Kjøp Unlimited Training lisenser i juni og få 3 måneders trening gratis! ☀️

Guide: Getting started on your GIAC Certification track

Blog Alt NO

SANS later formed the Global Information Assurance Certification (GIAC) program as its certification brand for training courses. To date, more than 165.000 GIAC credentials have been issued.

GIAC develops and administers 48 different cybersecurity certifications, that are widely recognized among the highest and most rigorous cybersecurity accreditations available to business-, government-, and military clients all over the world.

But how do you get started with GIAC and what kind of training is available? This blog will provide all the insights, that you´re looking for.

GIAC Certification tracks

GIAC Certifications fall within 6 specific domains, each with its own certification track:

  • Cyber Defense
  • Industrial Control Systems (ICS)
  • Penetration Testing
  • Digital Forensics and Incident Response
  • Developer
  • Management and Leadership

Getting started

Considering the vast amount of available GIAC Certifications, you may struggle to find your way around and find the best starting point.

Look no further! Readynez Instructor and GIAC Expert Jens Gilges shares his advice here:

These are the recommended entry level GIAC certifications that provide an ideal starting point:

GIAC Security Essentials (GSEC)

Introduction to IT Security for Administrators, Management, Sales and Auditors.

GIAC Penetration Tester (GPEN)

Introduction to Penetration Testing and the hottest Cert around for that topic.

GIAC Cloud Security Essentials (GCLD)

Azure, AWS and Google, the only certification on the market with covers all important defensive and offensive aspects in any of these.

GIAC Global Industrial Cyber Security Professional (GICSP)

Teaches all important aspects starting in the defending SCADA and ICS Systems.

GSEC – GIAC Security Essentials

This GSEC training covers a wide range of topics, and it's recommended for anyone looking to get started with IT-Security. It’s not only interesting, if you have a technical background, it’s also ideal for managers, auditors or even sales consultants, who work with security-related technologies and products. Basically, this training- and certification program is for anyone interested in security, who want to get trained and certified in a wide range of basics.

This is covered:

  • Introduction to basic security concepts
  • Understanding Cryptography, Algorithms and Deployment
  • Understanding Defense in Depth
  • Introduction to Security Management, Risk and Incident Response
  • Configuring, securing and hardening Linux Operating Systems
  • Configuring, securing and hardening Windows Operating System
  • Security Concepts in the Cloud
  • Networking Protocols and Services
  • Securing Networks
  • Introduction to Windows and Linux Forensics


GPEN – GIAC Penetration Tester

This GPEN training offers all the necessary knowledge to plan, execute and document all tasks to successfully to run a penetration test in a professional customer environment. You will get an in-depth introduction to all the most up-to-date methodologies and tools as well as current hands-on exercises using Hack The Box running the latest labs and exercises. This course is ideal for Penetration Testers as well as for Blue Team Members, who will value the knowledge in offense tactics in order to provide better defense.

This is covered:

  • Introduction to the Penetration Testing Methodologies
  • Planning a Penetration Test
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Performing Vulnerability Scans
  • Exploitation Fundamentals
  • Performing Password Attacks
  • Performing Kerberos Attacks (Attacking Active Directory Domains)
  • Domain Escalation and Persistence Attacks
  • Attacking Windows Azure
  • Metasploit
  • Penetration Testing with PowerShell

GCLD – GIAC Cloud Security Essentials

This GCLD training teaches all the necessary assets-, implement- and audit defensive security controls in Azure, AWS and Google Cloud. This is the only vendor-neutral security course on the market right now and therefore it is interesting for Risk Managers, Security Managers, System Administrators and Engineers in one of the major platforms.

This is covered:

  • Introduction to Cloud Security Concepts
  • Government and Legal Considerations
  • Access Controls and IAM Best Practices
  • Secure and Monitor Computer Deployment
  • Secure and Monitor Virtual Networks in the Cloud
  • Secrets Management and deploying Encryption
  • Store, encrypt and monitor sensitive data
  • Secure and Monitor Containers
  • Cloud Automation

GICSP – GIAC Industrial Cyber Security Professional

This GICSP course is relevant for anyone working with Industrial Control Systems (ICS) or SKADA Systems. It delivers a good introduction to all relevant protocols -, infrastructure- and network design best practices. This class also delivers all the required skills on how to harden and audit Linux and Windows Systems for an ICS environment, but also how to execute this against controllers, HMIs other components you will find in an industrial control systems environment.

This is covered:

  • ICS Components and Protocols
  • The Perdu Model
  • ICS Level Design and Security
  • Hardening ICS Operating Systems
  • Securing Wireless in an ICS environment
  • Attacking ICS Systems
  • Risk-Based Disaster Recovery and Incident Response

Training for the GIAC Certifications

Getting ready for your GIAC Certification will require an average of 55 hours in addition to your SANS classroom training according to GIAC.

There’s no doubt that the certifications are challenging, and that significant study time and hands-on time is required. The exams are designed to measure your ability to correctly analyse and respond to situations.

That said, there are alternative options to the SANS training that will provide you with all the required knowledge in a classroom environment and get you ready for the exams.

How Readynez GIAC training is different:

  1. Readynez provides 10% slides and 90% hands-on.
  2. Readynez maintains the course material and keep it up-to-date.
  3. Extra exam prep material. (GIAC is open book, and Readynez provides the extra that you need in order to pass the exams the first time)
  4. Labs are up-to-date.
  5. Readynez offers smaller groups and more time for personal interaction

So, regardless of how you train for your GIAC Certification. Look for more hands-on, more hours of instructor-led training, updated material and smaller classes.

When you´re ready for your exam, you simply sign up for an online examination via the GIAC website in an administered proctored environment.

Are you ready? See all GIAC Training here and get in touch with us directly in the chat for questions.


To personer overvåker systemer for sikkerhetsbrudd

Unlimited Security Training

ubegrenset tilgang til ALLE LIVE instruktørledede sikkerhetskurs du ønsker - alt for prisen av mindre enn ett kurs.

  • 60+ LIVE instruktørledede kurs
  • Money-back Garanti
  • Tilgang til 50+ erfarne instruktører
  • Opplært 50 000+ IT Pro's



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}