SecurITyCerts dot Org

       Navigating Security Certifications

Subscribe to SecurITy, our free newsletter

GIAC GSEC Security Essentials Certification

Also see:  Taking the GIAC GSEC, Paul Meynen
               The GIAC GSEC, Instructors Take it Too

The SANS GIAC GSEC certification is an extremely popular certification that emphasizes skills that are immediately useful in the workplace, including hands on skills, unlike the CISSP certification.

There is a bit of alphabet soup to wade through, so let’s get started:
The SANS Institute, last I checked, stood for "SysAdmin, Audit, Networking, and Security." They have a number of popular practical certifications, administered through GIAC, the Global Information Assurance Certification, which was founded in 1999 to “validate the skills of computer security professionals.”

There are 23,533 GIAC certified professionals as of Nov 2008. The most popular GIAC certification is the GSEC, which is the GIAC Security Essentials Certification, or avoiding acronyms completely, the Global Information Assurance Certification Security Essentials Certification. There are almost 9000 GSEC certified professionals as of late 2008.

GSEC covers the same ten domains as the CISSP Common Body of Knowledge (CBK), although the emphasis is on the practical, not theoretical. Expect close to zero time to be spent on theoretical frameworks and models unlike the CISSP.

The GSEC is pretty straightforward. You need to take one proctored exam, which consists of 180 multiple choice questions with a 5 hour time limit, and the test is open book, but closed computer. The test can be taken at any KRYTERION testing center. There are KRYTERION testing centers worldwide, ranging from Australia to Yemen and possibly even one convenient to you. If not, many organizations are using internal human resources and other employees as proctors – contact GIAC for details. Proctored exams will also be available at SANS conferences several times a year. I haven't been to a SANS conference in over a year, so they may already be.

Overall, the administrative (and possibly travel) details are infinitely easier for the GSEC than the CISSP, although the level of difficulty of the material covered by the exams is similar.

Note that previously the test could be taken online anywhere, anytime, without a proctor, and was open book and open computer, meaning Google etc. was allowed.

Most people who take the GSEC test take the SANS GSEC 6 day 5 night bootcamp training first, which includes plenty of hands on lab time. The material covered in the labs is included in the exam.

The GSEC certification exam needs to be retaken every 4 years. There is no need for continuing education credits or anything similar, just a solid understanding of the material.
Ted Demopoulos at Caesars Palace
Ted Demopoulos,  Caesars Palace

Tedon Google+