Micronics Zero to Hero Security Course
Iristheangel
Mod Posts: 4,133 Mod
I just wanted to start a thread on this class I started today to document my journey through this class from beginning to end. I'm putting this under CCNP: Security since while I do think it's marketed as a "Zero to CCIE" class, I probably will have more luck at being closer to CCNP: Security worthy after 16 weeks than CCIE.
I heard about this class from Narbik's Facebook page and it looked really interesting to me because it was being taught by a Cisco Advanced Services guy who is on the A-team which means he'd have some great insightful experience and they decided to teach material that wasn't on the CCIE Security exam such as Firepower/Sourcefire which made it a lot more useful and probably future-proof that knowledge since I'm sure the CCIE Security is up for a refresh very very soon.
This class is about 16 weeks long. It's run online via Webex with access to remote labs every Saturday. All of us students thought were were only going to have access to the lab racks for the course of the class on Saturdays but we found out today that would we get remote access to the pods for all 16 weeks of the class which is awesome. Prior to starting the class, we were sent Webex details and a 350 page lab guide that would cover the first 2 weeks of the class (ASA configuration). The weekly agenda breakdown can be viewed here: Security Zero-To-Hero | Micronics Training
One thing to note is that the instructor is from Europe and he does have an accent but I didn't find it too thick or hard to understand. That may be me personally but I always found it easier to understand European accents.
So the raw details of the class so far is this:
- Cost: $3500
- Venue: Online via Webex
- Length - 16 courses spanning over 16 weeks on Saturday
- Lab access: Yes, during the entire 16 weeks we get access to pods to lab all this up
- Workbooks: Yes, we've provided with customized workbooks for the class. It's day 1 and I've only received the ASA workbook so far which is 350 pages co-written by the instructor and Narbik for this course. I suspect they will be adding more workbooks once we get to Firepower, WSA, ISE, etc.
I'll try to write up a review of what I think at the end of every week on here so if anyone else is interested in jumping in the next class they run, they get an idea of what it's all about and from the perspective of a student.
I heard about this class from Narbik's Facebook page and it looked really interesting to me because it was being taught by a Cisco Advanced Services guy who is on the A-team which means he'd have some great insightful experience and they decided to teach material that wasn't on the CCIE Security exam such as Firepower/Sourcefire which made it a lot more useful and probably future-proof that knowledge since I'm sure the CCIE Security is up for a refresh very very soon.
This class is about 16 weeks long. It's run online via Webex with access to remote labs every Saturday. All of us students thought were were only going to have access to the lab racks for the course of the class on Saturdays but we found out today that would we get remote access to the pods for all 16 weeks of the class which is awesome. Prior to starting the class, we were sent Webex details and a 350 page lab guide that would cover the first 2 weeks of the class (ASA configuration). The weekly agenda breakdown can be viewed here: Security Zero-To-Hero | Micronics Training
One thing to note is that the instructor is from Europe and he does have an accent but I didn't find it too thick or hard to understand. That may be me personally but I always found it easier to understand European accents.
So the raw details of the class so far is this:
- Cost: $3500
- Venue: Online via Webex
- Length - 16 courses spanning over 16 weeks on Saturday
- Lab access: Yes, during the entire 16 weeks we get access to pods to lab all this up
- Workbooks: Yes, we've provided with customized workbooks for the class. It's day 1 and I've only received the ASA workbook so far which is 350 pages co-written by the instructor and Narbik for this course. I suspect they will be adding more workbooks once we get to Firepower, WSA, ISE, etc.
I'll try to write up a review of what I think at the end of every week on here so if anyone else is interested in jumping in the next class they run, they get an idea of what it's all about and from the perspective of a student.
Comments
Blog: www.network-node.com
Blog: www.network-node.com
CWTS, then WireShark
Ok, here's my update. Week 2: My brain just got broken. A lot. We just went though NAT types, manipulating them, MPF, and some other things but MAN... this guy is super deep. I'm definitely going to be re-watching the videos of today's session. That was amazing. Even though this guy isn't Narbik, it's very Narbik-style in terms of "here's a subject, here's some more, and here's the DEEP dive - now let's lab it out and try some crazy stuff we can do" :P
So far, this is the best $3000 I've spent on any technical security education in my career so far
Blog: www.network-node.com
I'd be willing to pay for it or get a small loan if you feel like the quality of the class is good. I have my NA Security and would love be a NP Security (and possibly an I.E. security).
Current goal: Dunno
As far as the equipment, we're using ASAv 9.5, CSR1000v 15.5 for the routers, Windows 2008 servers, CDA 1.1, ISE 2.0, Firepower 6.0, etc. This is the class topology that we get to lab for 16 weeks of unrestricted access:
The access to the lab is worth the price of admission alone to be honest but the instructor is honestly amazing and really knows his stuff so that just makes it even better. Add to that, the huge workbooks we're getting to lab everything out (first three weeks is a 350 page workbook on ASAs alone and more workbooks coming) and the individual tasks he's giving us outside to lab every week.
Most 5-day bootcamps are $3500 and you get access to a pod for only those 5 days. This is approx 16 days over 16 weeks though I suspect it might go longer if the class is really slow. He has said that it's ok if he needs to slow down because it's important we get all the subject matter. $3500 for a 16 days of bootcamp plus 4 months of rack access, workbooks, etc is a steal imho.
Blog: www.network-node.com
It sounds like a good investment. I appreciate the feedback.
Blog: www.network-node.com
how is R&S studies coming along
Website gave me error for signature, check out what I've done here: https://pwningroot.com/
Blog: www.network-node.com
Thanks! Will do!
Website gave me error for signature, check out what I've done here: https://pwningroot.com/
Blog: www.network-node.com
Week 1: Basic ASA, ASA modes, interface configuration, ASA Management, traffic flow, troubleshooting tools, etc
Week 2: All things NAT, Modular Policy Framework (MPF) and manipulating it all
Week 3: QoS, Firewall clustering, Threat Detection & Botnet, ID Firewall, PBR, Transparent firewall, etc
Piotr said that we'll make up some of the time we spent on these topics on some of the easier sections that won't take up the whole day even though we have a whole day on the outline like ESA/WSA.
The guy running the class is a machine gun for sure so I take notes like a man woman during the class but I force myself to rewatch the video and lab it out while he's explaining it. I always end up doubling my notes this way and get a better understanding
Blog: www.network-node.com
Yeah, I looked at that and what Iristheangel says, and then her experience...
It seems a little intense. Certainly not something I would attempt off the back of a CCNA R+S.
Right? Weeks 1-2 seem like they go above and beyond CCNA Sec material alone. Seems awesome though, I haven't heard of this. Seeing as how I'm starting to dabble in a little more of all of this stuff as certain responsibilities (hopefully) get handed off to me at work, this would be a solid training in place of SANS for next year if the timing of the next course works out.
Thanks Iris!
Blog: www.network-node.com
I have to say... I'm REALLY loving this class. I have a sneaking suspicion that we'll probably end up doing more that 16 weeks in this class because the instructor is dead set on us really understanding the topics but I'm loving it so far. We have a pretty bright group on this class so no one is bogging us down and we've had some insightful conversations.
Blog: www.network-node.com
Blog: www.network-node.com
happy xmas season
how is AMPS? I briefly looked into it, but no one was very familiar with it
CWTS, then WireShark
It's pretty easy for me to switch over to Events and check out different files received, their disposition, what action was taken, the File Anaysis in the sandbox, etc:
Under the File Analysis, i can see the threat score and the high-level indicators of why it was determined to be malware:
If I click that Report button, I get to see WAYYYYY more information:
Blog: www.network-node.com
On the top of the report, you can also download the sample in a compressed and password-protected format if you really feel the need, you can actually watch a video replay of it being executed in the sandbox, download the PCAP captures of the network traffic the malware generated and download the artifacts that the malware produced.
As far as the File Trajectory or Device Trajectory feature, this is how it looks:
So as you can see, definitely seeing a lot of data. Files and changes are tracked and if a file is changed from the disposition of Clean or Unknown later on, it will alert you, tell you where it spread and give you the ability to pull it out of all the infected hosts. It's some cool stuff.
Blog: www.network-node.com
- Class starts
- 10 minutes in, I'm feeling like I already know the material and it's going to be a coasting week...
- 30 minutes in, I say to myself: "Hmmm... that's new. I'm going to start taking some notes..."
- 60 minutes in: *scribble* *scribble* *scribble*
- 90 minutes in: "F it. I'm not going to get everything in the first pass..." and I just give up on notes and sit back.
- 2 hours in: Brain explodes
I ALWAYS end up rewatching the class a little at a time throughout the week and always try to finish by the time the next class rolls around. I probably have over 200 pages of notes from 5 weeks of class now. Amazing stuff. I paid for this class out of pocket and I still can get enough. I thought I knew Firepower prior to this class.... I was so so so so wrong. I had to accept that around the time we were manipulating preprocessors, playing with IPS layers, and examining/creating raw SNORT rules that I was so so so wrong and it's AWESOME. This is exactly what I hoped for out of a class and I rarely get: Mostly new material and a solid deep dive with lots of foundation included.
One thing this class is inspiring me to do is go after my Sourcefire Certified Expert certification. I'd have to get the SSFIPS and SSFAMP exams out of the way. I checked out the SSFIPS book on Safari and it looked like most of the stuff this class already covered so I might not really need to read the book and feel pretty comfortable with most of the topics of the exam. The SSFAMP one has me a little worried. I couldn't find any VODs or books online about it and the only class I see is one through Cisco Learning Partners for 2-3 days for $2000. Not sure if that's really worth it or it's not something I can just self-study and knock out.
Anyways, this week is ALL about VPN theory and DMVPN. If you want to ever believe that theory is going to be a light week, check that notion at the door with this class (I mean that in an awesome way). I'm happy to report that at Week 6, this class is still worth the money and the quality hasn't dropped. It's supposed to be a 16 week class but I suspect it might end up being closer to 17 weeks. We got stalled up on the third week with ASA concepts so we're going to have to spend a week going over what we missed: BotNet, Threat Detection, ASA Clustering, etc on the ASA native platform. That being said, I'm very much appreciative of the fact that he's not going to make us miss concepts just because we didn't cover it on the day it was scheduled.
That's all for me this week on this class
Blog: www.network-node.com
CWTS, then WireShark