GIAC’s exam development team invited me to beta test the new GIAC Experienced Forensics Analyst (GX-FA) Applied Knowledge Certification earlier this year. The certification is part of a new class of GIAC certifications called Applied Knowledge certifications.
Table of Contents
I did not prepare for the exam and went in blind. I relied upon my previous experiences and my day job at Mandiant, hoping it would get me through the exam.
I got my GCFE and GCFA last year in 2022, and took the associated classes, FOR500 and FOR508. The classes were enjoyable, dense in content, and educational. I felt prepared and excited to be one of the first people to take the new GX-FA.
I took the exam from the comfort of my home through ProctorU. The standard quirks of doing GIAC exams through ProctorU do apply, so be sure to carefully read the instructions. The open-book policy still applies to the GX-FA exam. I turned to my trusty FOR508 books as my main reference.
I found the exam more difficult than anticipated and it challenged me in ways that traditional GIAC exams did not. You can’t simply breeze through multiple choice questions. The time pressure was real. You have four (4) hours to answer 25 CyberLive questions. Little less than ten (10) minutes for each question.
Like the other Applied Knowledge certifications, there is no class associated with the certification. However, GIAC does specify a primary fit course for the new Applied Knowledge certifications.
FOR508 is the primary fit course for the GX-FA. I whole-heartedly agree. The questions and format of the questions are closely aligned with FOR508 and the GCFA exam.
If you have taken FOR508 and/or the GCFA, and feel confident with the content, then you are likely a good candidate to take the GX-FA.
About 3 months after I signed up, I received an email notifying me that I had received a passing score. The new Applied Knowledge exams do not have a published passing score. The exams are pass/fail.
I’m now a proud analyst #33 of the GX-FA.
New Class of GIAC Certifications
The GX-FA is part of a new class of GIAC certifications called Applied Knowledge certifications. The traditional GIAC certifications are now placed in a category called Practitioner certifications.
GIAC Applied Knowledge Certifications are designed to provide a more comprehensive and rigorous assessment of knowledge and skills. GIAC Applied Knowledge certifications take testing to the next level. These certifications are:
- Intended to provide candidates with a more thorough understanding of a wide range of topics and subject matter
- 100% CyberLive and are designed to push beyond individual technical skills. CyberLive questions require candidates to synthesize their skills and use them to solve real-world challenges in a virtual machine environment.
- Ideal for candidates who wish to challenge themselves and demonstrate their mastery of a subject
- Stackable with GIAC Practitioner Certifications, enabling candidates to build their Portfolios to become a GIAC Security Professional (GSP) and/or a GIAC Security Expert (GSE)
In the same April 2023 announcement, GIAC also announced some other changes to their certifications. Namely, there’s a third class of certifications —Portfolio certifications. These are certifications that can only be obtained by taking a specific combination of GIAC Applied Knowledge and Practitioner certifications. In other words, you cannot “take” a Portfolio certification.
The famous GIAC Security Expert (GSE) has been revised and converted to a Portfolio certification.
Before the revision, GSE candidates must meet a fairly complex and hard-to-obtain set of prerequisites, take a multiple-choice GSE exam, and travel on-site to take a grueling two-day exam in a lab environment.
After the revision, you must now complete the following to receive the GSE:
- Any six (6) Practitioner certifications, and
- Any four (4) Applied Knowledge certifications
All the constituent components can now be completed online and at your own pace, and the path allows for flexibility. It is now, in some ways, more accessible to folks wishing to take it.
In addition, there’s one new Portfolio certification—the GIAC Security Professional (GSP). To me, it seems to position itself as a mini-GSE. The requirements are similar:
- Any three (3) Practitioner certifications, and
- Any two (2) Applied Knowledge certifications
- The GX-FA was much more difficult than I anticipated, despite having taken the GCFE and GCFA previously. You have an average of 9.6 minutes for each question. The time crunch was real.
- The GX-FA is part of a new class of GIAC certifications—Applied Knowledge certifications. The existing GIAC exams now fall under the category of Practitioner certifications.
- Practitioner certifications = mostly multiple choice questions with maybe some CyberLive (lab-based) questions.
- Applied Knowledge certifications = 100% CyberLive questions.
- If you’ve taken FOR508 and feel comfortable with the content and labs, you are likely in good shape to take the GX-FA.