Core dump overflow

Core dump in progress...

CCNA Cyber Ops review

| Comments

The Cisco Cybersecurity Scholarship program has concluded for the first cohort, and I have been fortunate enough to make it into the program! Now that the course and 2 exams are over, and I have a brand new certification, I thought I’d share some info about what is covered in the CCNA Cyber Ops study materials.

First, I’d like to thank Cisco for this amazing opportunity, and I wish more vendors would take their example. Yes, the latest exam price increase isn’t nice, but this offering of a new certification’s courses and exams to 10 000 people was an awesome move, especially for people who shared an interest in the security topics but wouldn’t have gone to the certification path due to costs.

It also helped in bringing like-minded people together, creating communities and study groups over social media networks, and exchanging information about various security subjects.

So, what is this new CCNA that has the word “cyber” in it all about?

ccna cyber ops

The certification aims to prepare people for working as security analysts in a Security Operations Center. This is a blue-team focused certification, and here are the skills that it covers:

ccna cyber ops skills

The scholarship consisted of 3 courses that had to be completed within 3 months, free vouchers for the 2 exams, and access to forums and mentors.

Introduction to cybersecurity

The first course was a very basic introductory course on what cybersecurity is and why it is needed. You can take it for free from Cisco’s Networking Academy. This was a prerequisite for starting the other 2 courses that actually made up the certification part.

Understanding Cisco cybersecurity fundamentals

This second course was a blast! 14 sections, massive amount of material, both writen and videos, lots of information covered, I really enjoyed it! Some of it was review for me, but I also learned plenty of new things about DHCP relays, the CAPWAP protocol, the Security Onion suite, which is like the Kali of defensive security, and much more! The cryptograhpy section was excellently explained, and the Linux chapter might as well be a course in itself. Here’s a list with some of the topics:

  • networking stuff, protocols, attacks, devices
  • cryptography – detailed and easy to understand
  • general infosec concepts
  • web attacks
  • Windows and Linux sections with commands, filesystem structure, the ways the OS works, etc.
  • network and host security
  • various types of security devices and logs
  • different types of models that deal with threats

A great addition to the study materials were the labs, where you could play with various OSes and tools in your browser, simulate attacks and react to different scenarios. It took a while for the labs to be initialized, but there were also walkthroughs for doing the lab, or skipping it altogether and following the steps instead.

You can find the exam topics for this course at

Implementing Cisco cybersecurity operations

This course wasn’t as big as the previous one, it had 13 sections and 2 appendices. It built up on the foundation of the other one, focusing on various aspects of incident response. It felt a bit rushed though, as it could have covered more material instead of breezing through, and the amount of typos that I found in it was pretty high. But overall, it was a good follow-up, and it had links for many resources where you could learn more. Some of the topics covered are:

  • types of SOCs, NSM tools and data
  • incident analysis and threat hunting
  • CVSS scoring
  • data manipulation, correlation and normalization
  • incident detection and playbooks
  • incident response and automation

The biggest problem that I faced before the exam was that the exam topics didn’t follow the course content. Here is the exam guide:

Fortunately, the mentors assigned to us were very helpful, and in addition to hosting webinars that reinforced the study material, they put together some documents that followed the exam blueprint and filled the gaps in information.

Overall, this has been a very interesting experience and I am happy to have participated in it! Again, hats off to Cisco for making this program available to security enthusiasts, and happy threat hunting!

/ You worry too much about your job. Stop \
\ it. You are not paid enough to worry.   /
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||