Palo Alto Networks Certified Cybersecurity Associate (PCCSA)

Palo Alto Networks make security products. In particular, they sell firewalls (physical and virtual), and their Panorama software will let you manage multiple firewalls centrally (e.g. for branch offices). Their certification program has 3 tiers:

  • Entry level
  • Administrator
  • Engineer

Palo Alto Networks offer free training for all of these, although you have to pay for the exam. Even if you don’t do the exam, the training might be worthwhile on its own merits.

In December 2019, I took the entry level exam. At the time, that was the Palo Alto Networks Certified Cybersecurity Associate (PCCSA). However, that exam is being retired at the end of this month (2021-01-31), to be replaced by the Palo Alto Networks Certified Cybersecurity Entry-level Technician (PCCET). This is basically a rebranding exercise; I assume that it was confusing to have “Associate” (PCCSA) and “Administrator” (PCNSA) certifications which both ended with an A. According to the FAQ: “PCCSA certified individuals will have their credentialing status grandfathered into the upgraded PCCET certification framework.” The syllabus has been revised at the same time, to keep it up to date, but it looks much the same as before.

In brief, this exam is “what” rather than “how”, i.e. it’s all about the concepts rather than the implementation. In that respect, it’s quite similar to Microsoft 365 Fundamentals, and both exams are a similar price ($100/£70). When I did the training, the videos were about 50% advertising for Palo Alto Networks products; the pdf (ebook) was a bit more restrained, but there was still quite a bit of marketing/advocacy in there. E.g. the course will describe what WildFire and GlobalProtect are used for, but not how to configure them. By contrast, the exam was much more general, so there was a lot of overlap between this, Security+, and the SSCP.

There are no formal prerequisites for the course or exam. However, in the same way that CompTIA advise you to do Network+ before Security+, you will need to understand general networking principles. In particular, you should be familiar with routing protocols, e.g. the difference between link state (OSPF) and distance vector (RIP). The CCNA goes into a lot of detail about those protocols, but you don’t need that depth of knowledge for the PCCSA.

I found it quite tricky to actually sign up for the free training: if you followed the link from the main certification page, they had a login page but no option to register for a new account. I wound up following the guidance for military veterans to get it sorted out! However, the Learning Center has now moved to Beacon, and it seems a lot clearer now.

As I said above, the online training is free of charge, so I don’t want to sound ungrateful. Unfortunately, there were some problems with it. In particular, I think that the people who actually wrote the content knew what they were doing. However, I’m guessing that they hired voice actors to read out the slides, and those presenters didn’t seem to understand the material. That meant that they sometimes got words wrong, e.g. saying “description” instead of “decryption”, or “determined” instead of “deterred”.

I also noticed some weird emphasis in places. For instance, consider this sentence (in a bullet point): “Improves productivity using automation to focus on critical security tasks and functions”. Parsing that sentence, there are 2 things to focus on: “critical security tasks” and “functions”. However, it was read out as if it was a list of 3 items: “critical”, “security tasks”, and “functions”.

Based on that, I was tempted to mute the video and just read the slides myself. However, in later modules the audio supplemented the text on screen (i.e. the presenter was reading from an unseen script), so you need sound on for that. Having said all that, I’ve had a quick glance at the new training material on Beacon, and it looks as if they’ve done a full overhaul. Hopefully that means that the problems I experienced have now been corrected.

When I started the training, my original goal was to learn more about the Panorama software. However, the nearest I got to that was a few screenshots. That’s fair enough, because this course/exam is more about the fundamentals, and I assume that the administrator/engineer courses will go into more technical detail.

I took the exam at home, via online proctoring. I’ve done a few exams that way, but this was the worst proctoring experience I’ve ever had, by a significant margin. Firstly, they asked me to take photos of my face, my passport, and the room; that’s fair enough, but I had to do it 3 times! I also had to choose my country and enter my phone number (in case we lost the internet connection), but since I’d pre-registered they should already have that information. At the very least, they should be able to default to the existing values, then prompt me to confirm/amend that info. I’m in the UK, which meant I had to scroll most of the way down the list of countries; it’s not disastrous, just annoying. Once I’d got connected, I then had to move the webcam around to show various angles of the room; it felt redundant to do this as well as taking still photos, and it was quite cumbersome to tilt the laptop lid in the relevant direction, so I felt like a performing seal by the time they were satisfied.

Putting this in context, they allocated 70 minutes for the exam: 5 minutes to read the NDA etc, 60 minutes for the questions, and 5 minutes for the survey at the end. Out of those 60 minutes, it only took me 10 minutes to answer the questions, plus another 5 minutes to review my answers. (You’re allowed to go back to previous questions, unlike Cisco exams.) I don’t recall how long it took me for the NDA/survey, but they would have been pretty quick. So, I think I actually spent more time faffing around with the logistics than I did on the exam itself!

Based on that, I wondered whether it would be simpler to just go to a test centre in future. However, that plan has its own overhead (i.e. extra travel time). Also, we’re now in the middle of the COVID-19 pandemic, so it makes sense to do exams from home wherever possible. Hopefully they’ve improved their process in the past year or so, but just be forewarned that it could be a frustrating experience.

There were some typos in the exam, e.g. “penalities” instead of “penalties”, and “ransomeware” instead of “ransomware”. However, none of these changed the meaning of the questions, i.e. there was no ambiguity. Unfortunately they didn’t have an option to flag questions with feedback. At the end of the exam, the screen prompt said that it would display my result. That didn’t actually happen. However, I received an email 10 minutes later, and I passed, so I’m happy with that.

The following day, I logged into the CertMetrics website, and I downloaded a pdf copy of my certificate. The website also has a digital badge (i.e. a small image that I can post on social media), but this isn’t linked to my Acclaim profile. That’s a pity, but hopefully Palo Alto Networks will sort out some kind of affiliation with Acclaim in due course.

The certification is valid for 2 years. Most certifications are valid for 3 years, e.g. Cisco, CompTIA, and (ISC)2, so this is a shorter cycle. However, I intend to do the PCNSA later this year, so that won’t be a problem for me.

Overall, I think that the course and exam achieve what they’re aiming for, i.e. they cover important security fundamentals. Whether that’s useful to you will depend on your past experience. This will give you a “Palo Alto” key phrase on your CV, which could be useful when you’re job hunting, but having this certification doesn’t demonstrate that you know how to use their firewalls.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.