Global Information Assurance Certification

For the computer algebra system, see Giac (software).

Global Information Assurance Certification (GIAC) is an information security certification entity that specializes in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked by The Escal Institute of Advanced Technologies.

Global Information Assurance Certification
GIAC

Founded	1999
Type	for-profit
Focus	Cybersecurity, Information Security, Software Security
Area served	Worldwide
Services	Professional Certifications
Owner	SANS
Website	www.giac.org

GIAC provides a set of vendor-neutral computer security certifications linked to the training courses provided by the SANS. GIAC is specific to the leading edge technological advancement of IT security in order to keep ahead of "black hat" techniques. Papers written by individuals pursuing GIAC certifications are presented at the SANS Reading Room on GIAC's website.

In March 2021, GIAC introduced CyberLive, a new hands-on testing format that assesses real-world cybersecurity skills in a virtual environment, alongside its traditional multiple-choice exams.^[1]

In December 2024, GIAC has rebranded its long-standing certifications as Practitioner Certifications, which include well-known qualifications like the GIAC Certified Forensic Examiner (GCFE). These certifications are aimed at validating professionals' abilities in real-world work environments, making them suitable for newcomers to the field as well as seasoned practitioners looking to enhance their skills and responsibilities in cybersecurity. In addition to this reclassification, GIAC has launched its new Applied Knowledge Certifications, designed to elevate testing standards and challenge candidates to showcase their mastery through hands-on, CyberLive exams that assess both their knowledge and practical skills. To achieve the prestigious designations of GIAC Security Professional or GIAC Security Expert, candidates are required to earn both Practitioner and Applied Knowledge Certifications, reflecting a comprehensive proficiency in the field.^[2]

GIAC Practitioner Certifications

GIAC Practitioner Certifications are primarily based on individual SANS courses, providing a focused assessment of the skills and knowledge acquired from those specific training programs. As of November 2025, GIAC has organized its certifications into nine "Cyber Specialties." Below is the list of Practitioner Certifications arranged according to this categorization.

Cybersecurity Leadership, Artificial Intelligence (AI)

Code	Name	Associated SANS Course	Comments
GSLC	GIAC Security Leadership	LDR512
GCCC	GIAC Critical Controls Certification	SEC566
GSTRT	GIAC Strategic Planning, Policy, and Leadership	LDR514

Cybersecurity Leadership

Code	Name	Associated SANS Course	Comments
GCPM	GIAC Certified Project Manager
GLEG	GIAC Law of Data Security & Investigations
GCIL	GIAC Cyber Incident Leader	LDR553
GSNA	GIAC Systems and Network Auditor Certification
GISP	GIAC Information Security Professional Certification	LDR414

Cybersecurity and IT Essentials, Cyber Defense

Code	Name	Associated SANS Course	Comments
GSEC	GIAC Security Essentials	SEC401	CyberLive
GISF	GIAC Information Security Fundamentals	SEC301	CyberLive
GCED	GIAC Certified Enterprise Defender	SEC501

Cyber Defense, Artificial Intelligence (AI)

Code	Name	Associated SANS Course	Comments
GCIA	GIAC Certified Intrusion Analyst Certification	SEC503	CyberLive
GOSI	GIAC Open Source Intelligence Certification	SEC497
GSOC	GIAC Security Operations Certified	SEC450
GMON	GIAC Continuous Monitoring Certification	SEC511	CyberLive
GSOA	GIAC Strategic OSINT Analyst	SEC587	CyberLive
GMLE	GIAC Machine Learning Engineer	SEC595	CyberLive

Cyber Defense

Code	Name	Associated SANS Course	Comments
GCWN	GIAC Certified Windows Security Administrator
GPYC	GIAC Python Coder	SEC573
GCDA	GIAC Certified Detection Analyst	SEC555
GDSA	GIAC Defensible Security Architect Certification	SEC530
GFACT	GIAC Foundational Cybersecurity Technologies	SEC275
GDAT	GIAC Defending Advanced Threats	SEC599
GSOM	GIAC Security Operations Manager Certification	LDR551

Offensive Operations, Pen Testing, and Red Teaming

Code	Name	Associated SANS Course	Comments
GPEN	GIAC Penetration Tester Certification	SEC560	CyberLive
GXPN	GIAC Exploit Researcher and Advanced Penetration Tester	SEC660	CyberLive
GRTP	GIAC Red Team Professional	SEC565	CyberLive
GEVA	GIAC Enterprise Vulnerability Assessor Certification
GAWN	GIAC Assessing and Auditing Wireless Networks	SEC617
GWAPT	GIAC Web Application Penetration Tester	SEC542	CyberLive
GMOB	GIAC Mobile Device Security Analyst	SEC575

Offensive Operations, Pen Testing, and Red Teaming, Cloud Security, Artificial Intelligence (AI)

Code	Name	Associated SANS Course	Comments
GCPN	GIAC Cloud Penetration Tester	SEC588

Artificial Intelligence (AI)

Code	Name	Associated SANS Course	Comments
GOAA	GIAC Offensive AI Analyst	SEC535	CyberLive

Digital Forensics, Incident Response & Threat Hunting, Artificial Intelligence (AI)

Code	Name	Associated SANS Course	Comments
GASF	GIAC Advanced Smartphone Forensics Certification	FOR585
GIME	GIAC iOS and macOS Examiner	FOR518

Digital Forensics, Incident Response & Threat Hunting

Code	Name	Associated SANS Course	Comments
GCFE	GIAC Certified Forensic Examiner	FOR500	CyberLive
GEIR	GIAC Enterprise Incident Response	FOR608	CyberLive
GCFR	GIAC Cloud Forensics Responder	FOR509	CyberLive
GREM	GIAC Reverse Engineering Malware Certification	FOR610	CyberLive
GLIR	GIAC Linux Incident Responder	FOR577	CyberLive
GCFA	GIAC Certified Forensic Analyst	FOR508	CyberLive
GNFA	GIAC Network Forensic Analyst	FOR572	CyberLive
GCTI	GIAC Cyber Threat Intelligence	FOR578	CyberLive
GBFA	GIAC Battlefield Forensics and Acquisition	FOR498

Cloud Security, Artificial Intelligence (AI)

Code	Name	Associated SANS Course	Comments
GPCS	GIAC Public Cloud Security	SEC510
GCTD	GIAC Cloud Threat Detection	SEC541

Cloud Security

Code	Name	Associated SANS Course	Comments
GCLD	GIAC Cloud Security Essentials Certification	SEC502
GCSA	GIAC Cloud Security Automation	SEC540
GCAD	GIAC Cloud Security Architecture and Design	SEC549
GWEB	GIAC Certified Web Application Defender	SEC522

Industrial Control Systems Security

Code	Name	Associated SANS Course	Comments
GICSP	Global Industrial Cyber Security Professional Certification	ICS410	CyberLive
GCIP	GIAC Critical Infrastructure Protection Certification	ICS456
GRID	GIAC Response and Industrial Defense	ICS515

Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Digital Forensics, Incident Response & Threat Hunting

Code	Name	Associated SANS Course	Comments
GCIH	GIAC Certified Incident Handler Certification	SEC504	CyberLive

GIAC Applied Knowledge Certifications

Unlike the "classic" Practitioner Certifications from GIAC, the Applied Knowledge Certifications are based on a broader range of training and expert knowledge. They provide a more comprehensive evaluation of candidates' skills across various topics rather than focusing mostly on dedicated SANS training.

Code	Name	Associated SANS Courses	Status
GX-FE	GIAC Experienced Forensics Expert	FOR500 (Primary fit course), FOR498, FOR508, FOR608
GX-CS	GIAC Experienced Cybersecurity Specialist	SEC401 (Primary fit course), SEC503, FOR508, SEC560, SEC542, SEC599, SEC501, FOR500, SEC660
GX-FA	GIAC Experienced Forensic Analyst	FOR508 (Primary fit course), FOR498, FOR500, FOR501, FOR503, FOR504, FOR509, FOR572, FOR608, FOR610
GX-IA	GIAC Experienced Intrusion Analyst	SEC503 (Primary fit course), FOR572, SEC530, SEC450, SEC511, SEC573
GX-IH	GIAC Experienced Incident Handler	SEC504 (Primary fit course), SEC450, SEC501, SEC503, SEC560, FOR610, FOR508, FOR500
GX-PT	GIAC Experienced Penetration Tester	SEC560 (Primary fit course), SEC401, SEC501, SEC503, SEC504, SEC542, SEC565, SEC580, SEC617, SEC660, SEC670, SEC760

Unavailable or retired GIAC certifications

Unavailable certifications

The following certifications are not found on the GIAC website and are not listed as retired:

• GIAC Secure Internet Presence (GSIP)
• GIAC Security Audit Essentials (GSAE)
• GIAC Certified ISO-17799 Specialist (G7799)
• GIAC Certified Security Consultant (GCSC)

Retired certifications

As of November 2025, GIAC lists the following certifications as retired:^[3]

• GIAC .NET (GNET)
• GIAC Certified Incident Manager (GCIM)
• GIAC Certified ISO-27000 Specialist (G2700)
• GIAC Secure Software Programmer-C (GSSP-C)
• GIAC Securing Oracle Certified (GSOC)
• GIAC Secure Software Programmer-.net (GSSP-.net)
• GIAC Secure Software Programmer-Java (GSSP-Java)
• GIAC Perimeter Protection Analyst (GPPA)
• GIAC UNIX Security Administrator (GCUX)

External links

• Official website