- Roadmap
- Steps To
- Comparing
- Security Admin
- Management
- Operations
- Audit
- Legal
- Software Security
- GSE-Malware
- GSE-Compliance
- GSE
- DoD 8570
Special congratulations to Pieter Danhieux and Brandon Greenwood who achieved the GSE certification in Las Vegas after three days of rigorous testing.
Very special congratulations to Craig Wright who is the first person ever to receive the GSE-Compliance (see http://www.giac.org/certifications/gse-compliance.php). These three men have proved themselves to be the cream of the crop in IT Security. We need more like them. There are not nearly enough white hats at this level in the security industry. Business leader's often ask us where they can find GSE's and to put it simply, we just don't have that many. If you are interested in attempting the GSE in 2008, please write us at gse@giac.org.
The GSE exam is by far the most rigorous and demanding hands exam in the IT Security industry, period. The current exam was developed by some of the top practitioners in the industry. Its performance based, hands-on nature make it unique in the IT Security industry. In three days of testing the GSE process will determine if a candidate has truly mastered the wide variety of skills required by top security consultants and individual practitioners. Day 1 of GSE testing consists of a rigorous battery of hands on exercises drawn from all of the domains listed below. Day 2 consists of on Incident Response Scenario that requires the candidate to analyze data and report their results in a written incident report as well as an oral report. Day 3 of GSE testing consists of 200 multiple choice exam questions from all the domains defined below.
Before a person can attempt the GSE, they must successfully complete three GIAC certifications (GSEC, GCIA and GCIH) with GIAC Gold in at least two. In addition, you must demonstrate a minimum level of performance and undergo a personal interview to qualify. We recommend that your average score on previous GIAC certifications at least 85% or higher, before even attempting the GSE.
NOTE: Do not expect that success on GSEC, GCIH, and GCIA examinations will necessarily translate to success on the GSE. The afore mentioned certifications are only prerequisites. The GSE is a hands on certification based on the objectives below. The GSE examination ensure each credentialed individual has a high-degree of competence on each of the objectives listed below.
If you are ready to sit for the GSE exam you will need the following:
- A Windows laptop with at least 1.5 GB of RAM, at least two USB ports, an 802.11b/g wireless card and a 10/100 Ethernet port.. The laptop must be capable of running at least two virtual machines simultaneously. You should have administrative privileges on the laptop with the ability to disable any corporate firewalls or antivirus software. Do not use a corporate laptop with any sensitive information as the testing environment may be hostile to computers.
- VMWare player 2.0
We will also provide a virtual network of targets and other machines needed to complete the exercises hosted on our servers. We will provide a USB drive with the virtual machines and tools needed to complete the hands on portion of the exercises including the following:
- Backtrack version 1
- Fedora Core 4
- Windows 2000 Server
To ensure a level playing field for all candidates, you will not be permitted to use any pre-installed favorite tools that you may have on your laptop. To complete the exercises you must exclusively use the tools and virtual machines provided by GIAC. Failure to comply will result in dismissal from the examination.
The following is a partial list of some tools and techniques you can expect to encounter during GSE exercises.
- sniffers/IDS - wireshark/snort
- scanners - nmap/nessus
- utilities - netcat, ssh, gpg, iptables
- misc - metasploit, command line tools, and common attack techniques
All exercises are derived from the following general objectives
| Objective | Outcome - The GIAC promise is that holders of the GSE will have the following capabilities. |
|---|---|
| IDS and Traffic Analysis Domain | |
| Capture Traffic | Demonstrate competence with common IDS tools a techniques for capturing traffic. |
| Analyze Traffic | Demonstrate the ability to decipher the contents of packet capture headers. |
| Interpret Traffic | Make correct judgments as to the nature of traffic to or from specific hosts in packet captures. |
| IDS Tools | Demonstrate proficiency using common Open Source IDS tools including Snort, tcpdump, and Ethereal |
| Incident Handling Domain | |
| IH Process | Demonstrate mastery of the Incident Handling process. |
| Common Attacks | Demonstrate a broad knowledge of computer and network attacks. |
| Malware | Demonstrate solid understanding of malware and how to handle infected computers. |
| Preserving Evidence | Demonstrate the ability preserve evidence relevant to an Incident investigation. |
| ITSEC Domain | |
| Windows Security | Demonstrate general knowledge of Windows Security and proficiency in a Windows environment. |
| Unix Security | Demonstrate knowledge of Unix Security and proficiency in a Unix environment. |
| Secure Communications | Demonstrate an understanding of basic cryptography principles, techniques, and tools. |
| Protocols | Demonstrate a solid understanding of TCP/IP, UDP, ICMP, DNS, and other common protocols. |
| Security Principles | Consistently demonstrate and practice bedrock security principles. |
| Security Technologies Domain | |
| Firewalls | Demonstrate competence with firewalls. |
| Vulnerability Scanners, and Port Scanners | Demonstrate competence with scanning tools including vulnerability and port scanners. |
| Sniffers and Analyzers | Demonstrate competence with Sniffers and Protocol Analyzers |
| Common Tools | Demonstrate competence with common tools including netcat, SSH, Ettercap, p0f, etc... |
| Soft Skills Domain | |
| Security Policy and Business Issues | Demonstrate an understanding of the security policy and business issues including continuity planning. |
| Information Warfare and Social Engineering | Demonstrate an understanding of Information Warfare and Social Engineering. |
| Ability To Write | Demonstrate the ability to write quality technical reports or articles. |
| Ability to Present | Demonstrate the ability to successfully present their research to an audience of their peers. |
| Ability to Analyze | Demonstrate the ability to analyze complex problems that involve multiple domains and skills. |
| Teamwork | Demonstrate the ability to work with team members who are taking the same exam. |
Note: Specific versions of tools, operating systems, and objectives are subject to change without prior notice.
Certified Professionals
Those who pursue an in-depth technical education in all areas of information security are the target audience for the GSE certification. Knowledge in a particular area, Intrusion Detection or Incident Handling are both important and valuable. Individuals who earn any of the GIAC certifications have worked hard, demonstrated essential technical skill, and should rightfully take pride in their accomplishment. But individuals who make the effort to not only learn, but to master all of the essential elements of information security belong in a very special group. These individuals will be the elite of Information Security, the top practitioners in the field. Candidates who receive and maintain all of the GSE track certifications*, earn gold status in at least 2 certifications are eligible to sit for the GIAC Security Expert (GSE) certification.
GIAC Testing and Certification offers individuals the opportunity to demonstrate their comprehensive and real world knowledge through intensive testing subject areas including Information Security, Intrusion Detection and Incident Handling. The SANS Institute offers training to prepare you for these certifications through conferences and other learning opportunities.
-
- Cert Type
- Analyst
- Name
- Issued
-
- GSE
- 1
- John Jenkinson
- Mar 01, 2003
-
- GSE
- 2
- Lenny Zeltser
- Mar 01, 2003
-
- GSE
- 3
- Raul Siles
- Aug 01, 2005
-
- GSE
- 4
- David Perez
- Aug 01, 2005
-
- GSE
- 5
- Jorge Ortiz
- Aug 01, 2005
-
- GSE
- 6
- Ricky Smith
- Oct 01, 2006
-
- GSE
- 7
- Kevin Bong
- Oct 01, 2006
-
- GSE
- 8
- Jared McLaren
- Oct 01, 2006
-
- GSE
- 9
- Stephen Sims
- Oct 01, 2006
-
- GSE
- 10
- Brandon Greenwood
- Sep 27, 2007
-
- GSE
- 11
- Pieter Danhieux
- Sep 27, 2007
