Cisco Cyber Security

Certification: Cisco CCNA Cyber Ops - Cisco Certified Network Associate Cyber Ops

By Sherry G. Holland

Becoming certified is the act of making it official on ones expertise in a predefined area. Cyber security is the measures that are taken to protect a computer or a computer system against an attack or an unauthorized access. Cyber security is also referred to as information technology security. The focus of cyber security is on protecting the computer, networks, data and programs from an unauthorized or unintended access, destruction or change. Our lives are affected by network outages, hackers compromising our data, new and old viruses on our computers and many other information technology related incidents. The uses of mobile devices are increasing as well. As the number of these users increase so does the number of exploitations.

Cyber security is important because of the vast amounts of government, financial institutions, hospitals, military, corporations and other businesses that collect, store and process tons of confidential information on their computers and transmit this data across networks to other computers. Because of the growing volume and sophisticated means of cyber-attacks, the continual attention is required to protect the sensitive personal and business information and as a safeguard mechanism for our national security.

Security professionals that have attained specialized in-depth knowledge and expertise in the crucial areas of proactive cyber threat mitigation and detection are considered specialist in this area and can obtain further recognition through obtaining certifications. The Cyber Security Specialist Certification leverages the features of Cisco and other network security products that are used today. This certification will focus on security events, alarm and traffic analysis, event monitoring and incident response.

Why should you become certified?

Security professionals are designed for professionals in different types of domains and products. For a professional to become certified, they become Subject Matter Experts or SME’s within that particular domain/product/application. Furthermore, Cisco recognizes these security professionals as specialized in-depth experts with the proven knowledge to proactively detect and mitigate cyber threats.


To become a Cisco Cyber Security Professional there are no required prerequisites, but the specialist should have a strong understanding of a working knowledge of the CCNA Security and TCP/IP concepts.

Study Material

The Cisco Learning Network provides a wide variety of study material to anyone trying to obtain certification. Cisco offers courses that are associated with this certification. The course is aimed at providing the skills and knowledge that will be required to proactively mitigate and detect the threats that exist in other industry network security products and Cisco’s products.


The required exam for the Cisco Cyber security Professional is the 600-199SCYBER. The duration of this exam is 60 minutes and it contains 45-55 questions. Every two years there is a requirement to be recertified. The exam is a closed book exam with no outside reference materials within the testing center.

Exam Details

The exam is broken down into six main categories. These categories and their details are:

1. Information Gathering and Security Foundations

  • The services a security operation center and network offers to an organization
  • The basic application architecture, network topologies and the host configuration standards description
  • The traditional hacking techniques description
  • The basic network security events description
  • The basic incident response processes and operational procedures of a security operations center description
  • The mission critical network functions and traffic, applications and device and services behaviors description
  • The risk analysis mitigation description
  • The security surrounding the local business process and infrastructure and applications description
  • The correlation baseline that is uses netflow output that will validate non-normal versus normal traffic description
  • The baseline of the network profile description
  • The threat, vulnerability and attack data impacts operations description
  • The primary sources of data on vendor vulnerabilities, exploits, active attacks and current threats description
  • The role of a network security analyst description
  • The corporate security policies description

2. Event Monitoring

  • A single or recurrent identification of a security incident
  • The best practices identification for forensic analysis and evidence collection
  • The monitoring of DNS query log output
  • The various sources of data and how it relates to the network security issues
  • The collection of data network as it is related to network issues related to security
  • The validation and monitoring of the health state and availability of devices

3. Security Events and Alarms

  • Diagnostic procedures and event metrics description
  • Basic incident types identified
  • Actionable events identified
  • Assess events and traffic that is related to the stated policies description
  • The different types and severity of alarms and events description
  • The correct identification and dismissal of false positive indicators
  • The event correlation within the context of the corporate infrastructure architecture and various alarms description

4. Traffic Analysis, Collection and Correlation

  • Packet capture configuration
  • Network trace acquisition
  • Access packets in IOS description
  • Packet analysis in IOS description
  • TCP dumps or network traces and track back to actual activities analysis
  • TCP and UDP header information description
  • IP packet structure description

5. Incident Response

  • Common compliance and legal issues in security event handling description
  • The best practices for post-event investigation description
  • Level 2 incident response team to mitigate issues
  • The recommendation and evaluation of responses to vulnerabilities that will ensure adequate monitoring mitigations and responses
  • The basic emergency mitigation descriptions of exploits, vulnerabilities and high-level threats
  • The necessary changes to enhance existing policy and decision tree procedure and existing procedures
  • The standard corporate incident response procedure and escalation policies

6. Operational Communications

  • Post mortem process descriptions
  • Recurring issues communication based on provided recommendations of incident handling for architectural changes or modification and articulation
  • Awareness regarding vulnerabilities and recommended critical security patches resulting from incident handling communication
  • Details of problems to the remediation team articulation
  • Provide context awareness for the stakeholders and process incident handling communication
  • The channel to appropriate personnel and the different types of available metrics description
  • Incident report generation and the interpretation of the information to determine what direction it should be escalated to
  • The communication vehicles related to post-threat remediation description

Related IT Guides

  1. Basic Operational Procedures and Incident Response Processes of a Security Operations Center (SOC)
  2. Corporate Security Policies, Trends and Approaches