SecProve
ProfessionalVendor-neutralISO 17024GIAC / SANS· issued from US

GCIA

GIAC Certified Intrusion Analyst

Packet and log analysis, detection engineering fundamentals.

Official page at GIAC / SANS↔ Compare with another cert
Exam fee
$979
Ongoing
$0/yr AMF · 9 CPE/yr
Study time
120–220 hrs
Delivery
Online proctored
Validity
4 yrs (renewal cycle)

› Quality score

27.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
SEC503-aligned; packet-and-detection objectives are concrete and testable.
8.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Cyber Live hands-on segment with pcap analysis adds real practice signal.
6.0/10
Currency & upkeep
How aggressively content is kept current with the field.
SEC503 refreshed in 2023 with cloud-detection content; cadence trails the field slightly.
6.5/10
Market recognition
How often this signal actually moves a hiring decision.
Detection-engineer signal in SANS-trained shops; modest outside. [Holders: 10k, 2024-12] [DoD 8140 listed]
6.5/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
10,000
as of 2024-12 · source
DoD 8140 baseline
Listed
CSSP-Analyst

› Built for these roles

Detection EngineerNetwork Forensics AnalystSOC Analyst (Tier 2-3)

› Exam format

Open-book MCQ exam, 106 questions over 4 hours plus a Cyber Live hands-on component, online proctored.

Passing score
67% (scaled per attempt)
Retake policy
Fee: $999 per attempt
Wait: 30d between attempts

30-day wait. SANS course bundles typically include 2 attempts.

› Recertification

36 CPE credits over four years (avg 9/yr) plus the $499 renewal fee per cycle.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-016OG-WRL-012PD-WRL-001
Recognition
GlobalUSEUUK
Exam languages
en

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A11Detection Engineering & Threat Hunting

SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

A10Security Operations

SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.

› Prerequisites

Experience

Two-plus years of network or SOC experience. Often paired with SANS SEC503.

Knowledge assumed
  • Packet analysis (Wireshark, tcpdump)
  • IDS signatures (Snort, Suricata)
  • Detection rule writing

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (2)
GSECGIAC / SANSGSOCGIAC / SANS
GCIA
GIAC / SANS
Required by (0)

No certs require this one.

Recommended next (7)
GSEGIACGDATGIACGNFAGIACGCTIGIAC / SANSGCDAGIACGCTDGIAC+ 1 more

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
Practice tests
  • GIAC Practice Tests (2 included with exam)
Free / community

› Version & lifecycle

Current version
2024 SEC503 refresh
Released
2024-04

› Salary signal

Network intrusion analyst / SOC tier 2-3, US, 3-5 years.

$105K$160K
median $130K

Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

vs
GCIH

GCIA is network detection in-depth; GCIH is incident response. Often paired in SOC teams.

↔ Compare side-by-side

› Careers that commonly pursue this cert

SOC Analyst

Monitor, detect, and respond to security threats in a Security Operations Center. The front line of cyber defense.

Detection Engineer

Build detection rules, tune SIEM systems, and hunt for threats that evade automated defenses.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications