Category
📚
LearningTranscript
00:00bismillah rahman rahim assalamu alaikum and welcome to all of you
00:04uh
00:08and welcome to those who are already our students
00:11today we are going to start a new series
00:14ccna cyber ops okay cyber operations this is a new ccna of cisco
00:20and apparently i never thought that cisco
00:25would take such a big turn and start teaching such a series
00:30but
00:31on the global landscape
00:34a lot of companies have come into the market
00:37which are providing such services
00:40MSSP type
00:41now you probably don't understand the terms I am going to say
00:44and this field
00:47now I won't call it a new type of field
00:51but it is almost established
00:54that now every company
00:56will have to develop
00:59such security operations services
01:0210 years ago there used to be a team of network engineers
01:07if we talk about a little more advanced companies
01:10who have more firewall and security infrastructure
01:13they made a security team
01:14and you had a team of CIS advance
01:17then there was a little more advancement
01:20about 5 years ago
01:21companies had network operation centers
01:24because there was a network utilization
01:27I shouldn't say 5 years
01:28people who are living in the west world
01:30where a lot of things are based on automation
01:33they will sort of disagree
01:34so add 5 more years in my time span
01:36but in the latest 5 years
01:39now I am talking about the time span of Europe
01:42or of the west
01:43so a lot of companies have seen
01:45just like we have network operation centers
01:47there should be security operation centers
01:49banks were the first
01:51stock exchange was the biggest
01:53and after that financial institutions
01:56insurance companies
01:57were the peak companies
01:59which were offering these services
02:00which were using these services for themselves
02:03just like we have 24x7 network operation centers
02:06we have security operation centers
02:08because now we can't rely on antivirus
02:10death of antivirus
02:1110 years ago people started spreading it
02:13even 5 years ago
02:14now antivirus will come back again
02:17it has its own value
02:18but you can't call it death
02:20and they started adding a lot of things
02:22so now companies have security operation centers
02:25which we call SOCs
02:27and SOCs are of different types
02:30threat centric, security operation, compliance based SOCs
02:33but we will discuss it in detail
02:35so what did Cisco do?
02:37I think in 2017
02:39in July, August, September
02:41CISC removed CyberOps
02:43now this security operation center
02:45still a lot of things
02:47security operation centers are not at that level of maturity
02:50but they are almost there
02:52now a medium to large sized company
02:55which has heavy investment
02:57in intellectual property, trademarks
02:59and technology
03:01so those companies
03:03need security operation centers
03:08so in short, security operation centers
03:11are an emerging market
03:13we are 1-1.5 years late
03:16but still
03:17and now there is a lot of maturity
03:19there is a lack of automation
03:21a lot of tools are available in the market
03:23and their mergers, frameworks
03:25and a lot of things are happening
03:27when we go along, we will talk about it
03:29why CCNA CyberOps?
03:31these are some big high profile hacks
03:33or a little outdated information
03:35that these hacks are happening in the world
03:37data breach, cyber attacks are very very common
03:39so any company which does a technology based business
03:42is vulnerable against it
03:44in the last 10-11 years
03:46these things have evolved
03:50most recently in Europe
03:52this year in the NHS
03:54the WanaCry attack
03:56now the NHS does not have
03:58cyber security operation centers
04:00but they are talking about it now
04:02so in a lot of companies
04:04in SOC
04:06the role of analyst
04:08plays a very important role
04:10like
04:12eyes on the glass
04:14so that a person
04:16can keep an eye on it
04:18and can make decisions
04:20using human intelligence
04:22so that entry level role
04:24CCNA CyberOps
04:26wants to prepare you
04:28for that entry level role
04:30you will not become a security
04:32high profile analyst
04:34you will not become a malware reverse engineer consultant
04:36you will not become a forensic analyst
04:38but you will have a basic
04:40idea
04:42sorry
04:44how cyber security operations are run
04:46and what is the first line support
04:48if there is an alarm
04:50that there is an anti-virus alert
04:52so how do I triage it
04:54how do I analyze it
04:56if there is a phishing email in the company
04:58and the company asks you to check
05:00if the phishing email is legit or not
05:02so how do you analyze it
05:04you will have a document
05:06we call it a playbook
05:08now I have gone into a lot of detail
05:10so let me get out of it
05:12why CCNA CyberOps
05:14CCNA CyberOps
05:16as mentioned
05:18security operations centers
05:20are quite vital for companies
05:22because data or intelligence
05:24information is in digital format
05:26so security operations center
05:28as shown in the diagram
05:30there is log collection, reporting
05:32correlation, sim, ticking
05:34knowledge base, threat intelligence
05:36research and development
05:38all this is happening in security operations center
05:40where and what has done
05:42any malicious activity, you should know
05:44ok
05:50this is taken from Cisco's website
05:52begin a career in the rapidly
05:54growing area of cyber security operations
05:56ok
05:58this is Cisco's tagline
06:00that if you do CCNA CyberOps
06:02so begin a career
06:04you will become a consultant
06:06rapidly growing area
06:08at associate level
06:10which is called SOC analyst
06:12ok
06:14you can also call it tier 1
06:16security operations centers
06:20CCNA CyberOps prerequisite
06:22is that you should have an idea of Windows or Linux operating system
06:24you should not say
06:26I have done FSC, I will do CCNA CyberOps
06:28I will get a job
06:30I don't know about context in India
06:32because I am not staying there
06:34but I hope that banks
06:36at least in Pakistan and India
06:38are moving towards SOCs
06:40and they have their own SOCs
06:42topic focus is network concepts
06:44security concepts, cryptography
06:46host based security analysis
06:48security monitoring, attack monitoring, incident handling
06:50is a very important topic
06:52data and event analysis
06:54these things
06:56if you have read CCNA
06:58CCNA
07:00and CCNA security
07:02you have more knowledge than CCNA CyberOps
07:04in all fields
07:06these three things
07:08are new for you
07:10rest is same for you
07:12what we have read in CCNA
07:14it does not mean that I will not teach
07:16I will just touch
07:18job role is security operations center
07:20analyst, associate, beginning level
07:22and cyber security knowledge and principle
07:24experience level is between 1 to 3 years
07:26required exam is
07:28SEC Fundamental Security Operations
07:32SEC FND
07:34understanding Cisco Cyber Security Fundamentals
07:36and implementing
07:38Cisco Cyber Security Operations
07:40these two things
07:42you have to give two exams
07:44no prerequisite
07:46book library is this
07:48this is official book library
07:50when there is a library guide
07:52it comes in a big folder and there are two books
07:54I have uploaded this on Facebook
07:56there are two exam books
07:58recertification of CCNA CyberOps
08:00are valid for 3 years
08:02that is standard certification practice
08:04what we will study
08:06there are network concepts
08:08we have studied very well
08:10if I teach network concepts in CCNA CyberOps
08:12I will still suggest
08:14the first CCNA
08:16when I started in Urdu IT Academy
08:18I taught CCNA Fundamentals
08:20I cannot teach Fundamentals again
08:22so
08:24I am old now
08:26and security concepts
08:28we have studied in CCNA security
08:30cryptography in CCNA security
08:32host based analysis
08:34security monitoring attack method
08:36and this is the topic of operations
08:38this book is big
08:40I have not read this book
08:42and this book
08:44is small
08:46it discusses operations
08:48it does not assume
08:50CCNA CyberOps
08:52it does not assume
08:54that it will configure
08:56the entire infrastructure
08:58it will only see the front end
09:00glass pane
09:02on the screen
09:04it will scroll through
09:06and understand
09:08and extract meaningful information
09:10and say this is a bit dodgy
09:12let's pass it on to the second level team
09:14so you should understand
09:16being a CCNA CyberOps
09:18you should know how to deploy
09:20SIEM solution
09:22you should know how to perform
09:24hardcore forensics
09:26you should know how to deploy
09:28firewalls and IDS
09:30this is not the purpose
09:32if you want to do this
09:34these two things
09:36will come under CCNA security
09:38for SIEM
09:40you need to know about
09:42AlienWord, HP Oxide, Splunk
09:44for forensics
09:46you need to know about
09:48GAC and SANS
09:50these are not your certifications
09:52if you want to study these
09:54these are different fields
09:56companies hire SIEM
09:58onboarding engineers
10:00SIEM is a nightmare
10:02it is not a
10:04one day activity
10:06it is an ever evolving process
10:08because when I
10:10tried to deploy SIEM 5 years ago
10:12I was very upset
10:14I was humiliated
10:16humiliation is not a right word
10:18probably QA is going to cut it
10:20SIEM
10:22I end up
10:24after 5 years
10:26I end up writing an article
10:28what is SIEM
10:30and how does it work in security
10:32people thought SIEM is secure
10:34it is not like that
10:36if I had time and energy
10:38I would definitely discuss about that
10:40once you pass CCNA CyberOps
10:42we will interview you and you will be successful
10:44interesting thing about the quiz engine
10:46we have a student
10:48who got a scholarship in CCNA CyberOps
10:50and he is writing questions
10:52for us
10:54once all the questions are up and running
10:56we will upload it on the quiz engine
10:58and you can practice from there
11:00Inshallah
11:02be happy
11:04remember us in your prayers
11:06and we will meet in the next lecture
11:08which will be a proper lecture
11:10be happy
11:12Allah Hafiz