training) you would be eligible for the discounted fee for the GSEC Challenge. The alumni rate for full certifications is $749 USD. The alumni rate for STAR is $75 USD.

Please email info@giac.org to obtain a discount code for registration. You must include the information on when, where, and through what venue you participated in the previous training. Please be sure to obtain the discount code before you register. Discounts cannot be applied to registrations that have already been submitted.

What if I buy a challenge certification and change my mind?

Challenge certifications are not transferable and may not be cancelled once the certification material has been accessed. If material has not been accessed, please email your cancellation request to tuition@sans.org. Please include your student name, email address, and student number. There is a $50 processing fee.

Are practice tests available?

Practice tests are currently available for most certifications. If practice tests are available for the certification, you will receive with your challenge registration two practice tests for each exam you will need to take to achieve certification. The practice tests will assist that student in preparing for the GIAC certification exam(s). The practice questions are written by the actual exam writers so you can be confident that the practice exams will be of the same quality as the actual exams. Additional practice tests can be purchased at http://www.giac.org/exams/practice.php.

If my certification expired and I challenge the certification now, will I earn Gold or Silver certification?

If you challenge the certification now, you have to start over from the beginning and complete the current certification requirements. If you take the exams, you will earn the GIAC Silver certification. If you want to obtain GIAC Gold certification, you can apply to do so. Your previous practical assignment will not count towards GIAC Gold. Information on GIAC Gold can be seen at http://www.giac.org/gold/.

Since I don't have access to SANS courseware, where can I obtain instructional materials to help me earn the certification?

Please review the course descriptions at http://www.sans.org to gain an understanding of what material is covered is covered in each course. Please be sure to look at each day of training. While we certainly recommend the SANS training as the best method of preparing for the GIAC Certifications since that is what they are based on, other resources can be purchased at most book stores. Additional materials, such as Step by Step guides and some of our author-instructors' additional books, as well as some free resources are also available from the SANS Bookstore at https://store.sans.org/.

Recertification

What is Recertification?: Recertification allows you to refresh you knowledge pertaining to the certification you received. With all the time and effort you put into your original certification, you learned a lot. If you do not continually refresh that knowledge it will disappear before you know it. Studying for the recertification exam is an excellent way to stay up-do-date with security information and new technologies.
Where can I find details on recertification?: http://www.giac.org/recert/
What is the recertification fee?: The recertification fee is $325 plus shipping fees for the current course books should you choose to purchase them. Certified individuals who must renew multiple certifications in a single calendar year can renew secondary certifications for a reduced fee of $200 plus any applicable shipping fees for the course books.
Will I receive the latest course material to study?: You will receive access to audio files, as available, of the course as presented at a recent conference through the "Self Study Files" link on your portal home page. You will also receive two sets of practice exams available from the "Practice Exams" link on your portal home page, and you will have access to recertification and deadline information through the "Certification Attempts" link.
How long do I have to complete my recertification?: You will have four months from the date your registration is processed to complete your review of the course materials and take the current certification exams. You will be taking exactly the same exams as current certification candidates.

Proctor Program

Why is GIAC switching to a single exam format?

After careful review, GIAC determined that there are benefits for both the candidates and to the GIAC program moving to a single exam format. Some of these benefits include:

More streamlined and efficient grading, which will help make the certification granting process smoother
Compliance with industry standard practices
More convenient for exam and proctor scheduling, which will help reduce the time and effort GIAC and the candidates will need to expend

Will I still need to take a proctored exam for a recertification?

Yes; recertifications will be handled in the same manner as initial certification exams. This helps ensure that the exam format is consistent and fair for all candidates.

Will I have to pay additional fees to take my proctored exam at a KRYTERION testing center?

No, candidates will not have to pay any additional fees when using an established KRYTERION proctored test site. If you choose to use a different proctored testing facility, there may be additional costs, which may vary depending upon your circumstances. Within this new exam policy, all GIAC certification attempts associated with attendance at a SANS training event are priced at $499. The price of a challenge exam will remain at $899.

Where are the specific proctored test sites, and what if there is not one in my area?

GIAC has selected KRYTERION as our primary partner to deliver proctored exams through their network of host locations. KRYTERION has nearly complete coverage in the United States, as well as many sites throughout the rest of the world that are in line with locations of current GIAC certification holders and candidates.

In cases where a KRYTERION test center location is not available to a candidate in a particular geographical area, GIAC will work with candidates to follow procedures similar to those outlined in the current GIAC proctor program. Please rest assured that GIAC will work with every candidate to set up an approved proctored environment to take their certification exams.

Please click here to find a KRYTERION testing center near you. It is possible for GIAC to work with KRYTERION to add additional test sites where there are defined coverage gaps. If you will be taking a GIAC proctored exam in the future and do not see a site near you, please fill out the form provided with your location specifics, so that we can work to get a site added near you.

Why is GIAC shifting to a fully-proctored certification policy?

Although the GIAC certification program has been certifying individuals over the past 7 years, recently established testing standards have been adopted by the industry at large, raising the bar for high stakes certification granting organizations. The move to full proctoring will bring GIAC in line with the established international standards, such as the ISO 17024 standard.

Will I have to take my exams proctored if I register before the switch-over date of 12/1/07?

The switch-over date is not specifically tied to registration dates or exact dates candidates take the exams. It is tied to when the certification attempt is made 'active' or available in your portal account. Any certification attempts that are activated on or after 12/1/07 will need to be proctored in accordance with the new program.

For example, if your certification attempt was activated in your portal account in November 2007 and you planned on taking your exams in February 2008, you will have the option to take your exam under the standards set forth by the new proctor program, but it will not be required. If your certification attempt is activated on or after December 1st, 2007, it will fall under the new program requirements. Because GIAC certification attempts have a four month validity period, there will be a four month transition phase after December 1st, 2007.

Is the testing format going to be the same, where you can see how many questions you have answered right or wrong and the time bars showing how much time you have left?

The test format will be basically the same, allowing you to see how much time you have left on the exam and giving real time notification of correct and incorrect responses. You will still be able to see right away if you pass or fail the exam.

Will we still be allowed to take our exams in open-book format?

The exams will still be open book, but not open internet or open computer. Candidates will be allowed to bring one back pack or briefcase filled with course books, reference material, printed notes, printed spreadsheets, etc., but no electronic devices such as extra computers, CD-ROM or USB flash drives will be allowed. Candidates will not be able to access anything stored electronically during the exam. We recommend that you print any study guide materials and bring them as hard, paper copies.

Proctored exam locations do have some space limitations, requiring the need to limit the volume of reference material allowed to a reasonable level. The testing process will only allow one connection out to the GIAC exam engine; it will not allow connections to private web pages, so any material posted to private web pages will not be accessible during the exams. Again, all study material must be in printed form.

Will the change to a single exam with no Internet access make the exams more difficult to pass?

Part of what makes a credential valuable is the differentiating point regarding who is able to achieve a passing score and who is not. Another part of what makes a credential valuable is the amount of work that individuals put into attaining it. GIAC exams are based on Certification Objectives that are derived from knowledge that holders of the certification must posses. The amount of study that individuals put into attaining certification prior to their exam date is valuable and often a deciding factor. Careful review of materials and preparation in advance of your exam will be a key to success.

How long will the new exams be? How many questions will there be?

For most certifications this will be 150 questions and four hour time limit. For GSEC it is 180 questions and five hour time limit.

I have already passed my first exam, what happens if I fail the second half after December 1st? Do I have to take the single proctored exam?

No. Since you were previously authorized to take two certification exams you will still be able to do that if you purchase a retake or extension.

I am planning to take the GSE soon, how will recertification under this new policy affect my existing certifications?

This is one of the major benefits of the platinum program. If you earn the GSE next year, all of your other GIAC certifications will remain valid, as long as the GSE is in good standing. You will need to recertify the GSE after four years and this will be a multi-faceted test that covers portions of all of the material; again this is one of the huge benefits of the platinum program for people who hold platinum certifications.

GIAC Certification Exams

I am under the two exam format, am I required to take both exams consecutively?

You need to pass the first exam to move onto the second exam. The second exam can be taken at anytime after that as long as it is completed before your final deadline.

What is a Proctored Exam?

Under the GIAC Proctor Policy students are required to take their Silver Certification exams in a proctored environment. For detailed information regarding the proctor requirements, please see http://www.giac.org/proctor/.

A GIAC qualified proctor will verify the identity of the student and ensure that the student does not use a phone, instant messaging software, or speak with any person during an exam. GIAC exams are open book and the student is permitted to reference texts, notes, indexes, written reference materials.

Can I see what I got wrong on my exam?

Unfortunately, we can't provide a question-by-question breakdown of what you got right and what you got wrong. If we did so, it would reveal too much information about the exam and possibly compromise the exam's integrity for future students. If you had issues with specific questions, you can note that in your exam evaluation form or send an email to examreview@giac.org. We do review the exams regularly for quality and review any questions that a student flags as potentially problematic. For information regarding the Exam Feedback Procedure, please see http://www.giac.org/feedback.php.

Where can I find what material will be on the exams?

The exam breakdown is listed in the Examination section of the "Certification Information - READ ME FIRST" page in your portal account.

Where do I take the exams?

What if I fail an exam?

If you fail an exam, your certification attempt is considered "incomplete / no pass". You then have two options as described below to register for a retake or challenge the certification, if available. A retake will only become available for registration if a certification exam has been failed. Retakes are available to certification candidates as a safety net, for those who attempt certification and don’t succeed on their first try. If you do not complete your requirements by the deadline, your certification attempt is considered over.

1. Register and pay for the retake to complete any outstanding portions of your certification. The retake fee is $199 for Silver certifications.

Retakes must be purchased before the expiration date of your current certification attempt as displayed in your portal account. ** If you do not purchase the retake before your deadline, your current certification attempt is considered void. If you reattempt the certification in the future, any work that you have completed for this certification attempt will not count. ** You may not purchase a retake more than two times during your entire certification attempt. A third failed or incomplete portion of your certification means your attempt is over. For instance, if you purchase retakes for two failed exams, you must pass your exam on the next attempt -- you cannot buy a retake if you fail a third time. ** IMPORTANT: course materials expire at the end of your four month access. Purchasing a retake does not extend your access to course materials. Make sure you download all materials you want to keep before your 4 months are over.

2. Register and pay for a Challenge Certification.

If your attempt for certification made in conjunction with conference or online training has not passed, any work you completed to date on that attempt will NOT count towards a Challenge Certification attempt. You will have to start your certification attempt over from the beginning.

** You may sign up for a Challenge Certification immediately (if it is available), or wait until a later time.

Can I get an extension?

Students can purchase an extension when their exams expire. Once your exams expire an extension option will appear in your portal account. You can purchase an extension for $200.00. An extension also gives you 1 month from your final deadline to complete the exams. There are no limits to how many extensions you can buy. Please note that this option is only available for 1 month after your certification expires.

When I take practice exams when does it provide me with the solutions to the answers I missed ?

During the practice tests, each time you choose a wrong answer, you will receive the correct answer and an explanation that will help to reinforce the subject matter presented in the question. The practice tests also include a counter that shows the current number of questions that you answered correctly, wrong and how many questions are left in the test.

Will I be able to print or view the practice exam after it has been taken?

You won't be able to print or view the exam after it has been taken.

GIAC Exam Technical Issues

What can I do to check and see if I am likely to have problems?: We have developed an automated test that you can use to help determine if you are likely to have problems during an exam. While nothing can predict with 100% accuracy whether you will or will not have problems, running this automated test will give you a much better idea of the likelihood. GIAC STRONGLY encourages all candidates to run this assessment test prior to taking a certification exam. We will be unable to provide you with any connectivity-related assistance unless the automated assessment was completed prior to the start of the exam.
Follow the steps shown below to run the automated assessment:

▪ Log into your portal account
▪ Go to https://portal.sans.org/assessments/math.php
▪ Click “Get your Free Exam”
▪ Click “Practice Exams”
▪ Select “Automated Math Test Exam” and click the “Select Exam” button.
▪ Carefully read the instructions then select your network connection speed.
▪ Click “Start Exam”

▪ After the exam is finished, make a note of how long the exam took, then click the “Home” button.

A good rule of thumb is that if the automated test takes more than 11 minutes then you are likely to have problems during the exam. In these cases you should look for items like the ones addressed in the questions below, make any necessary corrections, and then retest. In some cases it may be necessary to check during non-peak hours or simply to take your exam from another location if you are consistently seeing problems.
When I tried to start my exam, I got a message saying that Javascript is disabled, what do I do?: When starting the exam, if you see the error message stating that Javascript is disabled you will need to enable Javascript in your browser and/or disable any script-blocking plug-ins that are running in order to start your exam.
Why do some pages load quickly while others seem to take a long time?: During an exam you occasionally get pages that take a long time (more than 30 seconds) to load while other pages load normally.

This can be caused by a number of different things. They are all generally related to a lack of available bandwidth. This is generally a greater problem for dial-up and lower speed broadband users. Some things to check include:

▪ Ensuring that you are not concurrently downloading large files or multiple files from different locations.
▪ That you do not have any file sharing or peer-to-peer applications running on the desktop.
▪ That you do not have any additional browser windows or tabs open, especially to streaming audio or VOD sites.
▪ If you have a low bandwidth connection ensure that it’s not being used by other people, especially for any of the items listed above
▪ Remember that VoIP, VPNs, and items of that nature can be extremely bandwidth intensive.
I am getting "The page cannot be displayed" error message, what do I do?: Getting "The page cannot be displayed" error after submitting an answer may happen consistently or occasionally.

"The page cannot be displayed" indicates that your browser cannot connect to our exam engine. This could be caused by anything from temporary loss of Internet connectivity to improperly configured proxies and firewalls. If you get this error in the middle of an exam you will need to click the refresh button to reload the page.

Verification: Go to the following sites:

http://whatismyipaddress.com
http://whatsmyip.com
http://ipaddressworld.com

If the last octet of your IP address changes for any of the sites this is a likely indication of a load balancing firewall or proxy issue. Some organizations use multiple load balanced firewalls which makes it appear to our servers that the client machine has rolling IP address. Requests going out one firewall are routed back in through a different one and the connection is dropped as a result.

Solution: Add a persistent rule for sans.org and giac.org so that the same firewall would be used all the time.

General Information

What is SANS Training?

SANS Training provides a core set of educational courses designed to help you master the practical steps necessary for defending your systems and networks against the most dangerous threats - the ones being actively exploited. The courses were developed through the community consensus of hundreds of administrators, security managers, and information security professionals, and address both security fundamentals and the in-depth technical aspects of the most crucial areas of information security. The SANS Training courses can be taken on their own, or to help you prepare for the GIAC Certifications. There is more information in the SANS FAQ at http://www.sans.org/faq.php and the SANS Training Roadmap at http://www.sans.org/conference/trainingroadmap.php.

What is the comparison between CISSP and GIAC?

The primary difference is that the CISSP focuses on concepts, which is of course essential. GIAC covers concepts, but focuses more on the practical skills needed to apply those concepts on the job. Another difference is that you must be a security professional with a minimum of three years of experience in the field before you are even allowed to sit for the CISSP. There is no experience requirement to sit for any of the GIAC certifications. Additional information on GIAC can be found at the FAQ link, above, or the GIAC home page at http://www.giac.org

What is GIAC Certification?

GIAC Certification provides an independent method of assuring that security professionals meet a minimum standard of technical competency. Individuals who hold a GIAC Certification have demonstrated both that they know what needs to be done to secure and administer systems, and have demonstrated that they can put that knowledge into practice.

Where can I find information on SANS training, registration, and portal accounts?

For information on SANS training, registration, and portal accounts, please visit the SANS FAQ at http://www.sans.org/faq.php.

How do I contact someone about GIAC?

We can be reached by e-mail at info@giac.org. If you are currently enrolled in the GIAC certification program, please include your username and the email address with which you registered. Please be sure that you can receive email from giac.org, giac.net, and sans.org to ensure that you receive all correspondence from SANS and GIAC.

How does GIAC compare to other certifications that are available?

A certification attempts to set an objective standard or measurement of ability. Candidates who successfully pass a given certification are assumed to possess a minimum level of knowledge and skill. How well a given certification sets and measures that standard, whether the certification has value or is considered a "paper" certification, depends largely on how that certification is designed and administered.

We feel that there are a number of factors that set GIAC apart from other certification programs:

Emphasis on the practical application of knowledge. While GIAC places importance on the theories and best practices behind information security, we also place a very strong emphasis on the practical application of that knowledge to "real world" situations. GIAC ensures that not only do you "know the stuff," you can also "do the work."
Demonstrated ability. Students who complete technical research papers are publicly posted to the GIAC web site, both to demonstrate their ability and to help to educate others in the security field.
Community focus. Both SANS and GIAC place a strong emphasis on the security community as a whole. We all must share information and learn from each other if we are to successfully protect and defend our networks and systems. There is a strong emphasis on "giving back to the community", through SANS Consensus Projects, incidents.org, student papers, and the Information Security Reading Room, to name a few.

Where can I find information about the SANS Masters Programs?

The URL for the SANS Technology Institute is http://www.sans.edu

GIAC Skills Test and Report (STAR)

What is the STAR program?: The GIAC Skills Test and Report (STAR) helps determine if an individual has the right knowledge, skills and abilities to accomplish specific IT security tasks. The STAR architecture is based on specific Assessment Objects that correspond to SANS training courses. After completing the Skills test, each student will have access to a printable report card, which clearly documents their performance in each sub-topic. For more information please see http://www.giac.org/star.
What does it mean if I pass a STAR assessment test?: STAR assessments gain you no certifications but acknowledges the completion of a test in a certain area of knowledge. Upon completion of a STAR assessment test, you will have access to a complete skills summary screen (Report Card) documenting your performance in each subject area that you can view or print.

Involvement with GIAC

How can I contribute to the GIAC program?: Become a Local Mentor. If you hold a GIAC certification and earned 85% or better on your exam or an "honors" designation on your paper, you are eligible to become a Mentor. For more information you can visit the SANS Local Mentor Program Page. If you are interested in joining a SANS Mentor Team then you should contact lmp@sans.org.

Financial Aid

What payment options are available for GIAC certification?

We accept credit cards, checks, wire transfers, and USA and Canadian federal government Purchase Orders. For credit cards, we accept American Express, MasterCard, Visa, Discover, and Diners Club.

Will my employer support the GIAC program?

Many employers are willing to cover the costs of GIAC certification directly as part of an existing training program for their employees. In addition, some employers offer tuition assistance programs (where you (as the employee) pay the cost of the program, and the employer reimburses you in whole or in part; reimbursement may depend on your performance in the program) as a fringe benefit. Check with your employer for information.

Is GIAC certification eligible for reimbursement under the GI Bill?

GIAC certification is now available for VA reimbursement for Chapter 30 and Chapter 35 veterans and eligible dependents. Please note that VA reimbursement is only for GIAC certification and does not include SANS training. Certification may be earned in conjunction with SANS training or separately as a Challenge Certification. The reimbursement can be applied retroactively for any GIAC certifications received since November 15, 2001. The following certifications apply for VA funds:

GIAC Security Essentials Certification (GSEC)
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Windows Security Administrator (GCWN)
GIAC Certified UNIX Security Administrator (GCUX)
GIAC Systems and Network Auditor (GSNA)

Veterans can apply using VA Form 22-1990 or a letter to the VA Regional Processing Center that handles their state. To request reimbursement of the exam fee under LACAS, they include a copy of their test scores, their receipt for payment of the test fee, and sign a statement authorizing the VA to verify test results with SANS. Information about the program is at the VA website at http://www.va.gov/ under Education benefits.