As per ISACA report cited in forbes, there will be shortage of 2 millions cyber security professionals by 2019. To bridge this security skills gap and increase the pool of talents with critical cybersecurity profeciency, Cisco introduced CCNA CyberSecurity Operations Certification or CCNA Cyberops in 2017. I was one of the fortunate people to be the part of Cisco’s $10 Million Global Cyber-security Scholarships program and got the opportunity to enroll for this certification free of cost.
About the certification
This certification claims to be for people willing start their career in Security Operation Center (SOC). As per Cisco, “The Cisco CCNA Cyber Ops certification program provides practical, relevant, and job-ready certification curricula aligned closely with the specific tasks expected of these in-demand professionals. Cisco realizes that Security Operations Center (SOC) Analyst increasingly must focus on design, configuration, and support responsibilities as the technical consultant and device specialist or expert on a security team. Therefore, the Cisco Security curriculum is specific to the best practices of network security administrators, engineers, and experts using the latest Cisco equipment, devices, and appliances.” This is a self paced e-learning certification which includes 2 courses
- Understanding Cisco Cybersecurity Fundamentals (SECFND)
- Implementing Cisco Cybersecurity Operations (SECOPS)
Both courses have their separate exams and one must pass both of them to become CCNA Cyberops certified.
Since it is a beginner lever certification, there is no specific background required apart from basic knowledge of computer. When I stated this certification, I was having around 2.5 years of IT experience. I had the experience of working in Security Operation Center (SOC) for around 6 months which definitely helped me, but this certification starts from the scratch and covers lot of basic topics in details, which will help the complete beginner to kick start their cyber security journey.
In this blog, I will share my experience, my learning methodology, exam preparation tips and review of this certification.
The course was self paced. We had the access to the course video, text materials and online labs which allowed us study based on our time availability. There was also the mentor session via web-ex for each and every chapters. As I was working full time and due the difference in time zone, I was not able to attended any such sessions but the recordings were available which could be downloaded and watched later.
I found the course content to be very organized. Each topics in the chapter had the video lecture, text material followed by labs. At the end of each chapter, there was a quiz to gauge our understanding in the particular topic. These quiz can be attempted multiple times if you want to improve your score. It was mandatory to complete the quiz with minimum of bronze badge (score above 80%). Once all the quizzes were passed with the minimum of bronze badge, the course was marked as complete and we got the voucher for the exam via email within 5 working days. After the end of the all the sections, there were few exam preparation session where the mentors discussed the important topics for the exam. We could post our queries on the discussion board where the mentors and other co-students actively responded.There were official books available for CCNA Cyberops which is recommended for the absolute beginner. I just followed the course materials thoroughly. Total of 2 attempts were given for each exams.
Cyber Security Fundamentals (SECFND)
This was the first of the two courses and I would say it contains the bulk of the topics for this certification. It covers the range of topics like TCP/IP protocol Suite, network infrastructure, TCP/IP attacks, cryptography concepts, network and application attacks, windows and Linux operating system basics including others. For complete list of topics, refer the official page. I particularly liked the way the labs were set up. It simulated the the real enberprise network and used the free VMs like Metasploitable, Security Onion for performing and detecting the of real world cyber attacks.
I was the part of Cohort 5 and I started my journey on 28th December 2017. The last day for completing of SECFND was 18th February 2018. Initially my study plan was to start with the video, followed by reading text material and then working on the labs but I could followed this plan only for first half of the course. Due to full time work and shortage of time I skipped the videos and only studied the text materials for second half of SECFND. I completed all the labs because they were amazing and I enjoyed working on them.
SECFND exam preparation tips
I found few questions in exam which were not well written and had trouble understanding them. Make sure you read the questions properly and take time to understand. Try eliminating the options to find the correct answer. All questions were not from the study materials. Since I was having some experience in IT security, it helped me answer few questions. Some research out of study material is also required. The labs are VERY important for learning different security concepts so make sure to work on all the labs before appearing for the exam. I only used the online course material for preparation. Due to shortage of time, I couldn’t attend any exam preparation sessions. The passing score was for exam was 825. On 20th February 2018 I appeared for the exam and managed to clear in the first attempt with 871 marks . I felt this exam to be on a tougher side as compared to SECOPS.
Cyber Security Operations (SECOPS)
Now I was half way through my journey. I started studying SECOPS from 21st February 2018. SECFND had already covered almost 75% of the course. SECOPS content were more theoretical with lesser number of labs as compared to SECFND. It covered the topics like different types of Security Operation Centers (SOC), network security monitoring tools and techniques, identifying the security incidents and suspicious patterns, incident handling and response, processes and guidelines for proper SOC functioning along with others. For the complete list of topics, refer the official page
Due to more work pressure, I was not able to do continuous study. I just used the text materials and skipped the videos and mentor sessions. Since the content was less as compared to the previous course, I managed to complete the course by first week of April.
SECOPS exam preparation tips
As with the previous course, I took notes of all the sections while studying. I really helped my during the revision phase before the exam. Go through the security incident handling guide (nist.sp.800-61r2) and understand the concepts and terminologies. Regular expressions are key for writing IPS/IDS signatures and search queries in SIEM. A SOC analyst must be proficient in writing and understanding regular expression. Regexone is a great resource to learn regular expressions. The exam preparation sessions were VERY helpful for this exam. The mentors did the fabulous job to explain each and every topics in blue print. I appeared for the exam on 12th April, 2018 and managed to clear the exam in first attempt with the score of 907.
It took me around 55 days to complete SECFND and around 50 days to complete SECOPS along with the exam. I did the study along with my full time job and spent around 2-3 hours during week days and 7-8 hours in the weekends. It is highly recommended to appear for the exam after completing each course because it increases the chance of success as the course contents will be still fresh in our memory.
Though the scholarship is over now, but still I recommend this certification for the people who are willing to enter in SOC or even to such people who are starting their career in cyber security. The course contents were amazing and the team behind it put lot of efforts to make it streamlined and easy to understand. The labs were really awesome. I would like to thank Cisco for this excellent training cum certification program. I would also like to thank all the mentors who were amazing and responded immediately to all my queries. These guys were fantastic. Hats off to them for their dedication and hard work. These 4 months were very great and fruitful in terms of learning.
I hope this blog was helpful. If you have any questions feel free to contact me or leave you comments.
Happy Learning 🙂
The author is a security engineer with interest in cloud technologies, application development and DevOps.