2 months in a rush was what i needed to finish my CCNA Cyber Ops, it’s composed by 2 exams:
- 210-250 SECFND
- 210-255 SECOPS
The e-learning was part of the Cisco scholarship, so i had all materials required to learn what was required for each exam. The SECOPS exam it was a bit more difficult due his nature of different language.
This exam understand common security concepts, and start to learn the basic security techniques used in a Security Operations Center (SOC) to find threats on a network using a variety of popular security tools within a “real-life” network infrastructure.
Upon completing this course, students will be able to:
- Describe, compare and identify various network concepts
- Fundamentals of TCP/IP
- Describe and compare fundamental security concepts
- Describe network applications and the security challenges
- Understand basic cryptography principles
- Understand endpoint attacks, including interpreting log data to identify events in Windows and Linux
- Develop knowledge in security monitoring, including identifying sources and types of data and events
- 210-250 SECFND
This exam focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.
Upon completion of this course, you will have the skills and knowledge to:
- Define a SOC and the various job roles in a SOC
- Understand SOC infrastructure tools and systems
- Learn basic incident analysis for a threat-centric SOC
- Explore resources available to assist with an investigation
- Explain basic event correlation and normalization
- Describe common attack vectors
- Learn how to identify malicious activity
- Understand the concept of a playbook
- Describe and explain an incident respond handbook
- Define types of SOC metrics
- Understand SOC workflow Management system and automation
This is going to be my 2nd Cisco Live, and i’m very excited because i’ve learned a lot over the past 8 years and i’m in a different professional stage at the moment that 8 years ago it was just a dream. I’m a strong believer that these events are important to grow your “networking” and keep you updated on new trends/technology.
So how my calendar looks like so far?
- CCDE Techtorial and Exam
If you are are around, lets grab a beer and crack some of the topics above
Black Hat Europe in London this year is not a mirage, it’s real! Wake Up, time for action! Briefings, Training, Arsenal and beer you choose! Register here
And if you are a student on the cyber security arena, you can get a free scholarship which allows full access to all Briefings on Wednesday, December 6 and Thursday, December 7 at the ExCeL London, United Kingdom. You can apply here.
If you go contact me, i will be around!
Automation and orchestration capabilities these days are the key for many Organizations, and this session will show you what can you achieve with the R80.10 API. Specifically, this session covers:
- Introduction to using the R80.10 APIs using Postman and Ansible
- Tips on how to add objects and services to adding rules via CLI RESTful API
- Additional use cases
- And much more
The content presented is below:
Slides: How to use R80.10 API for Automation and Streamlined Security (PPT)
Video: How to use R80.10 API for Automation and Streamlined Security (Video)
Q&A: TechTalk Q&A: Leveraging the R80.10 API to Automate and Streamline Security Operations
Looking for more cool stuff? Check on CheckPoint CheckMates Community
Cisco is climbing fast, Fortinet faster, PaloAlto still leading and filling their gaps in portfolio and Check Point released finally the R80 for gateways. I predict 4 Leaders next year, it will be a nice race to watch!
Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2017
Working a lot around Response Policy Zone (RPZ) these days, it’s better to start collecting some valuable tools, whitepapers, research, best practises, etc
||The most widely used DNS software on the Internet
||Integrated authoritative DNS and DHCP server (the continuation of the BIND 10)
||A lightweight, easy to configure DNS forwarder and DHCP server
||Knot DNS is a high-performance authoritative-only DNS server
||A versatile nameserver which supports a large number of backends
How can we detect and mitigate a kill chain in encrypted traffic without breaking users privacy and same time with minimal false positives? Cisco Catalyst 9k is the newest platform with this capability which is called Encrypted Traffic Analysis (ETS). Machine Learning & metadata seems to be the right ingredients to make the wheel work.
Read here for more detail.
Cisco announced a new platform, Catalyst 9k (fixed and modular), a new hit for the Enterprise Architecture.
Some of the benefits i’ve captured:
- Secure segmentation with SD-Access
- Unmatched 60W POE on every access port
- DNA Center
- IoT readiness
- Cloud readiness
- UADP 2.0
- StackWise Virtual
- Encrypted Traffic Analysis (ETA)
- Licensing mode changed (no info yet)
You can check here the CPX 2017 Presentations, for exclusive access to full slide decks from each presentation, please log into your Check Point CheckMates account.
An interesting read about TLS and DTLS Best practises…
A misinterpretation from browser perspective which can lead to a phishing attacks, read here https://nakedsecurity.sophos.com/2017/04/19/phishing-with-punycode-when-foreign-letters-spell-english-words
Chrome is fine now (v58+) but Firefox not, so stay sharp!
It was a really nice Webinar and overview of capabilities and deep drill down you can have on a packet life.
Cisco is refreshing Security platforms, Cisco ASA 5585-X is EOL now and Cisco Firepower 2100 Series came live on Cisco Live Berlin 2017.
Since last year Cisco have been announcing EOL for a few Cisco ASA X and non X platforms
I’m running Cisco ACS 5.2, and this shouldn’t be common operation in Production but…..backup your licenses before you go ahead.
login as: admin
Using keyboard-interactive authentication.
Password:******cs/admin# acs reset-config
This command deletes the current ACS configuration
and resets the ACS configuration to factory defaults.Cisco recommends that you perform a backup before you execute this command.Are you sure you want to reset the configuration now? (yes/no) yes
Grab a coffee now, this will take a while around 20 minutes!
Stopping Management and View………………….
Cleanup…..Resetting configuration to factory defaults.
Starting ACS ….
To verify that ACS processes are running, use the
‘show application status acs’ command.
acs/admin# show application status acs
Status is not yet available.
Please check again in a minute.
acs/admin# show application status acs
ACS role: PRIMARY
- Process ‘database’ running
Process ‘management’ running
Process ‘runtime’ running
Process ‘view-database’ running
Process ‘view-jobmanager’ running
Process ‘view-alertmanager’ running
Process ‘view-collector’ running
Process ‘view-logprocessor’ running
I’ve applied for Cisco Cybersecurity Scholarship and i’m glad it was accepted, i understand people applied massively, but start in 16 months is not understandable! Cyber Security is now!Now! Now!
Now i just have to wait for the next message, hopefully with a close date, fingers crossed!
$10 Million in Cisco Global Cybersecurity Scholarships!
FAQs about the Cisco scholarship program
Cybersecurity scholarship Blog