Last year I got Cisco scholarship for this course and exam. What it meant to me was not just a no-charge wonderful technical course but also re-ignited my inspiration to learn and take professional certificates after 4 years. The value it brought to me was much more than money. This is a very new cert from Cisco, just released in 2017 and now is still v1.0 so luckily I’m one of the first certified persons in the world.
This is the cert description: “Today’s organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC’s) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats. CCNA Cyber Ops prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.” So basically, this cert focuses on the skills in SOC, CISRT or CERT centers like threat hunting, incident detection, incident handling, forensic etc.
Below is my email to a colleague who asked for my detailed experiences on this certificate, I keep here for reference.
Please see the detailed knowledge and skills for this course on Cisco website, under Exam Topics. If you need more details in any specific exam topic, please let me know.
Now I’m trying to give you an overview from my experience:
- This course/certificate is not about configuring network security devices like firewall, IPS like CCNA Security or performing an attack/penetration test like CEH or designing/managing information security system like CISSP/ CISM. This is about Detect, Analyze and Handle a cyber security incident. It covers skills to hypothesize a threat, perform investigation to confirm or decline the hypothesis, uncover and stop an attack if it’s confirmed, prepare necessary evidences and documents for reporting/informing/lesson learn after the incident.
- For effective detecting and analyzing an incident, security analyst needs to understand the philosophy behind the common attack methods and the signs to recognize them. He also needs to have skills on using tools to correlate and analyze a huge amount of data from various network security monitoring sources. There’re many tools mentioned in the course, some are common open source tools, some are proprietary and Cisco branded, but the point is understanding the data types and data processing mechanism behind the tools.
- There’re some important industry standards for incident handling that a security analyst needs to study in this course: CVSS v3.0, VERIS, NIST 800-61, NIST 800-86. They’re very useful if you’re working in security.
- I’m especially interested in the labs, in which you take the role as an attacker and also as a security analyst to detect the intrusion signs in each phase of the attack (according to Cyber Kill Chain). Cisco designs the lab very well so that you understand the concepts and also can practice skills with Metasploit, Mutillidae, Squil Alert analysis, ELSA SIEM and other tools in Security Onion toolset.
Cisco continues to give a full scholarships for this course here: https://mkto.cisco.com/security-scholarship, e-learning cost $3,000 + exam cost $1,200 = total $4,200. After finishing SECFND or SECOPS course (pass all the lesson challenges and complete all the labs), Cisco’ll give you the vouchers which you’ll use to schedule exams at your nearest PearsonVUE testing center. What you need are some basic network, operating system and security knowledge to apply (yes, there will be a screening test), patience to wait for the acceptance (depends on number of candidates, it will take 2 or 3 weeks, and other several weeks for cohorts arrangement) and dedication to follow the program in about 3 months (yes, if you miss any milestone, you’ll be dropped from the program). But believe me, it’s so much worth.
Hope it helps you to make decision 😊.