The SANS Security Certification Program
The SysAdmin, Audit, Network, and Security (SANS) Institute offers a highly regarded security credential called the Global Information Assurance Certification (GIAC). The most common GIAC security certification "ladder" includes this sequence: Individuals entering the security field are encouraged to complete an entry-level security exam that grants them a GIAC Security Essentials Certification (GSEC). Thereafter, they may take one or more advanced security exams on firewalls, intrusion detection, incident handling, Windows security, and Unix security. Passing each of these leads to an intermediate-level certification. Those who complete exams on all five intermediate-level topics can obtain SANS advanced-level GIAC certification[md]the GIAC Security Engineer (GSE).
SANS offers Web-based versions of many of its classes online, and in-class versions at its many conferences. The organization offers highly regarded training and information, and the GIAC program is both valued and reputable in the IT industry.
SANS is an initialism for SysAdmin, Audit, Network, and Security. Run by ex-Computer Associates Vice President P. Alan Paller, the SANS Institute has outgrown its 1989 origins as a conference and training business and has moved smartly into security certifications.
SANS also operates a highly regarded global incident center that acts as a clearinghouse for security-related information of all kinds. The SANS Global Information Assurance Certification (GIAC) has been available since 1998. Stephen Northcutt, who once worked as the Chief for Information Warfare at the U.S. Ballistic Missile Defense Organization, is responsible for the SANS Institute's training and certification activities; his extensive security background and experience have brought significant recognition and credibility to this program. In fact, SANS instructors are widely regarded as some of the best in the business, as are their security conferences and classes.
The SANS-GIAC program is built around three levels of training and exams, and all GIAC certifications require submission of a project (e.g., a research paper) in addition to passing one or more exams. Unlike some other programs, such as ISC2's (CISSP and SSCP) and TruSecure's (TICSA), completing some of these levels requires students to take SANS classes to be eligible to take related exams. Cynics might be tempted to view this requirement as a ploy to force students to pay for expensive training (classroom seats for SANS classes routinely cost $500 a day or more), but the certification has genuine value and is sought after enough to stymie such cynicism. That said, the three levels for the SANS-GIAC consist of the following:
Each of these levels of security training (and related certifications where they apply) is covered later in this article.
As you work your way through SANS various security courses and certifications, you'll encounter a veritable bowl of alphabet soup. Here are some expansions to help you decode most of what you'll see, along with definitions or explanations:
- SANS. The SysAdmin, Audit, Network, and Security (SANS) Institute is the training and certification company that created and maintains the GIAC security certification program.
- GIAC. The Global Information Assurance Certification grew out of a business entity called the Global Incident Advisory Center (confusingly enough, this also corresponds to the GIAC acronym). SANS established the center in 1999 in response to a White House request for a "quick response facility" that could collect data from security and networking professionals and then act as clearinghouse for information about security threats. When we use the acronym GIAC in this article, we mean the certification, not the advisory center. For those interested in the incident management side of security, the "old GIAC" still operates at a new Web site: http://isc.incidents.org/.
GIAC certification levels and exams match many of the courses that SANS offers at its conferences and events. To learn more about SANS conferences and instructor-led training, or a growing number of online class offerings, visit www.giac.org.