GIAC Security Essentials (GSEC)

The GIAC Security Essentials (GSEC) certification is designed for practitioners in information security, validating their knowledge beyond basic concepts. This certification is often described as “a mile wide” so the scope certainly matches that.

Key Information:

• Exam Format: The certification exam is a proctored test with 106-180 questions to be completed in 4-5 hours. A minimum passing score of 73% is required.
• Areas Covered:
  • Defense in depth, access control, and password management
  • Cryptography: basic concepts, algorithms, deployment, and application
  • Cloud: AWS fundamentals, Microsoft cloud
  • Defensible network architecture, networking and protocols, and network security
  • Incident handling and response, data loss prevention, mobile device security, vulnerability scanning, and penetration testing
  • Linux: Fundamentals, hardening, and securing
  • SIEM, critical controls, and exploit mitigation
  • Web communication security, virtualization and cloud security, and endpoint security
  • Windows: Access controls, automation, auditing, forensics, security infrastructure, and services
• Target Audience: GSEC is suitable for new InfoSec professionals with backgrounds in information systems and networking, security professionals, managers, operations personnel, IT engineers and supervisors, security administrators, forensic analysts, penetration testers, and auditors.
• Delivery: Certification attempts are web-based and require proctoring, with options for remote proctoring through ProctorU and onsite proctoring through PearsonVUE. Attempts are activated in the GIAC account post-approval, and candidates have 120 days from activation to complete the exam.
• CyberLive: GIAC offers CyberLive, a hands-on, real-world practical testing environment, allowing practitioners to validate knowledge and skills using actual programs, code, and virtual machines.

The exam certification objectives for this comprehensive certification cover a wide range of information security topics.

Here’s a summarized breakdown:

Access Control & Password Management:

• Understanding the fundamental theory of access control and the role of passwords.

AWS Fundamentals and Security:

• Demonstrating knowledge of interacting with and securing AWS instances.

Container and MacOS Security:

• Understanding how to secure containers and the security features provided in MacOS.

Cryptography:

• Basic understanding of cryptography concepts, major cryptosystems, and steganography.

Cryptography Algorithms & Deployment:

• Basic understanding of mathematical concepts contributing to cryptography and identification of commonly used cryptosystems.

Cryptography Application:

• High-level understanding of VPNs, GPG, and PKI.

Data Loss Prevention and Mobile Device Security:

• Understanding risks and impacts of data loss, prevention methods, and security considerations.

Defense in Depth:

• Understanding defense in depth and identifying key security areas, demonstrating different strategies for effective security.

Defensible Network Architecture:

• Demonstrating how to architect a network to resist intrusion.

Endpoint Security:

• Basic understanding of the function and uses of endpoint security devices.

Enforcing Windows Security Policy:

• High-level understanding of Group Policy features and working with INF security templates.

Incident Handling & Response:

• Understanding incident handling concepts and processes.

Linux Fundamentals:

• Understanding Linux operating system structure, vulnerabilities, and permissions.

Linux Security and Hardening:

• Ability to gain visibility into a Linux system for securing, auditing, and hardening.

Log Management & SIEM:

• High-level understanding of logging importance, setup, configuration, and log analysis with SIEMs.

Malicious Code & Exploit Mitigation:

• Understanding attack methods and basic defensive strategies.

Network Security Devices:

• Basic understanding of network security devices like firewalls, NIDS, and NIPS.

Networking & Protocols:

• Understanding properties and functions of network protocols and stacks.

Security Frameworks and CIS Controls:

• Understanding CIS Critical Controls, NIST Cybersecurity Framework, and MITRE ATT&CK knowledge base.

Virtualization and Cloud Security:

• Basic understanding of risks in virtualization and cloud services and how to secure them.

Vulnerability Scanning and Penetration Testing:

• Understanding reconnaissance, resource protection, risks, threats, vulnerabilities, network maps, and penetration testing techniques.

Web Communication Security:

• Understanding web application security and common vulnerabilities.

Windows Access Controls:

• Understanding permissions in Windows NT File System, Shared Folders, Printers, Registry Keys, and Active Directory.

Windows as a Service:

• Understanding how to manage updates for a network of Windows hosts.

Windows Automation, Auditing, and Forensics:

• Introduction to techniques and technologies used to audit Windows hosts.

Windows Security Infrastructure:

• Identifying differences between Windows OSes and how Windows manages groups and accounts.

Windows Services and Microsoft Cloud:

• Knowing basic measures in securing Windows network services and Microsoft Azure security features.

Wireless Network Security:

• Basic understanding of misconceptions, risks, and securing wireless networks.

The GSEC certification demonstrates practical skills in IT systems security, making it a valuable qualification for individuals involved in hands-on security tasks.