GIAC Cybersecurity Certification Categories: Practitioner and Applied Knowledge

GIAC offers two categories of stackable certifications to meet the needs of all different cybersecurity professionals.

December 6, 2024

This blog was originally published on May 1, 2023 and updated on December 6, 2024.

GIAC’s new certification journey is here! GIAC recently introduced new certifications, all-new certification categories, and portfolios to give cybersecurity professionals the flexibility to chart their own course toward career success.

Along with these new options for certification, there have been a few changes to the GIAC certifications you already know, so let’s break it all down.

GIAC Practitioner Certifications

The GIAC certifications you have known for years are now being referred to as Practitioner Certifications. For example, the long-popular certification GIAC Certified Forensic Examiner (GCFE) will now fall under this Practitioner Certifications category. GIAC Practitioner exams are designed to validate a practitioner’s abilities and likelihood of success in a real-world work environment.

Practitioner certifications are ideal for those just starting their certification journey, those in the field seeking to add to their responsibilities in security and continuing down the path to earn a portfolio of certifications (more to come on that...) and become certified as a GIAC Security Professional or GIAC Security Expert.

Besides the new Practitioner categorization, these certifications remain otherwise the same as you’ve always known them. GIAC currently offers 40+ Practitioner Certifications spanning the breadth of infosec focus areas and specializations, and that list will continue to grow as the field continues to rapidly evolve.

NEW! GIAC Applied Knowledge Certifications

GIAC’s Applied Knowledge Certifications are brand new and take testing to the next level. These Applied Knowledge exams are designed to be particularly challenging, signaling that those who have earned one are truly masters in a particular subject.

Intended to provide a more comprehensive and rigorous assessment of knowledge and skills, GIAC Applied Knowledge certifications are 100% CyberLive exams, which means they are hands-on, allowing testers to demonstrate they have acquired and understand how to apply practical skills.

Earning both a set of Applied Knowledge certs and a set of Practitioner certs is required if you want to reach the ultimate designations of GIAC Security Professional or GIAC Security Expert.

The questions on the GX–IH challenged me, like I experience in my consulting work every day. It's hard to imagine a more real-world exam. –Josh Wright, SANS Author & Fellow

Who Applied Knowledge Certifications Are For

These Applied Knowledge exams are meant to be challenging, and they won’t be right for everyone. They are more difficult than even the hardest GIAC Practitioner exams. Because these new certification exams test your skills at a higher level and require you to apply technical expertise and hands-on experience to solve complex security scenarios, only the most studied and prepared individuals should pursue an Applied Knowledge certification.

To help you determine if you’re indeed ready for an Applied Knowledge exam, take a look at some of the hypothetical exam taker profiles GIAC put together.

I'm proud of all my certs, but the satisfaction I felt after passing the GX-CS exam was nothing like I had felt after any prior cert or exam. These exams will test your mettle! – Bryan E. Simon, President of Xploit Security Inc., SANS Senior Instructor/Author

The GIAC Applied Knowledge Certifications

GIAC now offers six Applied Knowledge Certifications, with three new certifications recently added to the lineup, the GX-FA, GX-FE, and GX-PT. Additional certifications are planned to roll out regularly, ensuring professionals have access to the latest hands-on validation of cybersecurity skills.

GIAC Experienced Forensic Analyst Certification

(GX-FA)

The GIAC Experienced Forensic Analyst (GX-FA) candidate will perform work on a Windows 10 SIFT workstation which includes a WSL Ubuntu shell containing the SANS SIFT Linux distribution. The host has a variety of GUI based and command line utilities for use during the exam including but not limited to tools for Windows forensics artifact processing and analysis, image mounting and volatile memory analysis.

GIAC Experienced Forensics Expert

(GX-FE)

The GIAC Experienced Forensic Examiner (GX-FE) demonstrates that a candidate is qualified for a hands-on Windows forensic analyst role. Certification holders will have validated their ability to analyze a Windows host to uncover evidence that proves a user performed a particular activity on the device.

GIAC Experienced Penetration Tester Certification

(GX-PT)

The GIAC Experienced Penetration Tester (GX-PT) Certification demonstrates that a candidate is qualified for hands-on red and purple-team penetration testing roles that require advanced skills, thorough comprehension of pentesting methods and approaches, and the ability to think critically in a time-restricted situation. Certification holders will validate their ability to map networks, identify vulnerabilities, and exploit hosts in various environments through a diverse set of tasks.

Affiliate Training - FOR508 (Primary fit course), FOR498, FOR500, FOR501, FOR503, FOR504, FOR509, FOR572, FOR608, FOR610

Learn More

Affiliate Training – FOR500 (Primary fit course), FOR498, FOR508, FOR608

Learn More

Affiliate Training – SEC560 (Primary fit course), SEC401, SEC501, SEC503, SEC504, SEC542, SEC565, SEC580, SEC617, SEC660, SEC670, SEC760

Learn More

GIAC Experienced Cybersecurity Specialist Certification

(GX-CS)

The GIAC Experienced Cybersecurity Specialist Certification (GX-CS) further demonstrates that a candidate is qualified for hands-on IT systems roles. Certification holders will validate their ability to solve complex multifaceted problems through new and diversified security practices and tasks.

GIAC Experienced Intrusion Analyst Certification

(GX-IA)

The GIAC Experienced Intrusion Analyst Certification (GX-IA) further demonstrates that a candidate is qualified to solve complex and unique challenges that Intrusion Analysts encounter. Certification holders will validate their ability to solve multi-step problems through incorporating various concepts and methodologies to identify malicious activity.

GIAC Experienced Incident Handler Certification

(GX-IH)

The GIAC Experienced Incident Handler Certification (GX-IH) further demonstrates a candidate’s superior incident response skills. Mastery of hands-on attacker techniques combined with incident response tools and practices validate that certification holders have the skills and knowledge to take teams to the next level.

Affiliate Training - SEC401 (Primary fit course), SEC503, FOR508, SEC560, SEC542, SEC599, SEC501, FOR500, SEC660

Learn more

Affiliate Training - SEC503 (Primary fit course), FOR572, SEC530, SEC450, SEC511  

Learn more

Affiliate Training - SEC504 (Primary fit course), SEC450, SEC501, SEC503, SEC560, FOR610, FOR508, FOR500 

Learn more

The GX-CS exam questions are amazingly well designed–they require the candidate to combine and chain several actions, demonstrating not only usage of tools, but also understanding and real-world applicability. – Bojan Zdrnja, Chief Technical Officer INFIGO IS, SANS Certified Instructor

How to Prepare: Practitioner vs. Applied Knowledge

Each GIAC certification category has different approaches to prepare for success.

Practitioner

The best way to prepare for any GIAC Practitioner exam has always been and continues to be completing the affiliate training course and GIAC practice tests.

Applied Knowledge

Unlike the traditional GIAC Practitioner exams, preparation for GIAC Applied Knowledge exams is not directly linked to a specific affiliate training course.

To prepare for an Applied Knowledge certification, GIAC recommends that candidates review the content within the “primary fit” affiliate training course, which is noted in the above table.

While studying materials from related affiliate courses is recommended, candidates should not rely on this course alone. Along with content and labs included in the primary fit training course, candidates should review the “Areas Covered” list found on each Applied Knowledge certification webpage (see GX-CS as an example). You should focus on the exam objectives provided to guide your study.

A set of three demo questions are available for purchase to help you understand the intensity of the exam. Work experience will also be key for equipping candidates for success on these exams.

For more details on how to prepare for Applied Knowledge exams, head to the GIAC website.

Stack Your Practitioner and Applied Knowledge Certifications to Build a Portfolio

Earning a Practitioner and/or Applied Knowledge certification is just the start of your journey. We’ll cover GIAC Certification Portfolios in more detail in a later blog, but the key takeaway here is that this new certification journey is based on the idea of benefits that skill stacking produces – making work more rewarding, increasing your value as an employee, and making people better learners, to name just a few.

Eager to learn more about these portfolios now before our next blog? Check out our website for all the details on the GSP and the GSE.

Apply Your Skills Today, Grow Your Career

There are more noteworthy developments on the horizon for GIAC cybersecurity certifications, but you don’t need to wait to get started. These six Applied Knowledge certifications are available for registration today, so start exploring the subject matter available on the GIAC website and consider which area you want to prove your mastery in first.

Learn more about GIAC’s new certification journey today and take your first step.