CCNA security retired: Time to earn your Cisco CyberOps certification?
There’s no doubt that security in the IT world is very important. In the past, one had a chance to get some industrial certifications in this area from Cisco as well, and the first step towards being a security specialist was the CCNA Security exam. However, Cisco retired this exam in 2020, so now we need to find another path to becoming a security expert.
Why did Cisco retire the CCNA security certification?
You may ask: why was it necessary to retire this certification? Well, the material it covered didn’t disappear; it has just been reorganized.
It seems that Cisco’s intention was the idea that “fewer is better”: you don’t need to take so many exams, yet still, you’ll get the foundational knowledge. It is because a lot of topics moved to CCNA, which has been massively redesigned as well.
Moreover, the certification paths are simpler and easier to review than before, especially in the entry level. If you want to deep dive in Cisco security solutions and specializations, you still have the opportunity to learn CCNP Security and even CCIE Security. But now we also have the Cisco Certified CyberOps Associate, which on first appearance is similar to CCNA Security, but there are differences.
In the next sections, we’ll take a look at these differences.
What is the Cisco Certified CyberOps Associate certification?
The Cisco Certified CyberOps Associate (or CCNA CyberOps in its initial name) is a relatively new certification. The acronym “CyberOps” means Cybersecurity Operations. According to Cisco, this certification “prepares you for today’s associate-level job roles in security operations centers (SOCs). The program has one training course and one exam that covers the foundational skills, processes, and knowledge you need to prevent, detect, analyze, and respond to cybersecurity incidents as part of a SOC team.”
What is cybersecurity? Cisco says: “cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.”
When the CCNA CyberOps certification was initially released, there were two separate exams: Understanding Cisco Cybersecurity Fundamentals (SECFND) and Implementing Cisco Cybersecurity Operations (SECOPS). In May 2020, Cisco consolidated the exams and made it one complex exam for the Cisco Certified CyberOps Associate certification. The official name is Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) and its code is 200-201.
The exam topics are the following:
- Security concepts
- Security monitoring
- Host-based analysis
- Network intrusion analysis
- Security policies and procedures
The “security concepts” topic is about 20% of the material. In this, we need to describe the security terms and deployments and the CIA triad (Confidentiality, Integrity and Availability), and compare the security concepts and access control models. In other words, this topic includes the foundational terms and terminologies used in cybersecurity.
The “security monitoring” topic, whose weight is 25% of the exam, requires the candidate to describe the types of data that is provided by, for example, TCP dump and NetFlow. The candidate must know how the technologies used (e.g., NAT/PAT, tunneling or encryption) impact the data visibility and the uses of the data in security monitoring. Besides that, we need to know the various attack types and techniques, and to identify the certificate components (X.509, key exchange, PKCS and so on).
The “host-based analysis” topic covers 20% of the exam. The candidate needs to describe some endpoint technologies (e.g., host-based IPS and firewall) and the role of attribution in an investigation, identify components of an operating system and type of evidence based on log files. Moreover it’s important to know how to interpret logs to identify a given event.
“Network intrusion analysis” is the fourth topic and its weight is 20% of the exam. The candidate needs to identify key elements of an intrusion in a given packet capture file, interpret the protocol headers and common artifact elements from an event to identify an alert. It’s important to know regular expressions as well.
Finally, the “security policies and procedures” topic covers 15% of the exam. For the successful exam, we need to describe management concepts and elements in an incident response plan, according to NIST’s documentation. Besides that, we need to identify elements used for network and server profiling. The exact requirements can be found in the CBROPS exam topics document, referenced at the end of this article.
Who should earn the Cisco Certified CyberOps Associate certification?
As their number increases, our networks must be protected from security breaches. Nowadays, there’s a need for a team of security engineers who are continuously managing and monitoring security devices and try to detect and respond to incidents. The CyberOps certification is for professionals in these teams who are working in the so-called Security Operations Centers. So if you want to understand why and how cybercriminals can attack the networks and how can these attacks be identified and (hopefully) prevented, this certification is for you.
After a successful exam, one can be an associate-level cybersecurity analyst — he/she can be a college student or current IT professional. Since you probably need to work in a team, it is beneficial if you can work well with others.
What experience is needed to take the Cisco Certified CyberOps Associate certification exam?
There are no formal prerequisites for the exam, which is very good for the first sight. Of course, if you want to take it and want to work in this field successfully, some IT experience doesn’t hurt.
First of all, it’s much easier if you have a CCNA certification, because it gives strong foundational knowledge about networking. Secondly, it’s suggested to have the IT Essentials as well, because you have to work with various operating systems and it is a must to know their structure and operation.
I can suggest some Linux courses also, as you have to work with it many times. If you have used Linux before, that’s a big advantage. There is an online and self-paced course in the Cisco Networking Academy called NDG Linux Unhatched, which helps to gain basic knowledge.
And finally and most importantly, there are two such courses especially for CyberOps. These are Intro to Cybersecurity and Cybersecurity Essentials — 15- and 30-hour courses, respectively. The reference for these courses is at the end of the article.
In summary, it’s recommended that you have prior knowledge of PC hardware and software, operating systems (mainly Windows and Linux), networking and information security. This knowledge is not so Cisco-specific as in CCNA Security, so if you worked with devices and technologies from other vendors, it’s no disadvantage.
How does the Cisco Certified CyberOps Associate certification compare to other Cisco certs?
The CyberOps certification is relatively new, but Cisco actively promotes it and becomes more and more popular. The redesign of certifications is significant and if someone wants to deal with security in a deeper way, they should certainly choose this alongside (or preferably after) CCNA. It’s a good choice for anyone without prior Cisco knowledge, because compared to other certifications, this is not so Cisco-specific (as mentioned before), but instead gives a general and vendor-neutral overview of cybersecurity. Otherwise, it’s similar to others considering study and exam circumstances.
Is the certification worth the effort?
Security attacks have become more and more sophisticated, and their numbers are rising day by day. Nowadays, even a beginner hacker can get easily usable, but very effective tools to break into weakly designed or badly maintained IT systems. Therefore, the IT security specialists (or teams in bigger companies) need more knowledge about these attacks to successfully prevent them. Besides this, new technologies are rising (cloud, IoT, automation) and bringing new challenges to security. As a result, there’s a growing demand for cybersecurity professionals.
Some researchers state that 3.5 million new jobs will open by 2021 related to cybersecurity. It seems that if someone wants to work in this sector and can prove his/her knowledge with an industrial certification, they can likely find a job. And it’s a challenging and interesting job, one in which you have the opportunity to engage in continuous learning and knowledge of new technologies.
“Knowledge is power,” yes, but it’s even more powerful if you get proper payment for it. The average annual salary for a cybersecurity or IT security professional is about $118,000 in North America, $76,000 in the EMEA region and $73,000 in Asia Pacific region. Of course, you need a certification to get the job, as every 6 out of 10 of them requires it.
What is the best way to train for the Cisco Certified CyberOps Associate certification?
People are not the same, and that’s also true when we need to learn things. But there are some guidelines that we can advise to do a successful exam.
Although we can study the topics from various sources, it is recommended to follow the official resources provided by Cisco. First of all, there’s the traditional course in NetAcad under the name of “CCNA Cybersecurity Operations” if you want an instructor-led learning environment supplemented by hands-on labs.
Secondly, there are official Cisco Press books. At the time of writing the official CBROPS 200-201 Certification Guide isn’t released yet, so we can use the SECFND 201-250 and SECOPS 210-255 certification guides. These are available on Amazon, Safari and on other providers. At Pearson, we can find even premium editions with practice tests. We can even find flashcards on Quizlet to practice and memorize the exam topics.
Thirdly, there are video courses if you prefer this format. CBT Nuggets, Livelessons, ITProTV and other companies issued their versions. If you have used one of them before, you can be familiar with this kind of learning.
Finally, the online communities must be mentioned. First of all is Cisco Learning Network, but there are study groups on Facebook also.
There are many options. I think the best way is to mix the study sources: it is recommended to access some official materials (the online course and/or books), and if there are questions, you can share them in study groups. The video courses are good supplemental materials but let’s not learn from these exclusively, as they cannot be so detailed as written study material. It is essential to do some hands-on practice, and maybe the best way is to use the virtual machines provided by the online NetAcad course.
Although relatively new, the CyberOps certification is popular and it seems that there will be a growing need for professionals having this. By the streamlining of two exams into one, it’s even a bit easier to take.
It’s a bit different than CCNA Security: that consisted of a lot more technical and practical knowledge, especially about Cisco security devices. But if you still want to learn that, then take the new CCNA, then CCNP Security (or even CCIE Security). The CyberOps consists of a lot of interesting topics also; if you like this area of IT technologies, it’s worth the effort.
- CCNA Cyber Ops, Cisco
- What Is Cybersecurity?, Cisco
- Understanding Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS), The Cisco Learning Network
- Free Online Self-Paced Courses, Cisco Networking Academy
- Take Your Place in the Growing Field of Cybersecurity, Cisco
- CCNA – SECFND – 210-250, Quizlet