Awareness & Training

GIAC Certifications in High Demand

Incident Handler Credential is Top-Rated Among Employers
GIAC Certifications in High Demand
When Foote Partners, the Florida-based management consultancy, released its 2009 IT Skills Trends Report Update, three of the top 10 certifications were Global Information Assurance Certification (GIAC) offerings by the SANS Institute, specializing in computer security training and professional certification through GIAC.

Heading the list at number 1 is the GIAC Certified Incident Handler certification, 7 is the GIAC Certified Forensics Analyst (GCFA), and 8 is the GIAC Certified Intrusion Analyst certification. The demand for these certifications has increased greatly over the past half-year, according to the index.

And these findings are backed up by hiring managers who continue to seek security practitioners for technical, hands-on positions.

"While hiring for security specific positions, I definitely look for GIAC certified individuals," says Martin C. Walker, Chief Knowledge Officer, Information Defense Corporation, an information security solutions provider based in New Jersey. "In a pile of resumes, they are pulled right out and given serious consideration."

GIAC certified professionals are not product centric, they have a better grasp of concepts and how to apply those, he adds.

Daryl Pfeil, CEO of Digital Forensics Solutions, a full service computer security and digital forensics firm based in New Orleans, says that she prefers to hire GIAC-certified individuals and, in a few cases, has even invested in SANS training for her employees. She finds the vendor-neutral training with focus on open source tools extremely helpful. Certified practitioners are highly capable and skilled to handle hands-on investigations and analysis.

"Especially given the tight economy, we are seeing demand in hiring and job retention trends for the IT Security sector shifting sharply from soft security skills (policy, security awareness, compliance) to more hands-on security skills (technical incident handling, intrusion detection, system hardening, data forensics)," says Jeff Frisk, director of GIAC. This shift in demand drives the need for hands-on technical personnel. In turn, that demand heightens the need for certifications such as GIAC, which is recognized for its in-depth technical and quantitative security skills, enabling certified personnel to do their job effectively and add value within their organization.

Behind the Demand

The top reasons behind the growing demand for these certifications include:

  • Increased Usage and Dependency on Digital Devices: We constantly use computer and other digital mobile devices for making calls, texting messages, surfing the internet, accessing email and bank accounts, paying bills, watching videos and more. "For better or worse, our lives and our personal/private data are now recorded on these devices moment-by-moment," says Rob Lee, Curriculum Lead for Digital Forensic Training at the SANS Institute and Director of Mandiant, a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. Government. As a result, crimes, civil litigation cases, and incidents exploiting stored data found on these devices are increasing.

  • Increased Security Incidents and Fraud: Incidents such as TJX, Heartland, Hannaford and this past Independence Day breach are routinely in the news. Security data breach costs are in the millions of dollars. Being able to effectively respond, investigate and eventually handle these situations is becoming both necessary and crucial.

  • Insider Theft: Insider threat is a growing criminal activity, especially in the event of organizations merging, being acquired and employees being laid off. "In today's economy more people are working remotely, which provides greater opportunities for malicious employees to create harmful attacks," says Paul Henry, SANS Institute certified instructor in Forensics and cyber crime and President of Forensics & Recovery LLC, an independent network breach and computer forensics investigative company based in Florida.

  • Increase in Utilization of Electronically Stored Evidence: Civil law suits are seeing an increase in utilization of electronically stored evidence. For criminal cases, it is becoming the norm to collect the subject or victim's cell phone, computer and other electronic devices in order to help solve the crime, maintains Lee.

  • Easy Use of Attack Tools: "Also, attack tools have become as easy to use as point and click cameras," and companies more and more are coming to understand the value of responding to security incidents, says Frisk.

The need for forensic, intrusion and incident handling professionals is increasing due to the sheer number of incidents and cases that every organization faces. Companies therefore, are now investing in hiring qualified professionals to solve these challenges and "SANS certifications address a strong need for proactive protection of network, data and systems, something that companies are finally realizing they have to adopt to be successful," says Frisk.

Overview of the Three Hot Certifications

1. GIAC Certified Incident Handler (GCIH)

There are over 4,000 GCIH certification holders currently. These professionals have the knowledge, skills and abilities to manage incidents; to understand common attack techniques and tools; and to defend against and/or respond to such attacks when they occur. GCIH certification holders are prepared to respond to a wide variety of security incidents, ranging from unintentional internal security violations at the smallest of companies to major international incidents involving governments and Fortune 100 enterprises.

Individuals responsible for incident handling/incident response; individuals who require an understanding of the current threats to systems and networks, along with effective countermeasures are usually the target audience for this certification.

"GCIH certified individuals know how to use the same tools and techniques that attackers do and learn to think like an attacker," says Christopher Carboni, Deputy Technical Director for GIAC. "GIAC-certified individuals, in particular GCIH, possess the know- how to handle advanced technical and security issues, work very independently and have a distinct self confidence in handling incidents, which is remarkable in many ways," says Clay Boswell, CISSP, GCIH, GCFA, GSEC, Information Security Director, Sealed Air Corporation a global manufacturer.

  • Job Roles - A GCIH certified individual is well suited for a variety of technical positions including incident responder, security analyst, security operations center analyst, security auditor and can often springboard into positions such as Security architect, director of security and technical director / deputy CISO.

  • Who's Hiring? - All government federal and state agencies, software vendor companies, financial and banking institutions, intelligence community, advisory firms, IT and security consulting companies are in constant lookout for hiring these professionals.

  • Cost - The cost of the certification is $499 when one signs up with training, or $899 if attempting the certification exam without associated training.

2. GIAC Certified Forensics Analyst (GCFA)

GCFA is the leading vendor-neutral digital forensic certification, with more than 1,550 certified individuals. GIAC GCFAs have the knowledge, skills and abilities to handle advanced incidents, legally collect and secure evidence, conduct incident investigations, perform Electronic Evidence Discovery (EED), write forensic reports that can be utilized in litigation, and legally carry out forensic investigation of computers, networks and hard drives. GCFA-certified personnel are able to demonstrate how commercial forensic tools function step-by-step and can describe the process in a court of law. They are adept at both live and dead evidence acquisition, as well as complete deep-dive forensic analysis. In addition, certified analysts are able to articulate and ensure an exact legal and forensically sound process is utilized in the event that they will need to testify in court.

"We test not only for core computer forensic knowledge, we also cover areas cutting edge in the field," says Lee. These areas include memory collection and analysis, registry analysis, restore point examination, and volume shadow analysis. The SANS Institute adds the latest techniques to the material multiple times every year. "For example, some elements for Windows 7 are already covered in our material," indicates Lee.

"I prefer hiring SANS-certified candidates for my firm because they are innovative, broad thinking and exposed to different tools, techniques and programs," says Kevin Cohen, CISA, CISSP EnCE, GCFA, GCIA, President of Data Triage Technologies a boutique shop that performs computer forensics and electronic discovery. The GCFA certification with SANS has helped him to become an expert witness and has infused a high level of confidence in his problem solving and conceptual understanding abilities.

  • Who's Hiring? - Three broad industries need qualified digital forensic expertise on a daily basis.

    1. Information Security: to stop hackers, computer based attacks, and recover from data breach incidents.
    2. Legal: Win civil and criminal cases involving electronically stored evidence.
    3. Law Enforcement/Defense Industrial Base: Arrest and prosecute criminals/Deter enemies

  • Job Roles Include -

    • Information Security Crime Investigator/Forensic Expert - This expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised.

    • Forensic Analyst -focuses on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

    • Incident Responder - the first-line defense during the breach. Cost -- The cost of the certification is $499 when one signs up with training, or $899 if attempting the certification exam without associated training.

3. GIAC Certified Intrusion Analyst (GCIA)

- The GCIA certification has served the needs of the industry since 2000. There are more than 2,000 certified GCIA professionals currently. A holder of the GCIA credential is certain to have a complete understanding of network protocols, traffic and network theory, including normal and malicious fragmentation, abnormal stimulus response, and TCP/IP fundamentals. They are familiar with attacks against NIDS, computer systems and the network infrastructure. They are able to analyze common network traffic patterns and dig into packets when more information is needed.

The GCIH focuses on individuals responsible for network and host monitoring, traffic analysis, and intrusion detection.

"It is the first and only certification for individuals who monitor networks using Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs)," says, Jeff Pike Technical Director for GIAC. "There is no other security credential like the GCIA currently being offered by any other certification bodies." The skills required to successfully complete the GCIA have been in high demand since the certification was introduced, he adds.

Jared McLaren is a security practitioner and analyst at SBL Financial Group, holding the GCIA certification since 2003. He maintains that the GCIA has been extremely helpful in his work, especially in areas of authentication and authorization of web applications, debugging traffic and understanding of systems interconnectivity and attempted attack mitigation strategies. "The GCIA certifies that I am a competent professional in my job," he states.

  • Job Roles Include - Information Security Crime Investigator, Incident Responder, Malware Analyst, Network Security Engineer, Security Analyst, Computer Crime Investigator, Security Operations Center Analyst, and Intrusion Analyst.

  • Who's Hiring - All government federal and state agencies, software vendor companies, network and solution hosting companies, financial and banking institutions, pharmaceutical and health service organizations, retail operations, intelligence community, advisory firms, IT and security consulting companies all have a strong need for these professionals.

  • Cost - The cost of the certification is $499 when one signs up with training, or $899 if attempting the certification exam without associated training.

For more information on the GIAC certifications please visit:

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network