GIAC GSEC Security Essentials Certification
Also see: Taking the GIAC GSEC, Paul Meynen
The GIAC GSEC, Instructors
Take it Too
The SANS GIAC GSEC certification is an extremely popular certification
that emphasizes skills that are immediately useful in the workplace,
including hands on skills, unlike the CISSP certification.
There is a bit of alphabet soup to wade through, so let’s get started:
The SANS Institute, last I checked, stood for "SysAdmin, Audit,
Networking, and Security." They have a number of popular practical
certifications, administered through GIAC, the Global Information
Assurance Certification, which was founded in 1999 to “validate the
skills of computer security professionals.”
There are 23,533 GIAC certified professionals as of Nov 2008. The most
popular GIAC certification is the GSEC, which is the GIAC Security
Essentials Certification, or avoiding acronyms completely, the Global
Information Assurance Certification Security Essentials Certification.
There are almost 9000 GSEC certified professionals as of late 2008.
GSEC covers the same ten domains as the CISSP Common Body of Knowledge
(CBK), although the emphasis is on the practical, not theoretical.
Expect close to zero time to be spent on theoretical frameworks and
models unlike the CISSP.
The GSEC is pretty straightforward. You need to take one proctored exam,
which consists of 180 multiple choice questions with a 5 hour time
limit, and the test is open book, but closed computer. The test can be
taken at any KRYTERION testing center. There are KRYTERION testing
centers worldwide, ranging from Australia to Yemen and possibly even one
convenient to you. If not, many organizations are using internal human
resources and other employees as proctors – contact GIAC for details.
Proctored exams will also be available at SANS conferences several times
a year. I haven't been to a SANS conference in over a year, so they may
Overall, the administrative (and possibly travel) details are infinitely
easier for the GSEC than the CISSP, although the level of difficulty of
the material covered by the exams is similar.
Note that previously the test could be taken online anywhere, anytime,
without a proctor, and was open book and open computer, meaning Google
etc. was allowed.
Most people who take the GSEC test take the SANS GSEC 6 day 5 night
bootcamp training first, which includes plenty of hands on lab time. The
material covered in the labs is included in the exam.
The GSEC certification exam needs to be retaken every 4 years. There is
no need for continuing education credits or anything similar, just a
solid understanding of the material.