This event had place on Tuesday 22nd, Septemberat 10hrs PDT
You can download the slides of the presentation in PDF format here.
A: There are several differences between traditional information security (InfoSec) and cybersecurity. In the past, InfoSec programs and policies were designed to protect the confidentiality, integrity, and availability of data within the confines of an organization. This is no longer sufficient. Organizations are rarely self-contained, and the price of interconnectivity is an increased level of exposure to attack. Every organization, regardless of size or geographic location, is a potential target. Cybersecurity is the process of protecting information by preventing, detecting, and responding to attacks. Cybersecurity programs recognize that organizations must be vigilant, resilient, and ready to protect and defend every ingress and egress connection as well as organizational data wherever it is stored, transmitted, or processed. Cybersecurity programs and policies expand and build on traditional information security programs but also include cyber risk management and oversight; threat intelligence and information sharing; threat hunting, third-party organization, software, and hardware dependency management; and incident response.
A: If you are interested in a career in cybersecurity operations as a tier 2 or tier 3 analyst in a security operation center (SOC), then select the CyberOps Professional track. If your job is around configuring, deploying, and troubleshooting Cisco security technologies, then CCNP Security is the best track for you.
A: Well that depends on the environment you’re in what is your goal. If you started in CyberOps it’s probably because you wanted to move into a security operation center, right? So, working in a security operation center, helps to learn about instant response and then provides you the opportunity to see yourself in some upper response levels, like tire 1 or tier 2 response teams. Or on tier 3, where they specialize more in particular areas such as forensic. Why I mention this, is because naturally people who are within this environment will not go to the security CCP unless they’re asked to deploy or manage those technologies and the security operation center typically don’t do that. So, most people what they do is, of course, they’re waiting for the CyberOps professional, but if you’re part of that group, and you actually if you are shifting gears into security and you want to specialize into Cisco technology. Absolutely, that is when you go to specialize in Cisco security technology on the CCNP track.
A: You should start with the basic security concepts (which accounts for 25% of the exam). The blueprint domain is called “Security Concepts”. The exam blueprint can be accessed at https://learningnetwork.cisco.com/s/scor-exam-topics
A: Cisco Modeling Labs and DevNet are some of the best resources to get hands-on experience.
A: As part of migration, a candidate to earned the CCNP Security certification before February 24, 2020 should have received credit for the SCOR (Core) exam which will allow being able to take the corresponding lab exam. I would recommend that the user login to their Certification Tracking System profile to confirm at www.cisco.com/go/certifications/login
A: Definitely concentrate on the blueprint, as it is the single source of truth for the certification
A: They are two different things, CISSP is not a Cisco certification, it is an Information System Security Certification, but it is a fair question. I did take that certification probably 14 years ago or more, and it was because it was a requirement in that moment. It is a good certification, it gives you an overall perspective of all the security domains, and it goes over other things that are technical, for instance; the meaning of disaster discovery and it gives you a somewhat a good amount of vocabulary in the industry.
On the other hand, the CORE exam were talking about in this session is completely different, it focus on Cisco Security technologies and in the specialization, configuration and deployment of those. Nevertheless, it assumes that you also have that type of knowledge that the CISSP introduces you. Now the Cisco certification is not like the CISSP that requires you a letter that certifies that you have years of experience in the field and that somebody corroborate that. They are completely different.
A: Yes indeed. For the CCIE Security, the equipment and software list is posted at:
A: Check out the Cisco Umbrella lab at: https://community.cisco.com/t5/security-documents/cisco-umbrella-lab-v2-2-now-available-on-cisco-dcloud/ta-p/3675393
A: Not in the SCOR exam.
A: Well it is very unfair to me to say one or the other are on demand now. However, there’s a big gap, for sure, in security automatization. That is the reason why Cisco created DevNet and why a lot of people are transitioning to that, at the end of the day many things related to security and known security technologies have to be automated. You need to know about the logs, what comes after them and what comes after they’re placed in the machine. You need to know about orchestration and all the tools to launch others, even the data to extract from infrastructure devices or endpoints, those are in super high demand in the industry and subsequently that is why you see lot of people taking the auto mean.
However, there are two ways where you can take the steps of certifications: one is that you actually want to explore something new and you actually want to be familiar with the concepts and you’re looking to shift careers. And the second one, is that you’re already doing that, you were hired to be a firewall guy, you were hired to be an IPS or VPN individual. So, in many cases is not so much of just choosing one or another, is that, that’s a part of your job and to become better you chose to focus into those specifications.
A: You can find comprehensive design guides at: https://www.cisco.com/c/en/us/solutions/design-zone.html
A: The CyberOps track is focused on incident response and principles of digital forensics. It does not cover product-based assessments or regulatory compliance audits.
A: I have a list of resources to follow in one of my personal GitHub repositories at:
A: This all depends on the individual because a lot of the techniques that we kind of assume in the core exam that you already know, for instance; what is IRIS or Trojan, malware or ransomware, we cove ra super high level. So, it’s a given that you already must know that type of knowledge. Thus, if you don’t feel comfortable, you probably don’t have to go through a whole certification like this, at least study those. And that’s is why I placed these slides for you, so you could consider the minimum cybersecurity concepts you need to know for the exam. At the end, you’re going to be the best judge.
As you progress, read the book and go to the practice test to determine if you probably should pause for now, and think if you should go into other items within the domains and probably even go to the curriculum of CyberOps associate, it really provides very good foundation particularly if you’re just starting a career in security. In fact, the CyberOps associate is a great way to go for those seeking to change technology gears. I even have some colleagues that have a CCIE in other technologies, but they don’t have background in security, so they start with this certification. At the end of the day you’re the best judge, but the great things is that with all the materials, guides and books you can learn all you need to know for the exam, and it’s going to be very fast pace.
A: There are already several concepts on the evolution of VPNs (those provided by ISPs, not the ones that corporations can create in their own when connecting different sites) once 5G is available everywhere. There are some efforts within the IETF that propose different solutions for network slicing and enhanced VPN services: https://www.ietf.org/id/draft-ietf-teas-enhanced-vpn-06.txt
On the other hand, site-to-site VPN technologies used by enterprises are still extremely relevant and are here to stay for many years.
A: For the CORE exam, not that much. You don’t have to be intimidated about needing to have ten years of experience on it. Now for the S auto exam you must have a lot more on hands. This is a kind of the guiding path: there is an introduction to Python and concepts, go to that and you will learn more about how Python packages looks like and what you can actually do with RESTful API, you need to know about them, they are related to the crypto algorithms. So, don’t be intimidated, you don’t have to do a career in programmability, this a multiple-choice exam so you may get questions that have examples of some Python scripts, or some JASON files coming back as a result, and you have to be able to interpret them. But for the S auto exam you need to have more experience on hands.
A: You can definitely start a career in cybersecurity without programming experience. However, depending on what concentration and specialization you are after, it is very beneficial to have some programming experience. For instance, if you are thinking about becoming a web penetration tester, having a good background on how web applications are created, is definitely a great benefit. Similarly, other specializations such as reverse engineering and binary/malware analysis, a good background with C, C++, assembly, etc. will definitely help you.
A: I always suggest having at least a basic background in software development (even if it is principles of Python). However, it will all depend on the cybersecurity concentration you would like to focus. Perhaps, you can do both in parallel? If you are referring to the SCOR exam only, I strongly suggest to complete the Coding and API’s hands-on tutorials in DevNet at: