12/28/2019 GIAC Information Security Expert | GSE Certification

Login  

Certifications Exams Certified Professionals Programs Resources About

Security Certification: GSE

GIAC Security Expert (GSE) Certification

Overview and Target Audience | Prerequisites | Part 1: Entrance Exam | Part 2: Hands-On Lab
Application Process | Certification Objectives | Certification Renewal | Certified Professionals

2020 GSE Hands-On Lab Offerings:

Spring: March 26-27, 2020 in Arlington, VA – Waitlisted

Summer: June 25-26, 2020 in Arlington, VA
Fall: October 8-9, 2020 – Tentative

Please email gse@giac.org to reserve your spot!

Keep in mind we will do our best to accommodate your preference, but reservations are not
guaranteed until GIAC offers you an invitation to attend a specific GSE Lab offering.

GSE Overview and Target Audience

The GSE certification is the most prestigious credential in the IT Security industry. The exam was
developed by subject matter experts and top industry practitioners. The GSE's performance based,
hands-on nature sets it apart from any other certifications in the IT security industry. The GSE will
determine if a candidate has truly mastered the wide variety of skills required by top security
consultants and individual practitioners.

Knowledge in a particular area, Intrusion Detection or Incident Handling is both important and valuable.
Individuals who earn any of the GIAC certifications have worked hard, demonstrated essential technical
skill, and should rightfully take pride in their accomplishment. But individuals who make the effort to not
only learn, but to master all of the essential elements of information security belong in a very special
group. These individuals will be the elite of Information Security, the top practitioners in the field. Those
who pursue an in-depth technical education in all areas of information security are the target audience
for the GSE certification.

Top 

GSE Pre-requisites:
A. GSEC, GCIH, GCIA with two Gold
B. GSEC, GCIH, GCIA with one Gold and one substitute*
C. GSEC, GCIH, GCIA with no Gold and two substitutes*
D. GCWN, GCUX, GCIH, GCIA with one Gold
E. GCWN, GCUX, GCIH, GCIA with no Gold and one substitute*

GSE pre-requisite baseline is: GSEC, GCIH, GCIA with two Gold certifications. Information on Gold
papers can be found here.
The GSEC pre-requisite is unique because of dual Windows and Unix coverage.

Pre-requisite Substitution Options

1. GCWN & GCUX combined can act as a substitute for GSEC.

https://www.giac.org/certification/security-expert-gse 1/6
12/28/2019 GIAC Information Security Expert | GSE Certification
2. Advanced level GIAC certifications can act as substitutes for Gold papers. Visit the GIAC Certification
Roadmap for details.

In addition, you must have real world, hands-on experience in these subject areas. The GSE hands-on
examination ensures each candidate has a high-degree of competence in all certification objectives.

Top 

The GSE exam has two parts:

* Note to Candidates: Part 1 GSE Entrance Exam format and content has
th
changed as of July 7 , 2019. 

Any candidates preparing to sit for the GSE Entrance Exam after the Fall 2019 Lab offering will need to
pass the updated Part 1 GSE Entrance Exam.

Part 1: Entrance Exam:

The GSE Entrance Exam is a virtual machine, lab-based exam that must be scheduled and taken at a
Pearson VUE test site.

Passing this exam qualifies a candidate to sit for the two day on-site GSE practical lab.

Click here for instructions on How to Schedule Your GIAC Proctored Exam.

GSE Entrance Exam Elements

1 Proctored Exam with 24 VM-based Hands-On Questions
3-Hour Time Limit
Minimum Passing Score of 64%
Follows GIAC's Standard Retake Policy

GSE Entrance Exam Attempt

After your application has been approved your GSE Entrance certification attempt be activated in
your GIAC account.
You will have 120 days from the date of activation to complete your certification attempt.
The GSE Entrance Exam includes one (1) practice exam.

After successfully completing Part 1, you are eligible to sit for the Part 2 GSE on-site practical lab within
18 months. Failure to do complete Part 2 within 18 months will require you to complete the Part 1 GSE
Entrance Exam again.

GIAC expects GSE candidates to have an expert-level understanding of multiple facets of information
security. For this reason, the GSE objectives are intentionally broad. Aspiring GSEs are expected to
independently prioritize their study goals based on the published certification objectives.

A critical aspect of Lab preparation is having hands-on experience in these subject areas. The GSE
Entrance Exam ensures each candidate has a high degree of competence in all certification objectives.

The skills required to successfully pass the GSE entrance exam are comprised of three major skill
groups:

1. General Security skills

2. Incident Handling skills
3. Intrusion Detection and Analysis skills

During the GSE Entrance Exam, candidates will encounter a mix of Windows and Linux hosts in a series
of VM-based environments.

Virtual machines may have the below listed tools installed (not all tools are installed on every VM);
candidates are not limited to using these tools. Within the boundaries of the GIAC candidate agreement,
candidates may use any tools or techniques available in their current environment to achieve their
objectives.

Intrusion analysis tools: Snort, Wireshark, tshark, tcpdump, Scapy, Zeek (formerly Bro)
Password cracking tools: john, Cain
Enumeration: nmap, Zenmap

https://www.giac.org/certification/security-expert-gse 2/6
12/28/2019 GIAC Information Security Expert | GSE Certification
Identifying vulnerabilities: Spiderlabs responder, rpcclient, Metasploit, Scapy
General utilities: pico/vi/nano, netcat, ssh, gpg, iptables, Process Hacker, built-in command line tools

Part 2: Hands-On Lab:

Part 2 of the GSE Certification Attempt is a 2-day, in person, hands-on lab exam. The Lab is generally
offered twice each year, corresponding to national SANS conferences.

Day 1 consists of an incident response scenario requiring the candidate to analyze data and present
their results via written report.
Day 2 consists of a rigorous battery of hands-on exercises drawn from the domains listed below.

To reserve a seat for a GSE lab, you must have met the following requirements at least 45 days prior to
the lab date:

1. Successful completion of Part 1: Entrance Exam

2. Prior indication to gse@giac.org of your intention to attend a GSE Lab offering.
3. Full payment of the Lab registration fee

GSE Lab Cancellation policy (Effective as of Network Security 2017)

Due to limited GSE Lab seating capacity, cancellation of any approved registration for the GSE lab within
45 days prior to the start of the Lab will be subject to forfeiture of the full $2,579 lab fee. This fee must be
remitted prior to reserving a spot at a future lab offering.

Exceptions to Cancellation Policy may be made at GIAC's discretion based on documented reasons
involving a medical emergency, severe illness, death in the family, or military deployment/leave.

Retake of the GSE multiple choice exam may be necessary if a Lab cancellation results in surpassing
the 18-month eligibility window following your initial passing the GSE exam.

GIAC reserves the right to:

Require candidates who are unsuccessful in one domain of the GSE lab by a slim margin complete
additional work outside of the GSE lab before awarding any credential
Require any candidate to retake the entire lab
Change exam specifications at any time, up to 45 days prior to a scheduled Lab offering

GSE Lab Retake Policy - Candidates who fail the hands-on lab must wait one (1) year to be eligible for
another attempt. If you wish to retake prior to 1 year, you may apply for a waiver by submitting this form
to gse@giac.org.

The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3
attempt limit* on GSE lab attempts.

Top 

GSE Application Process

Once you have completed the necessary pre-requisites, you may apply
for the GSE Entrance Exam by clicking the Register Now button.
Once your application is reviewed and approved you may complete the registration process and pay
the $529 exam fee.
Upon passing the multiple choice exam, you will be eligible to attempt the GSE hands-on lab. The lab
fee is an additional $2,579.
Please allow up to 10 business days for application processing and approval.

Top 

GSE Certification Objectives

The skills required to successfully earn the GSE certification can be broken up into three major groups:

1. General security skills

2. Incident handling skills
3. Intrusion detection and analysis skills

https://www.giac.org/certification/security-expert-gse 3/6
12/28/2019 GIAC Information Security Expert | GSE Certification
During the GSE lab, GIAC will provide you a laptop with the following tools installed:

Windows 7 Professional
LibreOffice
VMWare Player
Wireshark
GPG4Win
The Putty SSH suite and WinSCP
Burp Suite
Notepad++
4. A virtual machine with a customized configuration of Kali Linux 2018.1, with included security tools.
We have also installed Snort, SiLK and Bro IDS.
You can find a list of standard tools included with Kali Linux here 

5. Virtual machines with Ubuntu Linux Server

To ensure a level playing field for all candidates, you will not be permitted to load data, software, or
electronic references onto the computer for the exam. We will provide external mice, but you will not be
permitted to attach additional peripherals (monitors, keyboards) to the candidate laptops. To complete
the exercises, you must exclusively use the tools and virtual machines provided by GIAC. Failure to
comply will result in dismissal from the examination.

The following is a partial list of some tools and techniques you can expect to encounter during GSE
exercises.

sniffers/IDS - wireshark, snort

Scanners - nmap, Nessus vulnerability scanning results
utilities - netcat, ssh, gpg, iptables
miscellaneous - metasploit, command line tools, and common attack techniques

All Exercises are Derived from the following General Objectives

Outcome - The GIAC promise is that holders of the GSE will have the
Objective
following capabilities.

IDS and Traffic Analysis Domain

Demonstrate competence with common IDS tools and techniques

Capture Traffic
for capturing traffic.

Demonstrate the ability to decipher the contents of packet

Analyze Traffic
capture headers.

Make correct judgments as to the nature of traffic to or from

Interpret Traffic
specific hosts in packet captures.

Demonstrate proficiency using common Open Source IDS tools

IDS Tools
including Snort, tcpdump, and Wireshark

Incident Handling Domain

IH Process Demonstrate mastery of the Incident Handling process.

Demonstrate a broad knowledge of computer and network

Common Attacks
attacks.

Demonstrate solid understanding of malware and how to handle

Malware
infected computers.

https://www.giac.org/certification/security-expert-gse 4/6
12/28/2019 GIAC Information Security Expert | GSE Certification

Preserving Evidence Demonstrate the ability to preserve evidence relevant to an

Incident investigation.

ITSEC Domain

Demonstrate general knowledge of Windows Security and

Windows Security
proficiency in a Windows environment.

Demonstrate knowledge of Unix Security and proficiency in a

Unix Security
Unix environment.

Demonstrate an understanding of basic cryptography principles,

Secure Communications
techniques, and tools.

Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS,

Protocols
and other common protocols.

Consistently demonstrate and practice bedrock security

Security Principles
principles.

Security Technologies Domain

Firewalls Demonstrate competence with firewalls.

Vulnerability Scanners, Demonstrate competence with scanning tools including

and Port Scanners vulnerability and port scanners.

Sniffers and Analyzers Demonstrate competence with Sniffers and Protocol Analyzers

Demonstrate competence with common tools including netcat,

Common Tools
SSH, Ettercap, p0f, etc...

Soft Skills Domain

Security Policy and Demonstrate an understanding of the security policy and

Business Issues business issues including continuity planning.

Information Warfare and Demonstrate an understanding of Information Warfare and Social

Social Engineering Engineering.

Demonstrate the ability to write quality technical reports or

Ability To Write
articles.

Demonstrate the ability to analyze complex problems that involve

Ability to Analyze
multiple domains and skills.

GSE Lab Retake Policy — A person who has unsuccessfully attempted the hands-on lab must wait one
(1) year before they are eligible for another attempt. If you wish to retake prior to 1 year, you may apply
for a waiver by filling out the following form and emailing it to gse@giac.org.

https://www.giac.org/certification/security-expert-gse 5/6
12/28/2019 GIAC Information Security Expert | GSE Certification
The price for each lab attempt is the same. Due to the hand-on nature of the GSE lab, there is a *3
attempt limit* on GSE lab attempts.

Top 

GSE Renewal
Renewing your GSE will renew all of your active GIAC certifications! The GSE is renewed every four
years by taking the current version of the GSE multiple choice exam. The GSE may not be renewed via
CPE's. At the time of registering for a GSE Renewal, you have the option to receive courseware books
for the SANS course corresponding to certifications you hold.

Top 

Certified Professionals
Click here to View GSE Professionals

Top 

Find a Professiona Go
Latest Tweets @CertifyGIAC

#GirlsGoCyberStart Registration is NOW Contact Us

open! Don't miss the [...]
December 27, 2019 - 4:16 PM Phone: 301-654-SANS(7267)
Mon-Fri: 9am-8pm ET (phone/email)
Wondering why you should pursue a Sat-Sun: 9am-5pm ET (email only)
#GIAC certification? Here' [...] Questions: info@giac.org
December 26, 2019 - 2:50 PM More »

To keep operations running smoothly,

enterprises still need [...]
December 23, 2019 - 9:54 PM

Certifications Exams Certified Professionals Resources About

© 2000 - 2019 GIAC
(ISC)2 and CISSP are registered marks of the International Information Systems Security Certification Consortium, Inc.

https://www.giac.org/certification/security-expert-gse 6/6