Home > Blogs > On the GIAC Security Administration Certification Track

On the GIAC Security Administration Certification Track

By  Feb 26, 2009

Topics: Certification

In my inaugural post of this mini-series I introduced the Global Information Assurance Certification (GIAC) program that is sponsored by the SANS Institute. Today I would like to delve into the first of its four IT security tracks: Security Administration.

Levels of Expertise

According to the GIAC Certification Roadmap page, the GIAC Security Administration track is organized into four ascending levels of expertise:

  • Introductory
  • Intermediate
  • Advanced
  • Highly Advanced

You will note in analyzing the Roadmap page that SANS offers two separate programs: GIAC Certifications proper, and GIAC Skills Test and Report (STAR) classes and exams. In this series of posts we shall consider only the GIAC certifications. Please visit the STAR program home page for more information on that program, if you are so inclined.

These expertise levels correspond roughly to this certification program’s target audience. Obviously someone pursuing a vendor-neutral IT security credential is an individual with some professional interest in information security.

However, even the introductory-level certification here is not intended for the “garden-fresh” IT newbie. From reading the GIAC program literature, the entry-level Security Administration credential looks to be targeted more at existing IT pros who are transitioning into full-time IT security work as opposed to those who are entering the IT field from another discipline entirely. Keep that in mind, please.

Linkup with DoD 8570

Onward and upward, then. Another point that might stand out to you as you study the GIAC Certification Roadmap table is how many of these credentials satisfy Department of Defense (DoD) Directive 8570. DoD 8570 is an important benchmark that is extremely relevant for IT professionals who pursue contract work with the Federal Government.

In point of fact, I have written on DoD 8570 here at the InformIT Certification Reference Guide:

Exam Breakdown

Let’s run a formal breakdown of the four aforementioned security levels with the specific exams that map to them in the GIAC Security Administration certification track, okay?

Introductory Level

  • GIAC Information Security Fundamentals (GISF)

Intermediate Level

  • GIAC Security Essentials Certification (GSEC)

Advanced Level

  • GIAC Certified Forensics Analyst (GCFA)
  • GIAC Certified Firewall Analyst (CDFW)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified UNIX Security Administrator (GCUX)
  • GIAC Certified Windows Security Administrator (GCWN)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Securing Oracle Certification (GSOC)
  • GIAC Certified Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)

Highly Advanced Level

  • GIAC Assessing Wireless Networks (GAWN)
  • GIAC Reverse Engineering Malware (GREM)

Boy howdy, that’s a lot of exams! Take heart, though—it’s not like they are component parts that lead to some “master-level” credential. Instead, think of these titles as Legos or Lincoln logs that can be earned separately and linked together to mesh with your own particular professional skill set.

Exam Metadata

These exams are all proctored tests that contain approximately 150 multiple-choice questions with a 4-hour time limit.

Registration cost for each exam is $899.00; this price is reduced to $499 per exam if you register for the corresponding SANS instructor-led training course.

Here’s the wrinkle though, folks: the exams are made only where the SANS courses are being taught to support a particular test. This is obviously a strong incentive on SANS’ part to attract customers to pay for the ILT. *grumble grumble*

The $899 fee is what SANS calls the “Exam Challenge” registration. Basically you show up at the training center where the SANS class is being held, but you simply sit for the proctored exam; you don’t sit for the class.

SANS sells practice tests for $99 apiece. If you buy the Challenge registration, they throw in the appropriate practice exam for you “free of charge.”


Once earned, your GIAC credential is valid for four years. The recertification fee for the recert exam is $325. Once you pass the recert exam, your title is refreshed for another four years. And so it goes!

Next post: the GIAC Management track.