The GIAC Certified Enterprise Defender (GCED) certification is designed for individuals seeking advanced technical skills in cybersecurity to defend enterprise environments. It builds upon the foundation established by the GIAC Security Essentials certification. The certification covers topics such as defensive network infrastructure, packet analysis, penetration testing, incident handling, and malware removal.
Key Information:
Exam Format: The certification exam is a proctored test with 115 questions to be completed in 3 hours. A minimum passing score of 69% is required.
Target Audience: The GCED certification is suitable for incident responders, penetration testers, security operations center engineers and analysts, network security professionals, and anyone seeking in-depth technical knowledge of comprehensive security solutions.
Delivery: Exams are web-based and proctored, with options for remote proctoring through ProctorU or onsite proctoring through PearsonVUE. Certification attempts are activated in the GIAC account after approval, and candidates have 120 days to complete the exam.
Exam Certification Objectives: The certification covers various objectives, including defending network protocols, understanding defensive infrastructure and tactics, digital forensics concepts, incident response concepts, malware analysis, intrusion detection, and packet analysis.
Other Resources: Training is available through various modalities, including live training and OnDemand. Practical work experience, college-level courses, or self-paced study can contribute to mastering the necessary skills for certification.
The Exam Certification Objectives for the GIAC Certified Enterprise Defender (GCED) certification cover a range of cybersecurity topics.
- Defending Network Protocols:
- Understand commonly used network protocols.
- Demonstrate defense against protocol attacks.
- Exhibit knowledge of audit techniques and adhere to the Center for Internet Security’s benchmarks and Critical Security Controls.
- Defensive Infrastructure and Tactics:
- Demonstrate basic knowledge of defensive measures for network and cloud-based infrastructure.
- Understand common detective and preventive controls.
- Digital Forensics Concepts and Application:
- Understand methods and practices of digital forensics.
- Demonstrate proficiency in identifying forensic artifacts.
- Incident Response Concepts and Application:
- Understand continuous incident response processes.
- Recognize the relationship between incident response, threat intelligence practices, and the Cyber Kill Chain.
- Interactive and Manual Malware Analyses:
- Understand interactive malware behavior analysis.
- Demonstrate knowledge of analysis tools and interpret analysis results.
- Understand manual malware code reversal, disassembly, decompiling, and code obfuscation techniques.
- Intrusion Detection and Packet Analysis:
- Understand intrusion prevention systems.
- Know the placement, configuration, and tuning of these systems.
- Demonstrate proficiency in taking action in response to alerts.
- Malware Analysis Concepts and Basic Analysis Techniques:
- Understand various types of malware.
- Identify symptoms of infection and methods to analyze malware safely.
- Understand the benefits and disadvantages of automated and static malware analysis techniques and interpret their results.
- Network Forensics, Logging, and Event Management:
- Understand the use of logs and flows in network forensics.
- Recognize the importance of logging and event management in security operations.
- Understand the usage of SIEM (Security Information and Event Management) and Security Analytics.
- Network Security Monitoring Concepts and Application:
- Demonstrate knowledge of devices used in Security Operations Centers (SOCs) to monitor networks.
- Understand packet types, packet capture tools, continuous network monitoring, and advanced issues like monitoring encrypted traffic.
- Penetration Testing Application:
- Demonstrate familiarity and proficiency in using penetration testing tactics and tools against typical types of penetration test targets.
- Penetration Testing Concepts:
- Understand penetration testing scoping.
- Adhere to rules of engagement in penetration tests.
- Demonstrate knowledge of tools and tactics used in penetration tests and reporting the test results to the intended audience.
Difficulty: 3 out of 5.
The GCED is the big brother of the GSEC (GIAC Security Essentials). I would describe it as a medium-tier general practitioner cert insofar as to say it covers a wide breadth of material like a GSEC, Security+, or SSCP (or even a CISSP, just much more technical). It differs from those certs because it dives deeper into its specific domains than would be expected of those other tests. In comparison, a security+ exam might expect you to know that TCP is. GCED will expect you to know how a TCP header is constructed.
If you take the classes with it (recommended), you might be able to skim a few of the chapters (or entire books) if your a seasoned cyber veteran in that particular discipline and focus in on your key weaknesses (I'm looking at you malware analysis).
Difficulty: 3 out of 5.
This one is underrated, or at least lesser known, when compared to all the trendy certs. I found plenty of value in the material and would recommend GCED as a breakout certification for anyone with IT or some kind of technical background. Get exposure to several niches in the realm of blue team ops with this one course and you can rapidly transform into a capable defender.