Wondering if the GSEC certification exam is worth your time? Learn the benefits of being GSEC certified, who the certification is meant for, and the exam requirements.
I know that getting into an entry-level cyber security job without an official certification or degree can be tough.
Most organizations expect their new hires to have at least some basic cybersecurity experience or certifications under their belt.
So, if you’re looking to jump into an IT security role, then getting your GSEC certification might be your ticket to doing so.
My Opinion
If you decide to become GSEC certified, don’t ever use training resources that haven’t been vetted.
Take an official course that aligns with the examination. Unfortunately, in this case taking the official SANS course can be quite expensive.
If you already have a CompTIA Security+, then I don’t recommend taking the GSEC exam as it serves no additional benefit, especially if you’re paying out of your own pocket.
But if you can get your employer to pay it, I’ll always recommend taking the course and exam.
You can use this certification as a stepping-stone to more advanced certifications such as CISSP, CEH, CISM, CISA, and so on.
Hopefully after becoming GSEC certified, you’ll possess a foundational knowledge of security fundamentals. Just remember, the GSEC certification is not a substitute for the experience you still need to succeed.
And with enough time and patience, this GIAC certification can definitely help you help open doors to an array of entry-level cyber security jobs.
What Is the GSEC Certification Exam?
The GSEC (GIAC Security Essentials Certification) is an entry level security certification for those seeking to demonstrate technical proficiency in the field of cybersecurity.
Achieving this certification shows employers that you have a strong grasp of basic security concepts and are qualified to begin performing hands-on cyber security tasks.
To give you some background, the SANS Institute established the Global Information Assurance Certification (GIAC) in 1999 as an organization to specialize in information technology certifications, and it’s the GIAC which administers the GSEC exam and awards the certification.
As a bonus, it’s also one of only 14 GIAC certifications that is ANSI/ISO/IEC 17024 Accredited.
This means the certification has gone through a rigorous process to “establish its structure, policies, and procedures to safeguard impartiality, ensure objectivity, and manage conflict of interest arising from certification activities.”
Even better, if you’re a government employee or military, the GSEC meets the DoD Approved 8570/8140 Baseline Certification for Information Assurance professionals.
In a nutshell, the GSEC Certification is a legitimate player in the world of cybersecurity.
Benefits of Becoming GSEC Certified
Other than your own personal satisfaction and letting employers know that you’ve taken the time to study and pass the GSEC, you shouldn’t expect much more. But don’t let that stop you from exploring whether the GSEC is right for you.
Regardless of the circumstances, obtaining the GSEC indicates you’ve learned a highly practical and valuable cyber security skill set which will not go unnoticed.
Passing the exam means you’ve learned the basic requirements needed of your profession, and it shows employers how serious you are about information security.
And since you can put this certification on your resume, you’re now letting technical recruiters and hiring managers know that you possess the knowledge needed to fulfill the requirements of that very technical role.
In fact, GIAC certifications are the 4th most requested security certifications.
This should give you a general sense of how many companies prize GSEC certified security professionals. This certification is sure to enhance your visibility in the cybersecurity job market.
Here’s a summary of the benefits the GSEC Certification offers:
- Qualification for higher paying job positions
- Extended opportunities and paths to diverse career paths
- Recognition of your knowledge related to the field
- Global acceptance and demand as a trained professional
- Qualification for advanced cybersecurity certifications
Is a GSEC Certification Right for You?
If you’re starting out in IT and want to get a basic understanding of cyber security concepts and how they apply, then GSEC is an excellent place to start.
GSEC is for entry-level IT security professionals with a minimum of 12 months of security experience. But even if you don’t possess the experience, you can still take the exam.
However, if you’re absolutely new to cybersecurity and want to study for a certification that’ll quickly get you up to speed, then the GIAC Foundational Cybersecurity Technologies (GFACT) or the GIAC Information Security Fundamentals (GISF) certifications might be the better way to go.
Regardless, earning a GSEC Certification can qualify you for entry level cybersecurity jobs such as:
- Junior Network Administrator
- Junior System Administrator
- Junior Information Security Analyst
- Help Desk Specialist
- Junior Cyber Security Analyst
- Junior Forensic Analyst
- Junior Penetration Tester
- Junior IT Auditor
- Junior Security Engineer
GSEC Certification Salary
According to PayScale, GSEC certified professionals can average $94k annually.
Ziprecruiter also lists $94k as the average salary of GSEC certified professionals.
Keep in mind, these are averages; your actual salary depends heavily on your position and responsibilities. You should obviously not expect a Junior Cybersecurity Analyst to make the same as a Senior Cybersecurity Engineer, even with the same certifications.
GSEC Certification Exam Prerequisites
Unlike other cybersecurity certifying bodies, GIAC doesn’t require individuals applying for the GSEC to have any cyber experience to take the exam. In fact, you don’t even need an IT background to take the exam.
Which means, it doesn’t matter if you’re a student or a high-level Security Director. Simply put, anyone of any level of capability or knowledge may take the examination.
Yes, some websites do mention that the exam is intended for mid-level professionals with an infosec background, but you can just as easily take the exam with little to no experience.
However, just because you don’t need prerequisites to take the exam doesn’t mean you shouldn’t study or prepare for the exam.
GSEC Exam Topics
The GSEC is a test of both your cybersecurity knowledge and how well you can use information security resources to solve problems.
While GSEC does provide you the exam coverage areas, objectives, and outcome statements; SANS takes it a step further by breaking down each of the 35 learning modules covered in the GSEC exam.
The way it’s presented by SANS is by no means an indication of what order or how you should study. It’s presented for the sake of brevity. As you can see the study material has been separated into six domains, each that deal with a unique area of cybersecurity:
- Network Security & Cloud Essentials
- Defense-in-Depth
- Vulnerability Management and Response
- Data Security Technologies
- Windows and Azure Security
- Linux, Mac and Smartphone Security
Read here to find out the truth behind cybersecurity domains!
The exam has the following parameters:
Time Limit: 5 hours
Number of Questions: 106-180 questions
Passing Score: 73% is a passing score
GIAC Exam Preparation
According to GIAC, the average test taker spends an average of 55 hours studying for one if its exams.
If you’re thinking about passing the GSEC certification exam the first time, it’s important that you have access to the right resources.
And with only four months before an exam, you have a limited amount of time to be able to leverage those resources quickly.
If you do the math, that means the average GIAC test taker studies approximately 30 minutes each day. Although you really should be studying more than 30 minutes a day, if you can do at least that much, you should be fine.
When it comes to studying, there’s good news and bad news; the good news is that all GIAC exams are open book exams.
The bad news is that the training books themselves don’t contain an index. This makes it hard to reference key concepts during the exam. Test takers are left to create their own index, sometimes using creative methods.
Your GIAC Certification Attempt, which is what the registration is known as, comes with 2 GIAC practice exam tests. If you feel that two GSEC practice exams aren’t enough, you can always purchase more and can also request an extension on your exam date.
If you’re interested, take a look at free GSEC sample questions by IT Exams offering 279 security practice questions. These are only sample questions provided by third-parties and may not reflect the actual questions on the exam.
SANS GSEC Bootcamp
One of the best GIAC exam preparation resources includes SANS training courses. SANS training courses will allow you to adequately prepare for any GIAC certification by teaching you the essential security skills relevant to that particular GIAC certification.
Currently, SANS courses are offered by three different methods: OnDemand, Live Online, or In-Person. So no matter which preparation goal you choose, you can meet your obligations at work and at home.
For the GSEC certification, the SANS institute offers SEC401: Security Essentials: Network, Endpoint, and Cloud as the official GSEC bootcamp for the exam.
This SANS SEC401 bootcamp will set you back over $8275, but it still a lot cheaper than many third party bootcamps. As of 2020, the average tuition of a bootcamp is $14,142 and averages 17.2 weeks in length.
Can you take GSEC training course with another organization? Sure, but keep in mind that you’re always better off taking the training course that’s affiliated with the company creating the certification.
Considering the costs and the fact they’re the gatekeepers and key masters, why risk taking a GSEC training course with another organization. For this reason, I always recommend taking the bootcamp of the certifying organization (and no, I’m not getting paid for recommending them).
Bryan Simon, one of the course authors of the SEC401 training course presents a couple YouTube videos provided below to give you some extra insight into the training course:
Why Level up With SANS SEC401?
What’s New in SEC401: Security Essentials Bootcamp Style
While candidates aren’t required to undertake SANS training to become GSEC certified, it may be a good idea.
Want more information to know if a cybersecurity bootcamp is worth it?
GSEC Certification Exam Costs
The GSEC exam currently costs $949 regardless of whether you take the associated training course.
And though it’s not very easily found, I’ve also provided a link of the current GIAC pricing list.
Keep in mind, just like most other security certifications, there are continuing requirements for maintaining this certification after passing the examination.
The requirements for maintaining the GSEC includes recertification every four years in addition to paying the certification renewal fee of $469. There is no annual maintenance fee as you would find with other certifying organizations.
On a yearly basis, you must log at least 36 continuing professional education (CPE) units. If you choose not to log these hours, you can always just retake the exam. However, I don’t recommend it unless you want to study for a brand-new exam.
CPE’s can be achieved by multiple means such as through related work experience, graduate coursework, published papers, attending security-related training courses, etc.
Despite being one of the most reputed entry-level cyber security certifications, the GSEC certification exam can be significantly challenging to pass. If you so happen to fail a exam, you may purchase a retake for the cost of $849.
If you are seriously considering this certification, visit both the GIAC and SANS websites to fully understand the requirements and deadlines of the GSEC examination.