Demonstrate capability to deploy systems and applications securely, with fluency in modern cloud and DevSecOps principles.
The GIAC Cloud Security Automation (GCSA) certification validates a practitioner's understanding of the cloud native toolchain, DevSecOps methodology, and security controls throughout CI/CD pipelines. GCSA certification holders are qualified to implement configurations that improve the reliability, integrity, and security of cloud native systems.
Areas Covered
- DevOps and DevSecOps fundamentals; secure infrastructure and configuration management
- Securing cloud architecture; continuous security monitoring
- Data and secrets protection; ensuring compliance
- Security and automation related to deployment, runtime, and content delivery
Who is GCSA for?
- Anyone working in a public cloud or DevOps environment
- Developers
- Software architects
- Operations engineers
- System administrators
- Security analysts, engineers, and consultants
- Auditors
- Risk managers
“Instructor Testimonial
The GIAC Cloud Security Automation (GCSA) certification covers cloud services and modern DevSecOps practices that are used to build and deploy systems and applications more securely. The certification shows that you not only know how to speak the language of modern cloud and DevSecOps principles but can put them into practice in an automated and repeatable manner.”
Exam Format
- 1 proctored exam
- 2 hours
- Minimum passing score of 66%
- 75 questions
Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GCSA exam at 66% for all candidates who receive the exam version released on or after June 29th, 2024.
To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.
Certification Delivery
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
Exam Certification Objectives & Outcome Statements
- Architecture and Fundamentals of Container OrchestrationThe candidate can identify the core components of container orchestration by utilizing Kubernetes. The candidate can use the kubectl command line interface to interact with Kubernetes resources.
- Automated Cloud RemediationThe candidate can explain how policy-as-code tools detect and correct cloud configuration drift. The candidate can construct rules to automatically evaluate and remediate cloud resource misconfigurations.
- Cloud Native ObservabilityThe candidate can summarize the components of microservice observability such as Kubernetes cluster's metrics, logs, and traces.
- Compliance as CodeThe candidate will demonstrate understanding of continuous compliance and policy approaches that integrate enforcement and automation directly into the DevOps toolchain.
- Container Lifecycle SecurityThe candidate can identify the lifecycle steps towards container security. The candidate can apply various techniques towards hardening and scanning containers.
- Deploying Cloud Infrastructure as CodeThe candidate can define IaC concepts and utilize typical tooling to define and deploy IaC. The candidate can identify common IaC security misconfigurations using automated scanning tools.
- Edge Identity and AuthenticationThe candidate can identify common approaches to authenticating external users before they reach microservices. The candidate can utilize foundational concepts such as IAM and managed identify providers and identify core components such as users, groups, and JWT best practices.
- Managing SecretsThe candidate can summarize how secrets flow through the DevOps pipeline. The candidate can utilize common secure storage approaches for secrets management.
- Microservice API GatewaysThe candidate can apply the benefits of establishing intra-cluster microsegmentation using Kubernetes components such as network policy and service mesh.
- Microservices Architecture and DeploymentThe candidate can identify the security implications of using microservices. The candidate can apply secure deployment changes to a running microservice environment.
- Policy EnforcementThe candidate can explain how application security posture management (ASPM) platforms ingest and deduplicate findings from multiple pipeline sources. The candidate can apply policy-as-code controls to enforce deployment approvals based on application security posture.
- Risks, Authentication, and Access-Control of Container OrchestrationThe candidate can identify essential security controls used by Kubernetes, such as authentication and role-based access control. The candidate can identify known risks and attack vectors targeting Kubernetes clusters.
- Runtime Security in Container OrchestrationThe candidate can identify how Kubernetes admission controllers enforce security policy and prevent misconfigured or malicious workloads at runtime.
- Securing the DevOps WorkflowThe candidate can utilize security features made available in CI/CD systems. The candidate can identify secure objectives within the pre-commit and pre-merge phases. The candidate can apply workflow hardening utilizing AI-augmented controls.
- Software Supply Chain SecurityThe candidate can apply standard steps towards securing the container image supply chain. The candidate can apply standard management techniques, such as artifact signing or SBOM vulnerability scanning.
- Understanding the DevOps WorkflowThe candidate can define DevOps practices and principles. The candidate can identify risks and key weaknesses to a vulnerable DevOps workflow.
- Utilizing Configuration ManagementThe candidate can identify security benefits of building hardened, trusted, machine images. The candidate can utilize programs that enable the use of gold images within the DevOps pipeline.
- Workload Security in Container OrchestrationThe candidate can summarize documented issues with how Kubernetes pods authenticate to cloud services. The candidate can utilize core solutions such as OIDC-based workload identity.
Practice Tests
- Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
- Practice exams can serve as a gauge to determine if your preparation methods are sufficient
- The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
- Practice exams never include actual exam questions
- Purchase a GCSA practice test here
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self-paced study through other programs or materials may meet the needs for mastery
- Understand the procedure to contest exam results
- Use this justification letter to share key details of this certification opportunity with your boss