The SANS Global Information Assurance Certification, or GIAC, program is nothing if not forward-looking. Driven by constant input from a cadre of loyal adherents and followers, the GIAC program stays pretty much at the forefront of information security topics, tools, and technologies. That’s why upon reading at GoCertify (“Latest Certification Updates“) about the organization’s new GIAC Mobile Device Security Analyst, to which the seemingly unrelated acronym GMOB applies (until I had a Homer Simpson moment — “Doh!” — and realized it meant “GIAC Mobile”), I decided to dig a bit further into its content and coverage.
The latest mobile security GIAC cert stresses mobile device penetration testing and mobile application security analysis.
A quick look at the GMOB home page makes it clear that the credential focuses on operational security, with an emphasis on hardening mobile devices, and making sure that communications between mobile devices and corporate systems is protected from snooping and eavesdropping through all technical means available. More specifically, here’s what this credential takes as its primary objectives:
- General understanding of mobile device architectures, operating systems, and security features.
- Assessing mobile devices to find and mitigate security vulnerabilities and deficiencies.
- Ensuring technical knowledge necessary to conduct mobile device penetration testing.
- Understanding how to conduct a basic security analysis for mobile applications.
- Able to understand and apply security policies in a mobile device environment.
- Familiarity with common attack methods for mobile devices, such as jailbreaking, rooting, sidejacking, and web application attacks, and methods to remediate or mitigate them.
- Able to employ common protection techniques for mobile devices, such as encryption, VPN, configuration management, content filtering, and more.
As is its usual practice, SANS offers a training class to prepare candidates for the GMOB exam — namely, SEC575: Mobile Device Security and Ethical Hacking (6 days, long course, $4,645). Alternatively, candidates may simply challenge the exam without taking the class (2 hours, 75 questions, $579; cut score: 66% ). This credential must be renewed every 4 years to stay current, either by re-taking the exam, completing a continuing education requirement, or other means (see “Certification Maintenance Guidelines & Requirements” for more information).