Course Introduction
Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC’s) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats.
The CCNA Cyber Ops certification prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.
The Cisco Cybersecurity Fundamentals course helps to prepare students for beginning and associate level roles in cybersecurity operations. The course focuses on security principles and technologies, using Cisco security products to provide hands-on examples. Using instructor-led discussions, extensive hands-on lab exercises, and supplemental materials, this course allows learners to understand common security concepts, and start to learn the basic security techniques used in a Security Operations Center (SOC) to find threats on a network using a variety of popular security tools within a real-life network infrastructure.
This course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.
It is recommended, but not required, that students have the following knowledge and skills:
· Working knowledge of the Windows operating system
· Working knowledge of the Linux operating system
· Basic IPv4 and IPv6 addressing knowledge
· Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
· Working knowledge of Cisco IOS networking and concepts
· Security Operations Center - Security Analyst
· Computer/Network Defense Analyst
· Computer Network Defense Infrastructure Support Personnel
· Future Incident Responders and Security Operations Center (SOC) personnel
· Students beginning a career, entering the cybersecurity field
· Cisco Channel Partners
Upon completion of this course, you will be able to:
· Describe, compare and identify various network concepts
· Fundamentals of TCP/IP
· Describe and compare fundamental security concepts
· Describe network applications and the security challenges
· Understand basic cryptography principles
· Understand endpoint attacks, including interpreting log data to identify events in Windows and Linux
· Develop knowledge in security monitoring, including identifying sources and types of data and events
· Define a SOC and the various job roles in a SOC
· Understand SOC infrastructure tools and systems
· Learn basic incident analysis for a threat centric SOC
· Explore resources available to assist with an investigation
· Explain basic event correlation and normalization
· Describe common attack vectors
· Learn how to identifying malicious activity
· Understand the concept of a playbook
· Describe and explain an incident respond handbook
· Define types of SOC Metrics
· Understand SOC Workflow Management system and automation
Understanding Cisco Cybersecurity Fundamentals (SECFND)
Module 1: Network Concepts
Module 2: Security Concepts
Module 3: Cryptography /IP
Module 4: Host-Based Analysis
Module 5: Security Monitoring
Module 6: Attack Methods
Implementing Cisco Cybersecurity Operations (SECOPS)
Module 1: SOC Overview
Lesson 1: Defining the Security Operations Center
Lesson 2: Understanding NSM Tools and Data
Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
Lesson 4: Identifying Resources for Hunting Cyber Threats
Module 2: Security Incident Investigations
Lesson 1: Understanding Event Correlation and Normalization
Lesson 2: Identifying Common Attack Vectors
Lesson 3: Identifying Malicious Activity
Lesson 4: Identifying Patterns of Suspicious Behavior
Lesson 5: Conducting Security Incident Investigations
Module 3: SOC Operations
Lesson 1: Describing the SOC Playbook
Lesson 2: Understanding the SOC Metrics
Lesson 3: Understanding the SOC WMS and Automation
Lesson 4: Describing the Incident Response Plan
Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
Lesson 6: Appendix B—Understanding the use of VERIS
1. Understanding Cisco Cybersecurity Fundamentals (210-250 SECFND)
2. Implementing Cisco Cybersecurity Operations (210-255 SECOPS)
Cyber Security Engineer, Cyber Security Analyst, Security Operations Center (SOC) Security Analyst