A New Path to the GSE
GIAC recently (in the last ~3 years) introduced “Applied Knowledge Certifications,” a new, hands-on tier of exams to show advanced proficiency as an information security professional. These four-hour exams consist of 25 practical CyberLive (virtual lab) questions.
This new tier also creates an updated path for GIAC’s expert-level designations:
- GIAC Security Professional (GSP): 6 Practitioner certs + 2 Applied Knowledge certs.
- GIAC Security Expert (GSE): 6 Practitioner certs + 4 Applied Knowledge certs.
If you’ve been in InfoSec for a while, that new GSE path probably caught your attention. The original GSE process was a notoriously cumbersome ordeal, requiring multiple prerequisite certs, research papers (“Gold Papers”), an entrance exam, and a grueling 15-hour, four-part lab.
My Game Plan: Targeting GX-CS and GX-IH
I’m planning to pursue this new path since I like challenging myself, these exams consist solely of “hands on keyboard” tasks, and I already have all the practitioner certs needed.
I currently hold the GSEC, GCED, GCIH, GCIA, GDSA, GSTRT, and GPEN. I’ll be taking the GREM course in December, and I plan to pursue the GSLC, GXPN, and GRTP afterwards to close out my Master’s in Information Security Engineering with SANS.
Each Applied Knowledge exam has a list of “Primary Fit” courses that align with its content. I chose to start by targeting the exams that best match my current experience:
- GIAC Experienced Cybersecurity Specialist (GX-CS)
- Primary Fit: SEC401 (GSEC)
- GIAC Experienced Incident Handler (GX-IH)
- Primary Fit: SEC503 (GCIH)
My reasoning is that I’ve already taken more advanced courses in these domains (like GCED, GDSA, and GPEN), so I should be well-prepared for these exams.
The last two that I’ll focus on most likely in 2027 for my GSE will be the GIAC Experienced Intrusion Analyst (GX-IA) and GIAC Experienced Penetration Tester (GX-PN), so stay tuned for the game planning/prepping for that in the future.
Because these exams are 100% hands-on, success depends less on memorizing definitions and more on practical, tool-centric skills. For the two exams I plan to take, this means being well-versed in the following:
GX-CS: GIAC Experienced Cybersecurity Specialist
- Advanced Network Analysis
- TCPDump, WireShark/TShark
- Evaluating Linux Systems
- Bash
- File System Interaction
- User and Group Administration
- Evaluating Windows Systems
- ProcessHacker2
- PowerShell
- Windows Command Prompt
- Event Logs
- File Analysis
- Strings, Metadata, Binary Content, Find & Locate
- Malicious Programs Execution & Exploitation
- Strings, Metasploit, Meterpreter, MSFVenom
- CrackMapExec
- Network Security
- Snort, Suricata, Zeek, Elasticsearch
- Password Cracking
- Hashcat
- Hydra
- John The Ripper
- pw-inspector
GX-IH: GIAC Experienced Incident Handler
- Command-Line Security and Analysis
- Command History (PS-Readline and .bash_history)
- Netcat
- Windows Alternate Data Streams
- In-Depth Attack Analysis
- The candidate will perform a multi-part attack or task, centering on both Windows and Linux/Unix-based skills.
- Incident Investigation
- Linux Audit Logs
- Windows Event Logs
- Volatility
- Process Monitor
- Elasticsearch or Splunk
- Infrastructure Analysis
- Cloud Scanning
- Vulnerability Assessment (Nessus, OpenVAS, Seatbelt)
- DNS Enumeration (nslookup, dig)
- Password Attacks and Analysis
- Password Guessing (Hydra, Hashcat)
- Reviewing Logs for Password Attacks
- Pivoting
- Meterpreter
- Chisel
- Ligolo-NG
- Sliver
- Protocol Security and Attacks
- SMB, FTP/SFTP, SCP
- Identify vulns, false positives, and mitigations
- Reconnaissance
- Nmap
- Website Security
- SQL Injection, Command Injection
- XSS, CSRF
This isn’t my final list since I’m sure there’s more I’ve missed, but it’s what I’ll be starting with while preparing throughout this month. Wish me luck and I’ll get back to you with the results in late December!
HandsOnKB 