In November 2016, Cisco introduced “CCNA CyberOps”. This consisted of 2 exams:
- 210-250 Understanding Cisco Cybersecurity Fundamentals (SECFND)
- 210-255 Implementing Cisco Cybersecurity Operations (SECOPS)
At this point, there were 10 associate level certifications: 9 versions of CCNA (Cisco Certified Network Associate), and also CCDA (Cisco Certified Design Associate).
In February 2020, most of the associate exams were merged together into the new CCNA (200-301). The only exception was CCNA CyberOps, which got rebranded as Cisco Certified CyberOps Associate.
In May 2020, the 2 exams above were replaced with a single exam:
- 200-201 CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals
NB There was no overlap period between the old/new exams; the last date to take the old exams was 28th May, and the first date to take the new exam was 29th May.
I interleaved the CyberOps exams with the CCNA R&S:
- In Mar 2016 I did ICND1.
- In Mar 2019, I did SECFND.
- In Nov 2019, I did ICND2.
- In May 2020, I did SECOPS.
The main reason I did it this way was to stop the CCENT from expiring before I was ready for ICND2.
For training material, I used the Cisco Press books and Matt Carey’s Udemy course.
Looking at the 2 books:
- The SECFND book had 15 chapters (taking up 550 pages) along with appendixes.
- The SECOPS book had 11 chapters (taking up 280 pages) along with an appendix.
So, the combined length (830 pages) was equivalent to one of the CCNA textbooks (800-900 pages each). I’m glad to see that the CBROPS study guide is a single book, with 16 chapters (575 pages) plus appendixes.
The Udemy course has been updated for the CBROPS exam, so anyone who paid for the old course will automatically get access to the new material.
NB This blog post applies to the original 2 exams.
The exam topics are grouped into 6 sections:
- Network Concepts (12%)
- Security Concepts (17%)
- Cryptography (12%)
- Host-Based Analysis (19%)
- Security Monitoring (19%)
- Attack Methods (21%)
Most of section 1 is covered by Network+ or ICND1; the only exception is 1.5, which refers to specific Cisco products (e.g. the Web Security Appliance).
Sections 2, 3, 5, and 6 are covered by Security+.
Section 4 is mostly about understanding how a client OS works (e.g. the Windows registry and Linux symlinks). Some of that would be covered by A+, and I’d picked up most of the rest already, just by day to day usage.
In other words, if you’ve done the “core triad” of CompTIA exams (A+, Network+, and Security+) then there won’t be much new in this exam.
As I mentioned above, the Cisco Press book has 15 chapters. However, chapter 1 (“Fundamentals of Networking Protocols and Networking Devices”) is over 100 pages long, so it takes up 1/5 of the book by itself! Nothing in that chapter is specifically related to security.
When CCNA Security was available as a separate exam, it had CCENT or CCNA R&S as a pre-requisite, then you’d do an additional exam (210-260 IINS) to get the specialist certification. By contrast, CCNA CyberOps (as was) never had any pre-requisites, but it was spread across 2 exams.
The upshot is that there was a lot of overlap between CCENT and chapter 1 of the SECFND book. In practical terms, if you’d done CCENT already then you could skip that whole chapter. I also noticed several errors in this chapter of the SECFND book. This comes back to my comment about a combined volume; I would have preferred Cisco Press to omit chapter 1 entirely, then refer anyone who hasn’t done CCENT to the ICND1 study guide.
I saw a video where one of the authors (Omar Santos) clarified that a lot of the networking material in the book isn’t necessary for the Cyber Ops exam, but he included it because it will be useful for your career. I can respect that philosophy, but in my case it wasn’t very helpful.
Chapter 2 of the book (“Network Security Devices and Cloud Services”) felt like a marketing blurb, e.g. it mentioned 4 different versions of the Firepower Management Centre (FMC). I think it’s useful to have a general awareness of what the FMC is, but you don’t really need to memorise the differences between the FS2000 and the FS4000.
Chapter 3 (“Security Principles”) is where the book started to get more interesting, so it’s a pity that I spent so long getting bogged down in the early chapters.
I only finished the first 3 chapters of this book before the exam, but that was enough for me to pass (along with the relevant videos from the Udemy course).
In the exam, there were some questions about specific vulnerabilities. So, you need to be vaguely up to date with “current affairs”, as well as understanding the general concepts.
The exam is (up to) 90 minutes. However, you only get one attempt at each question, i.e. you can’t review your answers at the end. I tried clicking “Next” without submitting an answer, and it wouldn’t let me proceed; there’s no penalty for wrong answers, so that makes sense as a safety net. In my case, it took me 28 minutes to do 65 questions, which includes typing a couple of comments.
Since I’d done SECFND in March 2019, the original deadline for SECOPS was March 2022. However, the new CBROPS exam was announced in February 2020:
This gave me 3 months to either take the SECOPS exam or start over with the new combined exam.
The added complication was that all the test centres closed in March 2020, due to the COVID-19 pandemic. Cisco responded by adding 6 months to the expiry date of all current certifications, which was decent of them. However, they didn’t delay the retirement of the old exams. Fortunately, they worked with Pearson Vue to offer online proctoring (starting in mid April), so I was able to do the exam from home.
I took the CompTIA CySA+ exam in March 2020 (just before the test centres closed). This has a lot of overlap with the Cisco syllabus, and it was good preparation.
I read the Cisco Press SECOPS book from cover to cover, and I found this more interesting than the SECFND book. It had a few technical errors, but nothing too serious.
I also watched the rest of the videos from the Udemy course.
NB I think that the Udemy videos were particularly useful when it came to demonstrating software tools, because this format worked better than prose or screenshots. That said, the best option is to get hands-on experience yourself, but watching someone else do it is better than nothing.
In terms of hands-on skills, I already had a Kali VM that I’d used for the OSWP and eJPT, so I used that for this exam as well.
As with SECFND, the exam was 90 minutes long, and you couldn’t go backwards. I found that there was no point dawdling over questions: I either knew the answer or I didn’t, so I’d choose an option and move on. In this case, it took me about an hour to do 65 questions, i.e. about twice as long as SECFND but still comfortably within the time limit.