GSE
GIAC Security Expert
The GIAC Security Expert (GSE) is the highest distinction in the GIAC certification system and was fundamentally reformed in 2023/2024: Instead of a single exam, it is now awarded as a portfolio certification. Those who demonstrate six Practitioner and four Applied Knowledge certifications (hands-on, proctored lab exams) automatically receive GSE status. The model enforces genuine breadth and depth – which increases credibility compared to earlier pure knowledge tests. However, the effort (cost, time, multiple exams) is considerable; the GSE is therefore clearly aimed at experienced experts pursuing SANS/GIAC as a career path. In Europe, awareness outside the SANS community is still limited.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition scoreGIAC's apex credential — fewer than 500 worldwide.
› Built for these roles
› Exam format
Multi-stage: written exam + 2-day hands-on lab. Highest GIAC certification.
30-day wait between attempts. SANS course bundles typically include 2 attempts.
› Recertification
Valid for 4 years. Renewal via 36 CPE credits or renewal exam (479 USD). Each GIAC cert separately.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 4 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
IR playbooks, memory/disk/network forensics, chain of custody, malware analysis.
Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.
› Prerequisites
Minimum of 2 active GIAC Gold certifications required.
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
No follow-on certs reference this one yet.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- Holds at minimum GSEC + GCIH + GCIA prerequisites; SANS encourages MGT414 + course breadth
- SANS courses across IDS/IR/forensics tracks
- GSE Hands-On Lab Practice (community-sourced)
› Version & lifecycle
GIAC's most senior credential. Requires GSEC + GCIH + GCIA + lab pass. Held by ~250 globally.
› Salary signal
Senior security engineer / principal SOC architect, US, 8+ years. Very rare credential.
Robert Half Salary Guide + community salary surveys · 2024 · US base only · p25–p75 range
› How it compares
GSE is hands-on technical mastery; CISSP is broad knowledge. GSE is rarer and harder to attain.
↔ Compare side-by-side› Careers that commonly pursue this cert
Design, build, and maintain security infrastructure. The architects of an organization's defensive posture.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.