homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Free Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Free Training & Resources
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
      • Leadership Courses
      • Executive Cybersecurity Exercises
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
      • Webcasts Listings
      • Live Streams
        • Wait Just An Infosec
        • Cybersecurity Leadership
        • SANS Threat Analysis Rundown (STAR)
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
        • Blueprint
        • Trust Me, I'm Certified
        • Cloud Ace
        • Wait Just an Infosec
      • Summit Presentations
      • Posters & Cheat Sheets
    • Internet Storm Center
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
      • Open-Source Intelligence (OSINT)
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • Brazil
    • France
    • Japan
    • United Kingdom
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Explore the Value of GIAC Cloud Security and Penetration Testing Certifications
giac-logo-8.png
GIAC Certifications

Explore the Value of GIAC Cloud Security and Penetration Testing Certifications

Eighty two percent of organizations prefer hiring candidates with certifications — from cloud security to penetration testing, and far beyond.

October 18, 2022

As part of its Cybersecurity Week 2022, CRN recently listed the top 10 cybersecurity certifications, and two GIAC certifications made the list: GIAC Cloud Security Essentials (GCLD) and GIAC Cloud Penetration Tester (GCPN).


"Before I was GIAC certified, when I would interview for a role, I would get grilled over so many foundational topics as they tried to see how to stump me. I feel now that I am certified that the whole ‘Trust Me, I'm Certified’ actually does exist and I was able to land my dream role thanks to the skills and knowledge I've learned via taking SANS courses and passing GIAC exams."

Nate Gonzalez, GSEC, GCIH



Certifying to Stay Current

Both GIAC certifications that CRN named have to do with cloud environments, which is not overly surprising, seeing as how cloud infrastructure has been exploding in use over the past decade. Organizations need skilled personnel capable of defending these cloud systems. Additionally, the fact that the GIAC Cloud Penetration Tester (GCPN) certification made the list points to organizations making a move toward more proactive approaches to security. Not only do organizations need practitioners to defend their cloud systems, but they increasingly need infosec professionals capable of offensive security tactics, identifying vulnerabilities proactively so that they can be resolved prior to a security incident or breach taking place.

GIAC Director of Technology Jeff Pike told CRN that the GCLD certification is the “gateway” to more advanced security training. It covers the essentials of cloud security from a vendor-

neutral perspective, while touching on the three major cloud platforms – Azure, AWS, GCP. Just because it is an “essentials” certification does not mean you should think of it as a simple one to attain. “It’s not easy,” Pike said. “It’s broad (in scope), but it definitely gets into the details.”

The GCPN certification, writes CRN, is all about security tactics in the cloud like “testing customers’ security measures in a form of ‘red teaming’ and other methods”. The GCPN certification validates a practitioner’s ability to conduct cloud-focused penetration testing and assess the security of systems, networks, architecture, and cloud technologies.


"I don't get certs to impress anyone else. I do it for me. I'll get out of my defender comfort zone and conquer that fear of 'What if I'm not good enough?'"

Danny Akacki, GPEN



Proving You’re a Hacker with a Heart of Gold

While attaining cybersecurity certifications is a worthy endeavor for practitioners across all areas of focus and specialties, offensive operations areas of practice like penetration testing offers a golden example that makes it easy to see the value clearly.

“Penetration testing is a lot like hacking,” writes Mae Rice for Built In. “Both involve scanning devices, software, and wireless networks for tiny security vulnerabilities. The only difference is the underlying intentions: penetration testers work for tech companies, reporting any cybersecurity issues so they can get patched. Hackers intend to hack, and penetration testers intend to help.”

Because the line between hackers and penetration testers can often be blurry, certifications can be key to demonstrating practical ability and overcoming trust issues from potential employers.


"The most valuable thing to me about being GIAC certified is that fellow infosec professionals recognize that the knowledge associated with the cert is there. GIAC certs and exams aren't exercises in rote memorization."

Nick R.



Top Penetration Testing Certs

Built In identified the top 12 penetration testing certifications, and we’re proud to say that seven of those 12 are GIAC Certifications—ranging from general to hyper-specialized. Those certifications are:

  1. GIAC Certified Incident Handler (GCIH) – This certification exam covers penetration testing fundamentals as well as security strategies. It requires you to understand how denial-of-service and client attacks work, popular attack modes, and specific tools and techniques used to execute them.
  2. GIAC Enterprise Vulnerability Assessor (GEVA) – Enterprise IT systems have a size, scale, and activity level that require specific and unique assessment methods. This certification exam focuses on methods such as network scanning and PowerShell scripting, as well as vulnerability assessment frameworks for such environments.
  3. GIAC Assessing and Auditing Wireless Networks (GAWN) – Achieving this certification means that you are capable of exploiting even slight gaps in wireless network security with attacks like fuzzing, Bluetooth, and high-frequency RFID.
  4. GIAC Mobile Device Security Analyst (GMOB) – This penetration testing certification is focused on the ever-evolving mobile device field and requires exam takers to understand how hackers unlock and root mobile devices on the variety of different operating systems that exist. To achieve this certification, you’ll also need to know how to protect data on stolen and malware-infected devices.
  5. GIAC Web Application Penetration Tester (GWAPT) – Attacks geared toward responsive web apps often include cross-site request forgery, client injections, and authentication attacks. Testers need to know not only about these possible attacks but also the related penetration testing techniques.
  6. GIAC Certified Penetration Tester (GPEN) – Emphasizing process, this certification focuses on general penetration testing expertise and covers three key stages of an exploit: reconnaissance, attack, and escalation. Specific attack styles covered on the exam include password attacks and web application injection attacks.
  7. GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) – Advanced penetration testing techniques like fuzzing, shellcode scripting, and exploiting stack overflows are covered in this certification. Not only will the exam focus on network exploits and attacks on Windows and Linux systems, but it will also touch on the ability of pen testers to communicate to the business the value of what they do.

"GIAC certified individuals know how to use the same tools and techniques that attackers do, learn to think like an attacker and protect from them."
@shabiKurumbadi



What’s More…

GIAC certifications are listed as preferred qualifications on thousands of job postings around the world. Not only do infosec practitioners recognize the significance of achieving our certifications, but so do hiring managers. The know that GIAC certifications are a guarantee of critical skill mastery.

Explore other reasons to become GIAC certified today and find your next cybersecurity area to attain certified mastery here.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Cloud Security
  • Penetration Testing and Red Teaming

Related Content

Blog
SANS_-_Blog_-_The_Vulnerability_Assessment_Framework_-_340x340_Thumb.jpg
Penetration Testing and Red Teaming
May 5, 2023
The Vulnerability Assessment Framework: Stop Inefficient Patching Now and Transform Your Vulnerability Management
Vulnerabilities don’t matter! Patching is terrible! Prove me wrong!
370x370_Matthew-Toussain.jpg
Matthew Toussain
read more
Blog
340x340-Homepage_Inclusions_Cloud_Security_Curriculum.jpg
Cloud Security
April 20, 2023
How to Build AI-Powered Cybersecurity Applications
Beyond ChatGPT and using OpenAI API Q&A
Ahmed_Abugharbia_370x370.png
Ahmed Abugharbia
read more
Blog
csl-340x340-logo.jpg
Security Management, Legal, and Audit, Penetration Testing and Red Teaming
May 2, 2022
Vulnerability Management Resources
Stay current with free resources focused on vulnerability management.
MGT_Triad_370x370_Headshot.jpg
SANS Cybersecurity Leadership
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Terms and Conditions
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn