cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

From Zero to CCIE Security: Tips to Prepare for the CCNP & CCIE Security Core exam -FAQ

710
Views
5
Helpful
0
Comments

This event had place on Tuesday 22nd, Septemberat 10hrs PDT 

Introduction

Event slides

Featured Author

osantos.jpgOmar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than twenty (20) books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. He is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities.

You can download the slides of the presentation in PDF format here.

 

Live Questions

Q: In this digital era, how do you differentiate between IT and Cybersecurity? Could you please share your thoughts on this.

A: There are several differences between traditional information security (InfoSec) and cybersecurity. In the past, InfoSec programs and policies were designed to protect the confidentiality, integrity, and availability of data within the confines of an organization. This is no longer sufficient. Organizations are rarely self-contained, and the price of interconnectivity is an increased level of exposure to attack. Every organization, regardless of size or geographic location, is a potential target. Cybersecurity is the process of protecting information by preventing, detecting, and responding to attacks. Cybersecurity programs recognize that organizations must be vigilant, resilient, and ready to protect and defend every ingress and egress connection as well as organizational data wherever it is stored, transmitted, or processed. Cybersecurity programs and policies expand and build on traditional information security programs but also include cyber risk management and oversight; threat intelligence and information sharing; threat hunting, third-party organization, software, and hardware dependency management; and incident response.

Q: On a Cyber Security point of view which is the right way to go - CCNP Security or CyberOps Professional?

A: If you are interested in a career in cybersecurity operations as a tier 2 or tier 3 analyst in a security operation center (SOC), then select the CyberOps Professional track. If your job is around configuring, deploying, and troubleshooting Cisco security technologies, then CCNP Security is the best track for you.

Q: I am cisco certified CyberOps. Is it advisable for me to go for CCNP security?

A: Well that depends on the environment you’re in what is your goal. If you started in CyberOps it’s probably because you wanted to move into a security operation center, right? So, working in a security operation center, helps to learn about instant response and then provides you the opportunity to see yourself in some upper response levels, like tire 1 or tier 2 response teams. Or on tier 3, where they specialize more in particular areas such as forensic. Why I mention this, is because naturally people who are within this environment will not go to the security CCP unless they’re asked to deploy or manage those technologies and the security operation center typically don’t do that. So, most people what they do is, of course, they’re waiting for the CyberOps professional, but if you’re part of that group, and you actually if you are shifting gears into security and you want to specialize into Cisco technology. Absolutely, that is when you go to specialize in Cisco security technology on the CCNP track. 

Q: What are the first topics that a Network Engineer (CCNP R&S) need to learn to achieve the CCNP Security?

A: You should start with the basic security concepts (which accounts for 25% of the exam). The blueprint domain is called “Security Concepts”. The exam blueprint can be accessed at https://learningnetwork.cisco.com/s/scor-exam-topics

Q: What can we use to practice? Is PT enough or you recommend something like VIRL to get hands-on experience?

A: Cisco Modeling Labs and DevNet are some of the best resources to get hands-on experience.
https://www.cisco.com/c/en/us/products/cloud-systems-management/modeling-labs/index.html

Q: If I completed my CCNP Security track on January 2020, Can I go directly to the Lab?

A: As part of migration, a candidate to earned the CCNP Security certification before February 24, 2020 should have received credit for the SCOR (Core) exam which will allow being able to take the corresponding lab exam. I would recommend that the user login to their Certification Tracking System profile to confirm at www.cisco.com/go/certifications/login

Q: When preparing for the SCOR exams will you advise some to stick to the blueprint or read from multiple source e.g NIST, ISO e.t.c?

A: Definitely concentrate on the blueprint, as it is the single source of truth for the certification 

Q: How does CCNP Security compares with CISSP if I'm pursuing a CISO role?

A: They are two different things, CISSP is not a Cisco certification, it is an Information System Security Certification, but it is a fair question. I did take that certification probably 14 years ago or more, and it was because it was a requirement in that moment. It is a good certification, it gives you an overall perspective of all the security domains, and it goes over other things that are technical, for instance; the meaning of disaster discovery and it gives you a somewhat a good amount of vocabulary in the industry.
On the other hand, the CORE exam were talking about in this session is completely different, it focus on Cisco Security technologies and in the specialization, configuration and deployment of those. Nevertheless, it assumes that you also have that type of knowledge that the CISSP introduces you. Now the Cisco certification is not like the CISSP that requires you a letter that certifies that you have years of experience in the field and that somebody corroborate that. They are completely different. 

Q: Does Cisco post which code versions they expect exam users to be familiar with for each technology? For example, there are definitely differences between FTD 6.2 versus 6.4.

A: Yes indeed. For the CCIE Security, the equipment and software list is posted at:
https://learningnetwork.cisco.com/s/article/ccie-security-v6-0-equipment-and-software-list

Q: Is there any way to build virtual lab for Umbrella?

A: Check out the Cisco Umbrella lab at: https://community.cisco.com/t5/security-documents/cisco-umbrella-lab-v2-2-now-available-on-cisco-dcloud/ta-p/3675393

Q: Are there simlets in this exam?

A: Not in the SCOR exam.

Q: In your expert opinion: What CCNP Security Specialization is currently in high demand in the market?

A: Well it is very unfair to me to say one or the other are on demand now. However, there’s a big gap, for sure, in security automatization. That is the reason why Cisco created DevNet and why a lot of people are transitioning to that, at the end of the day many things related to security and known security technologies have to be automated. You need to know about the logs, what comes after them and what comes after they’re placed in the machine. You need to know about orchestration and all the tools to launch others, even the data to extract from infrastructure devices or endpoints, those are in super high demand in the industry and subsequently that is why you see lot of people taking the auto mean.
However, there are two ways where you can take the steps of certifications: one is that you actually want to explore something new and you actually want to be familiar with the concepts and you’re looking to shift careers. And the second one, is that you’re already doing that, you were hired to be a firewall guy, you were hired to be an IPS or VPN individual. So, in many cases is not so much of just choosing one or another, is that, that’s a part of your job and to become better you chose to focus into those specifications.

Q: Can you recommend any general guidelines for designing Cisco security solutions? Is Cisco SAFE Reference Guide still the best place to start given how quickly the products are evolving?

A: You can find comprehensive design guides at: https://www.cisco.com/c/en/us/solutions/design-zone.html

Q: Are Incident Response, Security Audits/Compliance part of CyberOps track? Also which exam/track focusses on technologies like SSO, IAM, WAF if at all?

A: The CyberOps track is focused on incident response and principles of digital forensics. It does not cover product-based assessments or regulatory compliance audits.

Q: What sources do you use to keep on top of new threats and industry best practices?

A: I have a list of resources to follow in one of my personal GitHub repositories at:
https://github.com/The-Art-of-Hacking/h4cker/tree/master/who-and-what-to-follow

Q: What is the best path, in your opinion, to be successful in the SCOR Core Exam. Would you recommend a candidate to have the knowledge of CCNA cert or Cyber Ops cert or both as a good foundation?

A: This all depends on the individual because a lot of the techniques that we kind of assume in the core exam that you already know, for instance; what is IRIS or Trojan, malware or ransomware, we cove ra super high level. So, it’s a given that you already must know that type of knowledge. Thus, if you don’t feel comfortable, you probably don’t have to go through a whole certification like this, at least study those. And that’s is why I placed these slides for you, so you could consider the minimum cybersecurity concepts you need to know for the exam. At the end, you’re going to be the best judge.
As you progress, read the book and go to the practice test to determine if you probably should pause for now, and think if you should go into other items within the domains and probably even go to the curriculum of CyberOps associate, it really provides very good foundation particularly if you’re just starting a career in security. In fact, the CyberOps associate is a great way to go for those seeking to change technology gears. I even have some colleagues that have a CCIE in other technologies, but they don’t have background in security, so they start with this certification. At the end of the day you’re the best judge, but the great things is that with all the materials, guides and books you can learn all you need to know for the exam, and it’s going to be very fast pace. 

Q: What is the place of 5G Security and IPSec site-site VPN?

A: There are already several concepts on the evolution of VPNs (those provided by ISPs, not the ones that corporations can create in their own when connecting different sites) once 5G is available everywhere. There are some efforts within the IETF that propose different solutions for network slicing and enhanced VPN services: https://www.ietf.org/id/draft-ietf-teas-enhanced-vpn-06.txt
On the other hand, site-to-site VPN technologies used by enterprises are still extremely relevant and are here to stay for many years.

Q: What depth of knowledge of Python is required to tackle APIs in the lab?

A: For the CORE exam, not that much. You don’t have to be intimidated about needing to have ten years of experience on it. Now for the S auto exam you must have a lot more on hands. This is a kind of the guiding path: there is an introduction to Python and concepts, go to that and you will learn more about how Python packages looks like and what you can actually do with RESTful API, you need to know about them, they are related to the crypto algorithms. So, don’t be intimidated, you don’t have to do a career in programmability, this a multiple-choice exam so you may get questions that have examples of some Python scripts, or some JASON files coming back as a result, and you have to be able to interpret them. But for the S auto exam you need to have more experience on hands.

Q: I have been thinking on getting into security for a while. You have mentioned "programming" a few times...I have no programming experience past some course way back in college. Would that not be an issue to get into this?

A: You can definitely start a career in cybersecurity without programming experience. However, depending on what concentration and specialization you are after, it is very beneficial to have some programming experience. For instance, if you are thinking about becoming a web penetration tester, having a good background on how web applications are created, is definitely a great benefit. Similarly, other specializations such as reverse engineering and binary/malware analysis, a good background with C, C++, assembly, etc. will definitely help you.

Q: Why do you think security is a way to go., and not software coding especially when you are choosing your ways, or you are at the crossroads?

A: I always suggest having at least a basic background in software development (even if it is principles of Python). However, it will all depend on the cybersecurity concentration you would like to focus. Perhaps, you can do both in parallel? If you are referring to the SCOR exam only, I strongly suggest to complete the Coding and API’s hands-on tutorials in DevNet at:
https://developer.cisco.com/startnow/#coding-apis-v0

 

Related Information

Content for Community-Ad