CCNA CyberOps, is it any good ?
I haven’t been writing much lately, which isn’t a good thing when your trying to build a following, so I thought I’d actually write about one of the things which is taking up a great deal of my spare time at the moment, the Cisco CCNA CyberOps training.
Cyber Security is becoming of critical importance for governments and private entities who wish to conduct business or even have a presence online, in an ever more complex and interconnected world. Increasingly the Internet is becoming a high threat, high risk environment. Between nation states attempting to steal from, spy on and generally disrupt each other. Criminals are becoming increasingly more brazen in their attempts to cause disruption for monetary gain or to steal intellectual property. The commoditization of attacks like ransomware a service or Denial of Service, puts dangerous tools in the hands people who don’t have the technical abilities to launch these attacks on their own. It can sometimes seem the only way to be truly safe online is unplugged and go live in a cabin in the woods.
The number of devices which are susceptible to attack grows exponentially as we find new and stupid reasons to connect things to the the internet. I‘m sorry, but your $700 juice machine that only dispenses juice if it can call home, is going part of a distributed denial of service attack along with all the other IoT devices in your house, (at some point probably the house itself as well.) against the company that made it by a 19 year old hacktivist who read something in a subreddit about the pouches not being recyclable and is OUTRAGED !!!! If only you’d renewed your Anti-Virus subscription. If only you hadn’t clicked on that link to see what sitcom stars from the 90’s look like now..….feeling stupid…no, not the malware……I meant the juice machine.
I recommend the Telstra 2017 Cyber Security Report to get a good overview of the type of attacks and threats encountered in the Asia Pacific region last year, if you want to understand why cyber security is so important and why investing in a good combination of technologies, processes and user education is important to maintain good security online.
I’ve done many things in my I.T. career, in fact it’s hard to define my last few roles, other than “Network Engineer”. I was once described by a manager as “My Swiss army knife guy”, but network and gateway operations are definitely an area of focus for me. In the past few years I have been assisting in the devops space to deliver secure, highly available online solutions and monitoring the attempts by hostile actors to comprise them. recently I decided that I needed to update my knowledge of the threats out there and get a refresher in some techniques for combating them. So I began to google…many “googles” later, I had been accepted into the Cisco Cyber Ops Scholarship program.
This is essentially the 2 online instructor led online courses which make the CCNA Cyber Operations Certification, available through Cisco’s Learning Network:
Understanding Cisco CyberSecurity Fundamentals (SECFND V1.0)
This course teaches, fundamental network and security concepts. As well as basic cryptographic principles and attack methods that are commonly employed. As well as the network and host based mechanisms and and operational processes employed to detect and prevent them.
Understanding Cisco CyberSecurity Operations (SECOPS V1.0)
This course builds on the subject matter of the first and explores in more detail the technical and procedural elements of a security operations center. Including roles and responsibilities, incident detection and response processes, common threat vectors, as well event correlation and malware detection. The development of a Playbook, including management workflows and automation of processes. I am still working through this course, so I can not speak with complete confidence about the relevance of all the subject matter contained within.
These are high level courses and while they do assume some prior knowledge, you don’t have to have years and years of IT experience to get something from these courses. I certainly found them to be an extremely useful refresher in some areas and a wealth of new information in others. I’d recommend them for people wanting to get into the Cyber Operations as a career. I think also network operations staff and managers that wish to gain a better understanding the threats that their networks face and how to identify them would benefit from them as well.
Several years ago I undertook the Certified Ethical Hacker training and it was a disappointment. I felt that this course tried to cover too much content into a week’s worth of training and so never really covered the subject matter in any real detail. By comparison these Cisco courses achieved a good balance between breadth and depth. That being said, I think teaching people the difference between the OSI model and the TCP/IP model, is a bit like teaching my kids the difference between VHS and Betamax. (Look it up.)
The course delivery is a combination of video and written content for each chapter, with hands on labs for each chapter and an end of chapter test which your required to pass with 70%. The Labs are an excellent practical way to reinforce the material covered in the chapter. They are a set of online virtual machines running a set of relevant OS’s and security tools and a detailed set of instructions stepping you through the required tasks. My only real complaint was that I found the interface cumbersome and it was taking forever to complete them. (A second monitor probably would have made things easier for me.)
There are instructor led sessions which are available for later playback. Which is good because I found the times for the live sessions to inconvenient due the combo of timezone differences and full time work. They seem to know their stuff and there is a great support structure, in place for interacting with mentors and other students.
I think for an associate level training course, they are good and definitely worth the time. My hope is that Cisco create a CCNP level certification for this track, and ultimately a CCIE version. Once I have finished both subjects and have sat the exams, I will update this post. If I never write about this again…they didn’t go well.