Template id = 116
Document id = 8554
Parent id = 1546

GICSP – Global Industrial Cyber Security Professional

This 5-day training will prepare you for the Global Industrial Cyber Security Professional (GICSP) certificate of GIAC. You will learn how to combine IT, cyber security and engineering best practices to secure your Industrial Control Systems (ICS)

GICSP (Global Industrial Cyber Security Professional) – mode of study

  • Option 1: 5-day training (in-class and live online)
  • Option 2: In-company training

GICSP – the only vendor-neutral ICS security certification in the world

GICSP (Global Industrial Cyber Security Professional) is the most sought-after certification in the GIAC family and focuses on the essential knowledge of securing critical infrastructure assets. GICSP is the only certification in the world that explicitly focuses on the cyber security aspects of Industrial Control Systems (ICS). 

This GICSP certification is a unique, vendor-neutral, practitioner-focused Industrial Control System (ICS) security certification and offers the highest standard in cyber security certifications which align with SANS institute.

About GIAC (Global Information Assurance Certification) Institute

GIAC is an independent information security certification entity, founded by SANS institute. GIAC is the leader in information security, cyber security, IT security and forensics & penetration testing certifications. GIAC has granted over 60,000 certifications worldwide to validate the skills and knowledge of (information) security professionals.

Why take the GICSP training and certification?

Numerous incidents have shown that Industrial Automation and Control Systems (IACS) could be vulnerable to cyber attacks and that such attacks can lead to disruption of physical systems and networks. This makes security for IACS an important part of Critical Information Infrastructure Protection (CIIP). This GICSP training is a great introduction to the IACS landscape and associated security concerns:

  • GICSP is a relatively new certification that focuses on the essential knowledge for professionals securing industrial technology
  • GICSP has been developed for engineers, control system support and security professionals who work in environments addressed by commonly accepted standards related to control system and automation security, including ISA-99/IEC 62443
  • Holders of the GICSP certificate will demonstrate a globally recognized level of competence that defines the architecture, design, management, risk and controls that assure the security of critical infrastructure
  • GICSP is the bridge to bring together IT, engineering and cyber security professionals to achieve security for ICS from design inception to product retirement
  • The certification establishes a base level of knowledge and understanding for the diverse set of professionals who engineer, operate, secure or support control systems and share responsibility for the security of these environments
  • This certification is applicable to control system owners/operators across all sectors, ICS vendors, integrators and support organisations and professionals that have access to production industrial control systems from nuclear power plant systems to building automation
  • GICSP is expected to be globally adopted as a gateway certification for critical infrastructure industrial control system professionals

There is a skills gap with regard to industrial control system personnel, whether it be cyber security skills for engineers or principles for cyber security experts. The GICSP training provides you with the essentials for concluding cyber security work in industrial control systems environments. The 5-day training teaches you how to combine IT, cyber security and engineering best practices to secure your Industrial Control Systems (ICS).

When you have completed the GICSP training you will have developed an appreciation, understanding and common language that will enable you to work together with your colleagues to secure your Industrial Control System (ICS) environments.

What will you learn?

The 5-day GICSP training provides the opportunity to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defences. The training is designed in such a way that you will leave with newly gained knowledge, tools and techniques you can put to work immediately in your daily practice. This highly topical Industrial Cyber Security Professional training will provide you with:

  • knowledge about standards and regulations for Industrial Control Systems (ICS)
  • understanding of the threats to the security of process control systems
  • understanding of the technologies used to carry out security audits
  • understanding of industrial control system components, purposes, deployments, significant drivers and constraints
  • hands-on lab learning experiences to control system attack surfaces, methods and tools
  • control system approaches to system and network defence architectures and techniques
  • knowledge of how to harden an Industrial Control System (ICS) using end-point protection, securing memorable data or updating systems
  • incident-response skills in control system environments
  • governance models and resources for industrial cyber security professionals

Who should attend?

GICSP provides a set of standardized skills and knowledge for industrial cyber security professionals. The GICSP training is designed to ensure that the workforce involved in supporting and defending Industrial Control Systems (ICS) is trained to keep the operational environment safe, secure and resilient against current and emerging cyber threats.

The GICSP training is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators and other third parties. The GICSP training brings together control system engineers, IT security professionals, program managers, process control engineers, process control network cyber security engineers, principal security architects, ICS/SCADA security consultants, heads of process control security, directors of reliability & security, senior security engineers, directors of technology, critical infrastructure protection specialists from asset owners and operators along with governmental and research leaders.

GICSP examination highlights

The exam to become a Global Industrial Cyber Security Professional (GICSP) consists of 115 (100 scored/15 non-scored) ''beta'' questions. The exam takes 3 hours. The minimum passing score is 71%. The exam is not included in the training. Test delivery is computer based and proctored by Pearson Vue at over 4,000 global testing centers. You can take the official exam also remote in a proctored environment.

Prerequisites to be successful in this training

In order to be successful in this training, you will need a good understanding of basic computer networking and security principles. You will also need to be familiar with networking protocols and ideally have a CompTIA Nework+ certification.

GICSP validation

The GICSP certification is valid for 4 years. Continuing Professional Education (CPE) requirements are consistent with GIAC standards.

Feedback from former delegates

Former delegates rate this Global Industrial Cyber Security Professional (GICSP) training with a 9 (on a scale from 1 to 10).

"Excellent instructor with endless amount of energy and humor. He has a deep knowledge of the industry and managed to keep the whole group focussed and awake."
Marty Knopert, Honeywell

"Best course I've attended."
Daniel Grabski, Honeywell

"It was obvious that the trainer has a huge knowledge of the ICS Cyber Security world. He made the course very pleasant and useful."
Cristina Zuniga, Honeywell

"Very structured. Very detailed. The trainer is experienced, prepared and sincere."

"The trainer demonstrated in-depth knowledge about the subject, while also keeping me awake with an excellent sense of humor."
Konstantin Rogalas, Honeywell

Also interesting!

The following trainings could be interesting/relevant for you and/or your colleagues:


Do you prefer an in-house training on GICSP? An in-house training on GICSP, customized to your organization, has many advantages and:

  • Saves you and your colleagues time and travel and accomodation expenses
  • Enables you to train in the comfort of your own working environment
  • Can be arranged at a time convenient for you
  • Sensitive issues can be openly discussed because there are no outsiders

For more information on this GICSP course, the in-house possibilities or for any other question, please contact us directly at +31 (0)40 - 246 02 20 or send an e-mail to info@imfacademy.com.



  • Overview
  • Knowledge of critical infrastructure

Governance & risk management

  • Global security standards
  • Practices and regulations
  • Security lifecycle
  • Security policies

Security essentials

  • Types of threat
  • Attacks and incidents

System security

  • Tenets of security
  • Security awareness
  • Physical security
  • Crytography

ICS architecture

  • Communication mediums
  • Device architecture
  • Process control systems
  • Industrial protocols
  • Network protocols
  • Network segmentation
  • Wireless security

Hardening ICS

  • Updating systems
  • Application security
  • Embedded devices
  • End-point protection
  • Hardening network security
  • Operating system security
  • Securing removable media

Access controls

  • Access control model
  • Directory service
  • User access management

Change management

  • Baselines and auditing
  • Patch distribution and installation
  • Software and firmware management

Incident management

  • Recognition and response
  • Incident recovery

Business continuity

  • Defense in depth
  • High availability
  • Site redundancy
  • System backups and restores

System auditing

  • Security assessments
  • Device testing
  • Monitoring and logging
  • Penetration testing and exploitation

Request brochure


When you successfully pass the GIAC-GICSP exam you will earn the official GICSP title.

Your guarantee for certification

Should you not pass the GICSP exam the first time, you may re-attend the GICSP training for free (within a period of one year after the training). You only pay for the hotel accommodation and the exam. 


The trainer of the Global Industrial Cyber Security Professional (GICSP) training is a very experienced instructor.

Start date(s)

The Global Industrial Cyber Security Professional (GICSP) training lasts for 5 consecutive days. You can join the training physically and live online (up to your choice). The training will be organized in the Netherlands. You can join the training on the following dates:

 Global Industrial Cyber Security Professional (GICSP) - trainings

  • 26 - 30 April, 2021

Fee / Registration

The fee of the 5-day GICSP training is € 4,750 (VAT excl.) when you join the training remote (live online). Do you want to join the training on location, the fee will be € 5,380 (VAT excl.) per person. The fee includes your hotel accommodation including breakfast, lunches and all dinners. The official GIAC GICSP documentation and the exam are not included in the training fee. 

Step 1/4: Your selection *

Participant substitution and transfer
Delegates may be substituted until 2 weeks prior to the start of the Global Industrial Cyber Security Professional (GICSP) training without further fee, provided notice is given in writing. Delegates requesting a transfer to a later training date may do so without incurring penalty fees, provided the request is received in writing at least 2 weeks before the start date of the GICSP training.
Participant cancellation
Cancellations will be accepted up to 2 weeks prior to the initial starting date of the Global Industrial Cyber Security Professional (GICSP) training. We will invoice 25% of the training fee for administration costs (with a minimum of € 350). If you cancel within 2 weeks before the start of the GICSP training you will have to pay the full training fee. All cancellations must be received in writing.
Payment for training fees must be received within 30 days of the invoice date, though always before the start of the GICSP training.

GICSP – Global Industrial Cyber Security Professional

Register! Brochure IN-COMPANY