GIAC Security Leadership (GSLC)

Exam Certification Objectives & Outcome Statements

• Cryptography Concepts for ManagersThe candidate will demonstrate knowledge of common cryptographic terminology, and an understanding of how symmetric, asymmetric, and hashing encryption works
• Incident Response and Business ContinuityThe candidate will demonstrate an understanding of the phases of incident response, and managing business continuity and disaster recovery programs
• Managing a Security Operations CenterThe candidate will demonstrate an understanding of the components, structure, and management of a Security Operations Center (SOC)
• Managing Application SecurityThe candidate will demonstrate an understanding of security issues affecting software, including infrastructure as code, as well as integrating security into the software development lifecycle (SDLC) and DevOps processes
• Managing Artificial IntelligenceThe candidate will demonstrate an understanding of the different types of AI technologies for business and security use, as well as the high level risks and benefits of AI.
• Managing Cloud SecurityThe candidate will demonstrate an understanding of cloud-based services and platforms, and managing the security and risks of cloud-based infrastructure
• Managing Encryption and PrivacyThe candidate will demonstrate an understanding of using encryption to secure data in transit or at rest, and how to identify and address privacy and compliance requirements
• Managing Negotiations and VendorsThe candidate will demonstrate an understanding of effective negotiation and vendor management techniques
• Managing ProjectsThe candidate will demonstrate familiarity with project management methodology, terminology, and how to gain support from the business
• Managing Security AwarenessThe candidate will demonstrate an understanding of how to assess an organization's human risks and build a security awareness program that can mature with the organization's security program
• Managing Security PolicyThe candidate will demonstrate an understanding of the role of security policies, standards, guidelines, processes, and baselines in meeting an organization's security needs and risk appetite
• Managing System SecurityThe candidate will demonstrate an understanding of common types of client-side attacks and malicious code, and the strategies used to monitor and protect endpoints
• Managing the Program StructureThe candidate will be able to design a security program with an understanding of organizational culture and reporting structures, program governance, and managing personnel
• Network Monitoring for ManagersThe candidate will demonstrate an understanding of centralized logging and monitoring strategies and tools, including SIEM, SOAR, and machine learning technologies
• Network Security ArchitectureThe candidate will demonstrate an understanding of security architecture, trust models, and security controls for addressing common network threats and vulnerabilities
• Networking Concepts for ManagersThe candidate will demonstrate an understanding of network protocols, technologies, and common network threats
• Risk Management and Security FrameworksThe candidate will demonstrate the ability to evaluate and manage risk in alignment with business objectives and adopting security frameworks and risk management techniques to help mature the security program
• Vulnerability ManagementThe candidate will demonstrate an understanding of how to build a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities