There is no doubt that security in the world of information technology is essential. In the past, one had the opportunity to obtain some industry certifications in this field from Cisco. The first step in becoming a security professional was the CCNA Security Exam. However, Cisco withdrew from this testing in 2021, so we must find another way to become security experts.
Why did Cisco withdraw CCNA Security certification?
You might ask yourself: Why was it necessary to withdraw this certification? Well, the material I covered has not gone away; It has just been rearranged.
Cisco’s intent appears to have been the idea that “less is better” – you don’t need to do many tests, but you’ll still get the basics. This is due to the transfer of several topics to CCNA, which has also been extensively redesigned.
Also, certification paths are simpler and easier to review than before, especially at the entry-level. If you want to delve into Cisco security solutions and specialties, you still have the opportunity to learn CCNP Security and even CCIE Security. But we now also have Cisco Certified CyberOps Associate, which is similar at first glance to CCNA Security, but there are differences.
What is Cisco Certified CyberOps Associate?
Cisco Certified CyberOps Associate (or CCNA CyberOps in its initial name) is a relatively new certification. The acronym “CyberOps” stands for cybersecurity operations. According to Cisco, this certification “prepares you for today’s associate-level positions in Security Operations Centers (SOCs). The program contains a training and testing course covering the essential skills, processes, and knowledge you need. To prevent, detect, analyze, and respond to cybersecurity incidents as part of the SOC team. ”
What is cybersecurity? Cisco says: “Cybersecurity is the practice of protecting systems, networks, and software from digital attacks. These cyber-attacks generally aim to access, alter or destroy confidential information, extort money from users, or disrupt normal business operations.”
When CCNA CyberOps Certification was initially issued, there were two separate tests: Understanding Cisco Cybersecurity Fundamentals (SECFND) and Implementing Cisco Cybersecurity Operations (SECOPS). Cisco standardized the exams and made it a complex exam for the Cisco Performing CyberOps Using Core Security Technologies. The official name is Cisco Cybersecurity Operations Fundamentals (CBROPS) Understanding, and its code is 200-201.
The exam topics are as follows:
- Security concepts
- Security surveillance
- Host-based analysis
- Network penetration analysis
- Security policies and procedures
The topic “Safety concepts” makes up about 20% of the material. We need to describe security terms, applications, and the CIA triad (confidentiality, integrity, and availability) and compare security concepts and access control models. In other words, this topic includes basic terminology and terminology used in cybersecurity.
The subject “Security Monitor”, which weighs 25% of the exam, requires the candidate to describe the types of data provided by, for example, TCP dump and NetFlow. The candidate should know how the technologies used (for example, NAT / PAT, tunneling, or encryption) affect data visibility and the uses of data in security monitoring. We also need to know the different attack types and techniques and define the certificate components (X.509, Key Exchange, PKCS, etc.).
The topic “Host-based analysis” covers 20% of the exam. The candidate should describe some endpoint technologies (for example, host-based firewall and IPS) and the role of attribution in investigating, identifying operating system components, and building on evidence in log files. Also, it is important to know how to interpret logs to identify a specific event.
Topic 4, “Network Intrusion Analysis”, weighing 20%, is examined. The candidate must identify the main elements of intrusion in a given packet capture file and interpret the protocol headers and common archaeological elements of an event to define an alert. Knowing regular expressions is also important.
Finally, the topic “Security Policies and Procedures” covers 15% of the exam. According to NIST documentation, for the test to be successful, we need to describe the concepts and elements of management in the Incident Response Plan. Additionally, we need to define the elements used to create the server and network profiles. The exact requirements can be found in the CBROPS Exam Subject document, referenced at the end of this article.
Who Should Receive Cisco Certified CyberOps Associate Certification?
As their numbers increase, we must protect the networks from security breaches. Today, there is a need for a team of security engineers who constantly manage and monitor the security services and try to detect and respond to incidents. CyberOps certification is intended for professionals of these teams who work in so-called security operations centers. So if you want to understand why and how cybercriminals can attack networks and how these attacks can be recognized and prevented (hopefully), this certificate is for you.
After passing a successful exam, one can be an associate-level Cybersecurity Analyst; You can be an undergraduate student or current IT professional. Since you will probably need to work in a team, it pays to work well with others.
What experience is required to take the Cisco Certified CyberOps Associate Certification Exam?
There are no official prerequisites for the test, which is great at first glance. Of course, if you want to succeed and work in the field, some IT experience won’t hurt.
First of all, it is much easier if you have CCNA certification as it provides a solid basic knowledge about networking. Second, it is suggested that you also have the basics of IT, because you have to work with several operating systems and it is necessary to know their structure and operation.
I can also suggest some Linux courses as you have to work with them multiple times. If you have used Linux before, this is a plus. The Cisco Networking Academy self-study online course called NDG Linux Unhatched helps you gain basic knowledge.
Finally, and most importantly, there are two courses like this, especially for CyberOps. This is an introduction to the fundamentals of cybersecurity and cybersecurity: 15 and 30-hour courses, respectively. Reference these courses at the end of the article.
In short, it is recommended that you have prior knowledge of computer hardware, software, operating systems (mainly Windows and Linux), networking, and information security. This knowledge is not specific to Cisco as CCNA Security is, so if you work with third-party devices and technologies, this is not a defect.
How does the Cisco Certified CyberOps Associate certification compare to other Cisco certifications?
CyberOps certification is relatively new, but Cisco is actively promoting it and growing in popularity. Certification redesign is important, and if someone wants to approach security more extreme, they should definitely choose it alongside (or preferably after) CCNA. It is a good choice for anyone without prior knowledge of Cisco. Compared to other certifications, this is not Cisco specific (as mentioned above), but it does provide a vendor-neutral overview of cybersecurity. Otherwise, it is similar to others who take into account study and examination conditions.
Is the effort of certification worth it?
Security attacks are becoming increasingly complex, and their number is increasing day by day. Today, even a novice hacker can get easy-to-use yet highly effective tools to break into poorly designed or poorly maintained IT systems. Therefore, IT security professionals (or teams in large companies) need more knowledge about these attacks to prevent them successfully. New technologies (cloud, Internet of Things, automation) are emerging and bring new challenges for security. As a result, there is a growing demand for cybersecurity professionals.
Some researchers claim that by 2020, 3.5 million new jobs are related to cybersecurity. It seems that if someone wants to work in this sector and can prove their knowledge with an industrial degree, then they can probably find a job. It is a challenging and interesting job, where you have the opportunity to engage in continuous learning and awareness of new technologies.
“Knowledge is power,” yes, but it is much more powerful if you get the right nudge for it. The average annual salary for an information security or cybersecurity professional is approximately $ 118,000 in North America, $ 76,000 in the EMEA region, and $ 73,000 in the Asia-Pacific region. Of course, you need a certificate to get the job, as 6 in 10 require that.
What’s the best way to train for a Cisco Certified CyberOps Associate certification?
People are not the same, and this is also true when we need to learn things. But there are some guidelines we can recommend for a successful test.
Second, there are official books from Cisco Press. At the time of writing, the official CBROPS 200-201 certification guide has not been published yet to use the SECFND 201-250 and SECOPS 210-255 certification guides. These are available from Amazon, Safari, and other service providers. At Pearson, we can find premium versions with practice tests. We can also find Quizlet flashcards for practicing and memorizing exam topics.
Third, there are video courses if you prefer this format. CBT Nuggets, Livelessons, ITProTV, and other companies have released their releases. If you have ever used one of them, you may be familiar with this type of learning.
Finally, the internet should mention communities. First and foremost, it’s the Cisco Learning Network, but there are also Study Groups on Facebook.
There are many options. Video courses are good supplementary materials, but let’s not learn from them exclusively because they cannot be as detailed as the written course materials. Some practices are necessary, and perhaps the best approach is to use the virtual machines provided by the NetAcad online course.
Although CyberOps certification is relatively new, it is popular, and there appears to be an increasing need for professionals to obtain it. By simplifying two tests into one, it’s a little easier.
It’s slightly different from CCNA Security – more technical and working knowledge, especially on Cisco security devices. But if you still want to find out, take the new CCNA, then CCNP Security (or even CCIE Security). CyberOps consists of many interesting topics; If you like this field of information technology, it is worth it.