These articles and blog posts are my own opinion and do not reflect the view of my employer.
I finished the SECFND yesterday (part of the new and upcoming CCNA Cyber Ops). It took me 23 minutes from start to finish, which was a surprise!
The topic centered on basic security principles that an analyst should know. If I had to score the difficulty it would be above Security+ but below CEH. In frank terms, the knowledge is great but if you’re looking into ROI you’re better of waiting until this gets better coverage from employers and HR.
The sources I used for the exam was the Cisco Learning Network (Cisco Partners). Since at the time of this writing there is no Cisco Press book (due in April) and no videos (ITPro is working on their series at the moment but not completed and CBT Nuggets has nothing). This was a concern because I like being able to read a book and then watch a series of videos on the exam before taking it. After taking the exam it is concerning when you can take the training alone and pass. However, I will admit that may be an issue with myself since I am a diehard when it comes to professional development, I work in the industry, and in general like to know. Not with the exam makers.
Overall the content was not bad at all and I was pleasently surprised! After acquiring Sourcefire, Cisco has entered to the foray of security practitioner exams. (I know there is the CCNA Security but that covers more of their ASA line and general security topics). This will also include CompTIA (Security+, CSA+, CASP), SANS (way to many please look at sans.org for more info), EC-Council (CEH and CHFI are their popular exams), ISC2 (SSCP, CISSP, CCSP, and others). One of the great things about this exam is since Cisco is coming into an already dominated field there isn’t much of the Cisco way or the highway learning approach. When they introduce topics like packet analysis with Wireshark it feels like an actual topic on the subject. Similar feeling with Snort, although they do want you to look into StealthWatch for Netflow.
My concern with the exam is the rigourous aspect of it. I think of Cisco exams as a little challenging with factors such as no going back in the exam, general understanding of Cisco products, and huge tie in for Cisco protocols. There is not much of that here (except not being able to go back). Some questions made me think of CompTIA while others were refreshing in having you think.
This makes me concerned for the SECOPS exam (second exam for the CCNA Cyber Ops). Because this focuses on the organizational aspect of security analysts. This is a new trend for exam authors as they find new ways to test people. Does there really need to be two exams on cyber security analysts day to day job? Is this a way to cash in on an industry that has way more certs than say something like storage (CompTIA killed their Storage+ late last year)?
To a point I think this is okay but sets up false hopes for those who take the exam. More on this when I take the SECOPS exam, which I plan to take in two weeks. I have the material finished, but still need to finish labs before I can get the voucher.
Full disclosure, I am a part of the Cisco CCNA Cyber Ops scholarship and did not have to pay for the exam or the materials. The exam retails for $300 (and there is still a second one required). If you’re doing self study, there may be a change in materials you use.