Certification

Certification

GIAC Certified Enterprise Defender (GCED)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

GCED Exam Certification Objectives
Defending Network Protocols The candidate will demonstrate an understanding of the OSI model and commonly-used protocols found at various OSI layers. The candidate will also demonstrate a basic working knowledge of the weaknesses of these protocols and the services that use them, and of tactics providing more secure implementations.
Defensive Infrastructure and Tactics The candidate will demonstrate their understanding of, and effective use of security infrastructure such as firewalls, host and network intrusion detection/prevention systems, active defense measures, and capabilities such as logging.
Vulnerability Assessment and Penetration Testing Concepts The candidate will demonstrate an understanding of the processes and techniques used in penetration test and vulnerability assessment engagements. The candidate will demonstrate their familiarity with the types of tools required for such engagements.
Vulnerability Assessment and Penetration Testing Application The candidate will demonstrate their understanding of and proficiency using penetration testing and vulnerability assessment tools, and familiarity with typical testing and assessment target types.
Network Security Monitoring Concepts and Application The candidate will demonstrate their understanding of network packet analysis, their ability to use packet analysis tools, and to interpret the results of the analysis.
Network Forensics Concepts and Application The candidate will demonstrate their understanding of network forensic tools and practice, used to perform analysis on stored and real time traffic to identify suspicious traffic or attempted attacks.
Intrusion Detection and Packet Analysis The candidate will demonstrate their understanding of intrusion prevention systems, their placement in the enterprise, their configuration and tuning, and actions taken in response to alerts.
Digital Forensics Concepts and Application The candidate will demonstrate an understanding of methods and practices of digital forensics.
Incident Response Concepts and Application The candidate will demonstrate an understanding of the incident response process, and its relationship to threat intelligence practices.
Malware Analysis Concepts and Basic Analysis Techniques The candidate will demonstrate an understanding of the various types of malware, identify symptoms of infection, and methods to analyze it safely. The candidate will demonstrate an understanding of the benefits and disadvantages of automated and static malware analysis techniques, their ability to perform these analyses and to interpret their results.
Interactive Malware Analysis The candidate will demonstrate their understanding of interactive malware behavior analysis, a familiarity with the tools and techniques used to perform the analysis, and interpret the results of the analysis.
Manual Malware Analysis The candidate will demonstrate their understanding of manual code reversing of malware, of disassembly and decompiling malware, and of code obfuscation techniques used by malware.