week 1 cisco cyber ops content observations

I’ve sampled much of the material for the first half of the Cisco CCNA Cyber Ops certification material, namely for the Understanding Cisco Cybersecurity Fundamentals (210-250 SECFND) portion of the program, and I’ve gotten through about half the material in depth. (Disclaimer: I am taking the self-paced e-course through a Cisco scholarship, so I am not paying for it.*)

So far, I really like the material that is collected as it pertains to a SOC Analyst position. And let me tell you, Cisco makes constant mention that this material is meant specifically for a SOC Analyst. I think it effectively overviews the general things I think an entry level SOC Analyst should know coming in, or have learned about in their first 6 months. And this includes not just book knowledge, but ability to utilize some tools and troubleshooting and log/alert reviews (aka analysis!).

I would slot this material about one half step above Security+ (It’s been years since I took this) and at a similar level to the SANS GSEC course. (I have not taken that, but the topics covered seem to match very closely). I think someone could conceivably skip GSEC if they hold the Cyber Ops cert, and vice versa. Moving from something like the CCNA R&S track over to pick up Cyber Ops could be conceivable for maintaining the latter and expanding a career path. I would expect that a 2- or 4-year degree in infosec would be at least equivalent to CCNA Cyber Ops cert.

Keep in mind there are two exams that make up the Cisco CCNA Cyber Ops Certification. The above-mentioned SECFND as well as the Implementing Cisco Cybersecurity Operations (210-255 SECOPS), which dives deeper into actual SOC processes and procedures. I have not reviewed that material other than a cursory glance at the exam topics.

Should the CCNA Cyber Ops cert be mandatory for entry-level SOC Analyst candidates?
Of course not. But a candidate with this is going to be looked upon favorably. Personally, I think most any sort of IT background or degree (plus security interest) is enough to get someone in the door as a SOC Analyst. This will help a) provide training for someone already in the door, or b) help set someone just a little bit above their peers. I’m not sure I’d pick someone with GSEC, Sec+, or Cyber Ops over the others in that grouping, but any sort of interest and proven knowledge is good. I think the cert should allow for more lenience on any actual years of experience, though. That is probably the balls-iest thing to say in all of this. I would honestly say that someone who can consume and learn from this material has knowledge that is gained in 0.5-2 years in a SOC by someone without that prior learning.

Is the CCNA Cyber Ops geared towards students with 0 professional experience or those that have some level of prior knowledge/experience?
Here’s the breakdown of what I feel someone should know coming into this material:

security and cryptography concepts at a Security+ level.
enterprise networking concepts (LAN, WAN, sec tools) at a 0.5-2 year professional level
Windows troubleshooting/experience at a 0.5-2 year professional level (desktop/server blend)
Linux troubleshooting/experience at a 0.5-2 year professional level
Programming/coding/web dev experience to some degree
Cisco product exposure, CCNA R&S exposure to some degree

While I don’t think someone needs, say, 0 Windows experience, I think they need to know Windows (or conversely Linux or networking) to a degree that someone could work at an entry-level Windows admin job, for instance. If a candidate has 0 Windows administration/troubleshooting knowledge or 0 networking knowledge (ever set up home LANs?), I’d point them first to an A+ or Security+ course track. For Linux, I’d probably point to Linux+ as a primer. However, I think someone with decent personal Windows/networking/Linux knowledge can succeed here, even without having had that experience on a professional job. Also, a 2- or 4-year IT degree should suffice.

Some of the topics and technologies you really don’t get without having some exposure to security processes in an organization, but the concepts shouldn’t be foreign (i.e. LDAP management, IPS/IDS tools, endpoint security tool features, log collection and analysis). And I think the material does a good job introducing it enough that a new SOC Analyst can hit the ground running in their first week.

Honestly, much of this material matches things I’d ask in interviews for mid-level Windows server or desktop admins. It’s just stuff someone really should know if they pursue a long-term career in IT, let alone security.

Would this be a good option for an experienced IT admin looking to transition into security?
If someone has several years of admin work and wants to get into security, I think this is a decent way to go, depending on goals and prior knowledge. A network admin can get up to speed on security and systems topics, and a system admin can get up to speed on security and network topics. But I think very experienced persons could look further up the chain if they want. But, the reality is sometimes you have to start somewhere when doing a career shift into infosec, and I wouldn’t look down on someone starting here.

What about someone who has 3+ years of security experience?
Honestly, I doubt that student will learn much new, but if the cert helps with job searches or is essentially free, then go ahead. But otherwise I think that level of experience could be looking further upwards. If there is any sort of current security person who could benefit, it’s one who is tasked with building out a brand new IR process, new SOC team, or applicable topics. I can see some good learning happening in that sort of a situation, particularly in the second exam of the two.

Would this be applicable to a non-Cisco shop?
I actually think so, but obviously much of the countermeasures and solutions have a distinct Cisco product slant. Again, I consider the GSEC to be somewhat analogous to this cert, so that can be a substitute.

What could come after CCNA Cyber Ops?
What I also like about this cert is where someone with Cyber Ops can go. I can honestly see this as a jumping point to almost every “advanced” security certification/training path out there, even going into PWK/OSCP, and definitely to CISSP/CISA/CISM or CCNA Sec. I think I might start considering this not just an entry-level-ish cert, but a gateway cert to everything else (much like Security+, GSEC, an actual infosec degree, and even CEH [until the US Gov finally drops it]).

*Would I have taken the course/exams had it not been offered for free?
I honestly doubt it. I’ve been doing IT and infosec work for 15 years, and as such, I’m really not learning much through the course that is brand new to me. Some topics are difficult as I just don’t need some particular trivia every day. But I’d really say I’d have pursued something further up the chain in place of this had it not dropped into my lap. If I pass, I’ll certainly add it to the resume/LinkedIn page, but I think my job experience over the past few years and a CISSP already demonstrate the same commitment and knowledge that this cert would. Given the next 4 months free, I would have spent the time elsewhere.

Leave a Reply

Your email address will not be published.