Three GIAC Security Certifications Gain More Clout

Security service providers and other channel partners who have invested in Global Information Assurance Certification (GIAC) training for their employees or who have hired employees who already have GIAC certifications will have a little more to advertise in 2010 with the announcement last week that three of the major GIAC tracks were accredited under the ANSI/ISO/IEC 17024 Personnel Certification program.

A SANS Institute affiliate, GIAC offers 20 different security certifications. Including the ones accredited last week, five of those have now met approval from ANSI. Designed to standardize personnel certifications against international quality requirements, the ANSI/ISO/IEC 17024 accreditation — also known as General Requirements for Bodies Operating Certification Systems of Persons — measures certifications against a benchmark that looks at how a certification administers the application, examinations, surveillance and re-certification of individuals.

The most recent GIAC tracks to get the check-mark from ANSI were the GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA) and GIAC Certified Forensics Analyst (GCFA) programs.
One of the most well-known incident-handling certifications in the security world, GCIH was recently ranked as the No. 1 security certification that organizations pay a salary premium for according to the IT employment analysts with Foote Partners. Those certified with GCIH have proven they know about common attack techniques and tools used to penetrate enterprises and small businesses alike. The certification attests to their knowledge about how to defend against and respond to these attacks, as well as incidents caused by both innocently inept and malicious insiders.

Unique within the security industry, GCIA is designed to show that recipients understand how to manage any Intrusion Detection System, regardless of vendor. Those who hold this certification have shown they understand the fundamentals of network protection and are able to analyze traffic patterns well enough to spot and analyze anomalies.

The third program ANSI accredited last week, GCFA, is one of the most recognized digital forensic certifications. Those bestowed with this vendor-neutral certification have proven that they understand a panoply of computer forensics tools and know the most common criminal forensic analysis techniques to complete Windows- and Linux-based investigations.

Though the premium for most IT industry certifications generally went down over the past year, security certifications such as those offered by GIAC, (ISC)2 and ISACA all managed to buck the trend.

"Unlike other technology job segments, pay and demand for security skills have risen steadily since 2007 and neither budget nor headcount has diminished in economic hard times," wrote Foote Partners principal, David Foote. "Driving continued momentum for steady jobs investment and career safety is the ‘perfect storm’ of more regulation; constant fear of increasing threats; greater customer expectations and demands aimed at vendors; and the splitting of business/strategic risk and operational security activities, which has been accelerated by market forces."

This demand for such skills could prove profitable for channel partners who are able to hire and retain personnel on their consulting staff in order to market to those customers who don’t have the wherewithal or resources to maintain their own cadre of full-time security experts.