cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Meet the Authors FAQ´s - A Cybersecurity Deep Dive with Omar Santos

472
Views
0
Helpful
0
Comments

 

This event had place on Thursday 23rd, January at 10hrs PDT 

Introduction

Event slides

 

Featured Author

osantos.jpgOmar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than twenty (20) books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. He is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities.

You can download theslides of the presentation in PDF format here.

 

Live Questions

 

Q: In your opinion is it feasible to go straight and attempt the CCIE Security before getting CCNP Sec?

A: At the end of the day you’re the best judge of where you actually stand. However, the cool thing about the new certifications is that you’ve to take the same CORE exam for both certifications and you’ve t pass it for any of them. The CORE exam is very extent, it covers many technologies and it goes even beyond just the traditional Cisco technologies, it covers tons of security fundamentals, application awareness and even has some concepts of dynamics and so on.
So, think about the CORE exam to be like that, that can give you an idea of how the CCIE lab would be… it will be very extent. Something we added on the CCIE Security is a 3 hours stage in which you must demonstrate that you can do design and complete specific tasks.
It really depends on how you feel comfortable with. First, take the CORE exam that will help you decide if you feel like having the broad experience cross different security technologies and if you’re going or not for the CCIE or if you would rather complete the CCNP first by taking the concentration exams.

 

Q: Does this book cover security contents with new Cisco CCIE exam changing in February 2020?

A: The CCNP Security Core SCOR 350-701 Official Cert Guide will cover CCIE content http://www.ciscopress.com/store/ccnp-and-ccie-security-core-scor-350-701-official-cert-9780135971925

 

Q: Do we have an official book for concentration exams? If we want to start from concentration exams.

A: Every single technology area will provide material for each of their new concentration exams. In the case of Security, you can still have a look to Security fundamentals that you can leverage.
Books, videos or resources for the concentration exams will be released for late February and March on wards.

 

Q:Will the cert guide SCOR 350-701 will be enough for the concentration exam? This guide focus on the CORE and I have problems finding material for the concentration exam preparation.

A:Yes but for each of the concentrations exam there will be material either Cisco Press or from Cisco Learning Network, there will be classes as well. For instance, on the partner community there will be many classes for that.

 

Q: Do you think the book "Developing Cybersecurity Programs and Policies" can be sort of an entry point into the Cybersecurity field? (in terms of management security operations)

A: The book is used by many individuals who are getting started in cybersecurity governance and management. It is also being used by many universities in their IT Cybersecurity Curriculum.

 

Q:Are Meraki products (MX)  going to have a key role in Cisco security?

A:Yes, they have been a focus. I use Meraki at home. In fact, every security product would have to have a place in Cisco solutions. Many modern implementations and network products are or will be manage din the cloud, and that’s one of the great things that Meraki offers, you can distribute different devices across the organization and it’s not only for smaller organizations. For instance, many events with thousand of access points are being deployed and managed by Meraki products.

 

Q: Will this book be available in hard copy only or in digital form as well?

A: Most books in Cisco Press are available in both formats, digital and hard copy.

 

Q: In the new CCNP, can you reniew your old CCNP certificate by taking or passing a Specialist exam?

A:In the new certification scheme to re-certify a CCNP certification you would need to: pass a technology core exam, pass any two professional concentration exams or pass one CCIE lab exam. More details here: https://www.cisco.com/c/en/us/training-events/training-certifications/recertification-policy.html?wcmmode=disabled#~requirements

 

Q: Can you provide any pointers for layer 2 security in shared infrastructure -to stop a VLAN hopping for example?

A: Great question! If “shared infrastructure” means “in the cloud” or Infrastructure as a Service (IaaS), then the responsibility of the underlying infrastructure relies on the cloud provider. For instance, the underlying switches should not be configured with access ports with either of the following modes: "dynamic desirable", "dynamic auto". Manually configure access ports and disable DTP on all access ports. To prevent a Double Tagging attack, keep the native VLAN of all trunk ports different from user VLANs. So, in short, all of the Layer 2 security best practices are a responsibility of the cloud provider.
On the other hand, all virtual switches (in an IaaS scenario) are the responsibility of the cloud consumer. This is an example of a “cloud responsibility matrix”: https://aws.amazon.com/compliance/shared-responsibility-model/

 

Q: After CCNA Cyber Ops what is a recommended to be the next step for a Cyber certification (CEH, CISSP, CCNP Security, etc.)?

A:This is the question they always ask me. So, the first question we got when announcing the new Cisco certification scheme was “What is the future of CyberOps”, is going to disappear? Cyber Ops will continue.
So, I would recommend staying tuned, I can’t share many information but there will be progression Security is a very important pillar in Cisco.
If already have CCNA Cyber Ops, then we recommend you go for a CCNP Security and take one of the concentration exams that gives you a specialization. In fact, many large companies that already hold a CCNA Cyber Ops are looking to go more into Security, programmability and automation. So, consider there are many fats an don’t forget that as soon as you pass the Security CORE exam you can decide to go for the CCIE and cyber Ops would be key fundamental for these certification.
Also, you can have a look to DevNet and the courses related to security and automation.

 

Q: Are they simple procedures for everyone?

A: If you refer to the ones related to Netflow Security, you can find them and complete them by following what is on Omar’s book: http://www.ciscopress.com/store/network-security-with-netflow-and-ipfix-big-data-analytics-9781587144387

 

Q:What programming language is recommended for Cyber data analytics?

A:If you’re just getting started, I would recommend start with Python, then move on to the scripting languages and specialize into the ones that are related to your work and area of interest/specialization. For instance, reverse engineering is written in “C” so you will have to have a look into that language. And consider Assembly language.
In addition, you can consider other languages, likes Ruby which is very popular among the security area for the tools it offers, like Metasploit. And scripting languages likes Bash and Linux -having a background of Linux is important-, and PowerShell in the case you’re working with windows. You need to explore different areas; attackers are using legitimate applications and scripts through PowerShell to do their malfeasance so having a good understanding of those will be very beneficial.

 

Q:Does specializing in Cyber Security requires you to be an expert in programming more specifically Python programming?

A:Python is the most recommend language to get started in technology, it is very powerful
You can go from passing logs into an application to creating your own exploit to look at things that you can manipulate data and then virtualize the data to analyze potential risks within your organization and do analytics.
If you want to go for an specialization in security like “exploit development” or “reverse engineering”, there’re some binary that are written in C, well Python won’t help you that much there because would need to know C in order to work on that. Thus, there’re some areas in which you will have to go into specialized languages of what you’re working with.

 

Q:What books do you recommend for someone who is starting in Security?

A: Great timing! At Cisco, we originally developed the CCNA CyberOps to help individuals looking into getting started in cybersecurity and security operations. If you are new to security, you can use the Security Fundamentals (SECFND) book. In addition, we just refreshed this program (now called “Cisco Certified CyberOps Associate”). https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/cyberops-associate.html

 

Related Information