Guide: Getting started on your GIAC Certification track

Blog Alt EN

SANS later formed the Global Information Assurance Certification (GIAC) program as its certification brand for training courses. To date, more than 165.000 GIAC credentials have been issued.

GIAC develops and administers 48 different cybersecurity certifications, that are widely recognized among the highest and most rigorous cybersecurity accreditations available to business-, government-, and military clients all over the world.

But how do you get started with GIAC and what kind of training is available? This blog will provide all the insights, that you´re looking for.

GIAC Certification tracks

GIAC Certifications fall within 6 specific domains, each with its own certification track:

  • Cyber Defense
  • Industrial Control Systems (ICS)
  • Penetration Testing
  • Digital Forensics and Incident Response
  • Developer
  • Management and Leadership

Getting started

Considering the vast amount of available GIAC Certifications, you may struggle to find your way around and find the best starting point.

Look no further! Readynez Instructor and GIAC Expert Jens Gilges shares his advice here:

These are the recommended entry level GIAC certifications that provide an ideal starting point:

GIAC Security Essentials (GSEC)

Introduction to IT Security for Administrators, Management, Sales and Auditors.

GIAC Penetration Tester (GPEN)

Introduction to Penetration Testing and the hottest Cert around for that topic.

GIAC Cloud Security Essentials (GCLD)

Azure, AWS and Google, the only certification on the market with covers all important defensive and offensive aspects in any of these.

GIAC Global Industrial Cyber Security Professional (GICSP)

Teaches all important aspects starting in the defending SCADA and ICS Systems.

GSEC – GIAC Security Essentials

This GSEC training covers a wide range of topics, and it's recommended for anyone looking to get started with IT-Security. It’s not only interesting, if you have a technical background, it’s also ideal for managers, auditors or even sales consultants, who work with security-related technologies and products. Basically, this training- and certification program is for anyone interested in security, who want to get trained and certified in a wide range of basics.

This is covered:

  • Introduction to basic security concepts
  • Understanding Cryptography, Algorithms and Deployment
  • Understanding Defense in Depth
  • Introduction to Security Management, Risk and Incident Response
  • Configuring, securing and hardening Linux Operating Systems
  • Configuring, securing and hardening Windows Operating System
  • Security Concepts in the Cloud
  • Networking Protocols and Services
  • Securing Networks
  • Introduction to Windows and Linux Forensics


GPEN – GIAC Penetration Tester

This GPEN training offers all the necessary knowledge to plan, execute and document all tasks to successfully to run a penetration test in a professional customer environment. You will get an in-depth introduction to all the most up-to-date methodologies and tools as well as current hands-on exercises using Hack The Box running the latest labs and exercises. This course is ideal for Penetration Testers as well as for Blue Team Members, who will value the knowledge in offense tactics in order to provide better defense.

This is covered:

  • Introduction to the Penetration Testing Methodologies
  • Planning a Penetration Test
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Performing Vulnerability Scans
  • Exploitation Fundamentals
  • Performing Password Attacks
  • Performing Kerberos Attacks (Attacking Active Directory Domains)
  • Domain Escalation and Persistence Attacks
  • Attacking Windows Azure
  • Metasploit
  • Penetration Testing with PowerShell

GCLD – GIAC Cloud Security Essentials

This GCLD training teaches all the necessary assets-, implement- and audit defensive security controls in Azure, AWS and Google Cloud. This is the only vendor-neutral security course on the market right now and therefore it is interesting for Risk Managers, Security Managers, System Administrators and Engineers in one of the major platforms.

This is covered:

  • Introduction to Cloud Security Concepts
  • Government and Legal Considerations
  • Access Controls and IAM Best Practices
  • Secure and Monitor Computer Deployment
  • Secure and Monitor Virtual Networks in the Cloud
  • Secrets Management and deploying Encryption
  • Store, encrypt and monitor sensitive data
  • Secure and Monitor Containers
  • Cloud Automation

GICSP – GIAC Industrial Cyber Security Professional

This GICSP course is relevant for anyone working with Industrial Control Systems (ICS) or SKADA Systems. It delivers a good introduction to all relevant protocols -, infrastructure- and network design best practices. This class also delivers all the required skills on how to harden and audit Linux and Windows Systems for an ICS environment, but also how to execute this against controllers, HMIs other components you will find in an industrial control systems environment.

This is covered:

  • ICS Components and Protocols
  • The Perdu Model
  • ICS Level Design and Security
  • Hardening ICS Operating Systems
  • Securing Wireless in an ICS environment
  • Attacking ICS Systems
  • Risk-Based Disaster Recovery and Incident Response

Training for the GIAC Certifications

Getting ready for your GIAC Certification will require an average of 55 hours in addition to your SANS classroom training according to GIAC.

There’s no doubt that the certifications are challenging, and that significant study time and hands-on time is required. The exams are designed to measure your ability to correctly analyse and respond to situations.

That said, there are alternative options to the SANS training that will provide you with all the required knowledge in a classroom environment and get you ready for the exams.

How Readynez GIAC training is different:

  1. Readynez provides 10% slides and 90% hands-on.
  2. Readynez maintains the course material and keep it up-to-date.
  3. Extra exam prep material. (GIAC is open book, and Readynez provides the extra that you need in order to pass the exams the first time)
  4. Labs are up-to-date.
  5. Readynez offers smaller groups and more time for personal interaction

So, regardless of how you train for your GIAC Certification. Look for more hands-on, more hours of instructor-led training, updated material and smaller classes.

When you´re ready for your exam, you simply sign up for an online examination via the GIAC website in an administered proctored environment.

Are you ready? See all GIAC Training here and get in touch with us directly in the chat for questions.


Two people monitoring systems for security breaches

Unlimited Security Training

Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Access to 50+ seasoned instructors
  • Trained 50,000+ IT Pro's

What exactly is involved?

GIAC creates and maintains industry-standard cybersecurity certifications. With a wide portfolio of specialised qualifications available, GIAC provides some of the most rigorous standards for IT and security professionals worldwide.

So, regardless of how you train for your GIAC Certification. Look for more hands-on, more hours of instructor-led training, updated material and smaller classes.

GIAC Benefits

GIAC Certification Renewal

GIAC continues to accept a wide variety of professional activities as Continuing Professional Experience (CPE) credits. We have expanded the flexibility of these CPEs to further simplify the maintenance of your certifications. Start accumulating and tracking your CPE credits as soon as your GIAC certification is earned. You have until your certification expiration date to complete your CPE submissions and remit payment of the certification maintenance fee. All CPE submissions must be acquired within the 4-year period in which your GIAC certification is active.

Digital Badging

The GIAC (Global Information Assurance Certification) program and digital badging provider Credly have partnered to provide our certification holders with a digital badge of their GIAC certification. Digital badges can be used in email signatures, personal web sites, social media sites such as LinkedIn and Twitter, as well as on electronic copies of resumes. Digital badges help GIAC certification holders convey to employers, potential employers and interested parties the skills required to earn and maintain a specialized GIAC certification.

Success Stories

Real people, real success for GIAC Certification professionals. Today's cyber attacks are highly sophisticated and exploit specific vulnerabilities. Broad, general InfoSec certifications are no longer enough. GIAC offers more than 30 cybersecurity certifications. Each certification focuses on specific job skills and requires unmatched and distinct knowledge.

Stay Current on Digital Skills

Subscribe to the Newsletter and get the best of our knowledge and experience, hand-picked by our editors. Get all the relevant news about Digital Skills, Case Studies, Podcasts and course launches straight to your inbox. Subscribe here:



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}