Professional Documents
Culture Documents
Login
Overview and Target Audience | Prerequisites | Part 1: Entrance Exam | Part 2: Hands-On Lab
Application Process | Certification Objectives | Certification Renewal | Certified Professionals
Keep in mind we will do our best to accommodate your preference, but reservations are not
guaranteed until GIAC offers you an invitation to attend a specific GSE Lab offering.
Knowledge in a particular area, Intrusion Detection or Incident Handling is both important and valuable.
Individuals who earn any of the GIAC certifications have worked hard, demonstrated essential technical
skill, and should rightfully take pride in their accomplishment. But individuals who make the effort to not
only learn, but to master all of the essential elements of information security belong in a very special
group. These individuals will be the elite of Information Security, the top practitioners in the field. Those
who pursue an in-depth technical education in all areas of information security are the target audience
for the GSE certification.
Top
GSE Pre-requisites:
A. GSEC, GCIH, GCIA with two Gold
B. GSEC, GCIH, GCIA with one Gold and one substitute*
C. GSEC, GCIH, GCIA with no Gold and two substitutes*
D. GCWN, GCUX, GCIH, GCIA with one Gold
E. GCWN, GCUX, GCIH, GCIA with no Gold and one substitute*
GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two Gold certifications. Information on Gold
papers can be found here.
The GSEC pre-requisite is unique because of dual Windows and Unix coverage.
https://www.giac.org/certification/security-expert-gse 1/6
12/28/2019 GIAC Information Security Expert | GSE Certification
2. Advanced level GIAC certifications can act as substitutes for Gold papers. Visit the GIAC Certification
Roadmap for details.
In addition, you must have real world, hands-on experience in these subject areas. The GSE hands-on
examination ensures each candidate has a high-degree of competence in all certification objectives.
Top
* Note to Candidates: Part 1 GSE Entrance Exam format and content has
th
changed as of July 7 , 2019.
Any candidates preparing to sit for the GSE Entrance Exam after the Fall 2019 Lab offering will need to
pass the updated Part 1 GSE Entrance Exam.
The GSE Entrance Exam is a virtual machine, lab-based exam that must be scheduled and taken at a
Pearson VUE test site.
Passing this exam qualifies a candidate to sit for the two day on-site GSE practical lab.
Click here for instructions on How to Schedule Your GIAC Proctored Exam.
After successfully completing Part 1, you are eligible to sit for the Part 2 GSE on-site practical lab within
18 months. Failure to do complete Part 2 within 18 months will require you to complete the Part 1 GSE
Entrance Exam again.
GIAC expects GSE candidates to have an expert-level understanding of multiple facets of information
security. For this reason, the GSE objectives are intentionally broad. Aspiring GSEs are expected to
independently prioritize their study goals based on the published certification objectives.
A critical aspect of Lab preparation is having hands-on experience in these subject areas. The GSE
Entrance Exam ensures each candidate has a high degree of competence in all certification objectives.
The skills required to successfully pass the GSE entrance exam are comprised of three major skill
groups:
During the GSE Entrance Exam, candidates will encounter a mix of Windows and Linux hosts in a series
of VM-based environments.
Virtual machines may have the below listed tools installed (not all tools are installed on every VM);
candidates are not limited to using these tools. Within the boundaries of the GIAC candidate agreement,
candidates may use any tools or techniques available in their current environment to achieve their
objectives.
Intrusion analysis tools: Snort, Wireshark, tshark, tcpdump, Scapy, Zeek (formerly Bro)
Password cracking tools: john, Cain
Enumeration: nmap, Zenmap
https://www.giac.org/certification/security-expert-gse 2/6
12/28/2019 GIAC Information Security Expert | GSE Certification
Identifying vulnerabilities: Spiderlabs responder, rpcclient, Metasploit, Scapy
General utilities: pico/vi/nano, netcat, ssh, gpg, iptables, Process Hacker, built-in command line tools
Part 2 of the GSE Certification Attempt is a 2-day, in person, hands-on lab exam. The Lab is generally
offered twice each year, corresponding to national SANS conferences.
Day 1 consists of an incident response scenario requiring the candidate to analyze data and present
their results via written report.
Day 2 consists of a rigorous battery of hands-on exercises drawn from the domains listed below.
To reserve a seat for a GSE lab, you must have met the following requirements at least 45 days prior to
the lab date:
Due to limited GSE Lab seating capacity, cancellation of any approved registration for the GSE lab within
45 days prior to the start of the Lab will be subject to forfeiture of the full $2,579 lab fee. This fee must be
remitted prior to reserving a spot at a future lab offering.
Exceptions to Cancellation Policy may be made at GIAC's discretion based on documented reasons
involving a medical emergency, severe illness, death in the family, or military deployment/leave.
Retake of the GSE multiple choice exam may be necessary if a Lab cancellation results in surpassing
the 18-month eligibility window following your initial passing the GSE exam.
Require candidates who are unsuccessful in one domain of the GSE lab by a slim margin complete
additional work outside of the GSE lab before awarding any credential
Require any candidate to retake the entire lab
Change exam specifications at any time, up to 45 days prior to a scheduled Lab offering
GSE Lab Retake Policy - Candidates who fail the hands-on lab must wait one (1) year to be eligible for
another attempt. If you wish to retake prior to 1 year, you may apply for a waiver by submitting this form
to gse@giac.org.
The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3
attempt limit* on GSE lab attempts.
Top
Top
https://www.giac.org/certification/security-expert-gse 3/6
12/28/2019 GIAC Information Security Expert | GSE Certification
During the GSE lab, GIAC will provide you a laptop with the following tools installed:
Windows 7 Professional
LibreOffice
VMWare Player
Wireshark
GPG4Win
The Putty SSH suite and WinSCP
Burp Suite
Notepad++
4. A virtual machine with a customized configuration of Kali Linux 2018.1, with included security tools.
We have also installed Snort, SiLK and Bro IDS.
You can find a list of standard tools included with Kali Linux here
To ensure a level playing field for all candidates, you will not be permitted to load data, software, or
electronic references onto the computer for the exam. We will provide external mice, but you will not be
permitted to attach additional peripherals (monitors, keyboards) to the candidate laptops. To complete
the exercises, you must exclusively use the tools and virtual machines provided by GIAC. Failure to
comply will result in dismissal from the examination.
The following is a partial list of some tools and techniques you can expect to encounter during GSE
exercises.
Outcome - The GIAC promise is that holders of the GSE will have the
Objective
following capabilities.
https://www.giac.org/certification/security-expert-gse 4/6
12/28/2019 GIAC Information Security Expert | GSE Certification
ITSEC Domain
Sniffers and Analyzers Demonstrate competence with Sniffers and Protocol Analyzers
GSE Lab Retake Policy — A person who has unsuccessfully attempted the hands-on lab must wait one
(1) year before they are eligible for another attempt. If you wish to retake prior to 1 year, you may apply
for a waiver by filling out the following form and emailing it to gse@giac.org.
https://www.giac.org/certification/security-expert-gse 5/6
12/28/2019 GIAC Information Security Expert | GSE Certification
The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3
attempt limit* on GSE lab attempts.
Top
GSE Renewal
Renewing your GSE will renew all of your active GIAC certifications! The GSE is renewed every four
years by taking the current version of the GSE multiple choice exam. The GSE may not be renewed via
CPE's. At the time of registering for a GSE Renewal, you have the option to receive courseware books
for the SANS course corresponding to certifications you hold.
Top
Certified Professionals
Click here to View GSE Professionals
Top
Find a Professiona Go
Latest Tweets @CertifyGIAC
https://www.giac.org/certification/security-expert-gse 6/6