Micronics Zero to Hero Security Course

chrisone

This sounds like an awesome class! I will have to keep my eye on this and I will be looking forward to your final analysis after your done

Keep up the great work!

Iristheangel

No problem, Chris I can honestly say it's worth it so far. Here's what I've received with 5 weeks of the class:
- Mastering ASA Lab Workbook (Approx $100 Value)
- Mastering VPN Lab Workbook (Approx $200 Value) - We're supposedly getting this one this week
- Firepower Lab Workbook (Not available for individual purchase but you can access it through narbik.academy so a year there is $200)
- 5 weeks of labbing so far with ASAs, CSR1000v, and Firepower. Later in the class, that'll be expanded to CDA, ESA, ISE, WSA, etc as we cover the topics.
- 5x 6-8 hour lectures - Some which don't have any sort of competitor class such as the Firepower v6.0 class since it's so new
- 200+ pages of notes I've taken

We're also supposed to get the CCIE Security v4 lab workbook (approx $350 value) by the end of the class too which will cover the legacy IPS. The instructor doesn't want to cover it in lecture because a) it's only approx 20% of the exam, b) the workbook covers it completely, and c) it will die when the exam is refreshed next year so we would have wasted a week on it for nothing. The only thing I can see them adding the next time they do this class is Lancope since Cisco announced and is moving forward with that acquisition pretty quickly and the overlords at the Cisco Certification Program might have enough time to fit it in the CCIE Security refresh depending on when it closes. The only reason the Firepower/Sourcefire stuff didn't end up in the CCNP Security refresh is because the Sourcefire acquisition didn't close until October of 2013 - which is around the time they had announced the CCNP Security refresh and had the topics ironed out.

Iristheangel

Just finished week 7 of the class. Brain. Exploding.

This week was EZVPN and DMVPN. And I thought the last session was intense! LoL. I'm going to do my usual re-watch of the class and comment more but it was good stuff. The DMVPN part definitely is part of the CCIE R&S track so that was nice. The instructor also went over behavior with DMVPN with different routing protocols which was awesome too.

Almost to the halfway point with this class. Still loving it.

aftereffector

I hope they offer another session of this class later this year - it sounds like something I could really use. Thanks for the writeup, Iris!

Iristheangel

Ok... I'm at the 9 week mark. I think it's more accurate to say I'm at the halfway point. Some topics have taken longer than others since this guy does NOT like to skip anything at all. Here's what we're gone through so far:
Week 1 - Basic ASA, syntax, behavior, etc
Week 2 - MPF, Class maps, inspection, transparent vs L3 firewalling, failover, etc
Week 3 - All things NAT. Pre-8.3 and post-8.3
Week 4 - Firepower - History, Policies, ACP, IPS traffic flow, network discovery, deployment scenarios, security intelligence, DNS policies, digging into the network map, diving into Snort rules, etc
Week 5 - Firepower Part 2 - Deeper dive into Snort rules, event filtering, alerting, remediation, scheduling tasks, sandboxing, AMP, file policies, preprocessors, SSL decryption, etc
Week 6 - VPN, IPSec Theory, PKI, VPN types and mode, etc
Week 7 - DMVPN - Definitely going to help with the CCIE R&S
Week 8 - GET VPN and Flex VPN
Week 9 - SSL VPN, EasyVPN (ha! Marketing name, you lie!), RA VPN, Clientless VPN

Next week we're deep diving in to VPN load balancing, HA and mobility. After that, we'll be taking a break from the 5 week VPN onslaught and heading right into content security! Weeeeee. Did I mention I love this class?

Alex90

Iristheangel wrote: »

Ok... I'm at the 9 week mark. I think it's more accurate to say I'm at the halfway point. Some topics have taken longer than others since this guy does NOT like to skip anything at all. Here's what we're gone through so far:
Week 1 - Basic ASA, syntax, behavior, etc
Week 2 - MPF, Class maps, inspection, transparent vs L3 firewalling, failover, etc
Week 3 - All things NAT. Pre-8.3 and post-8.3
Week 4 - Firepower - History, Policies, ACP, IPS traffic flow, network discovery, deployment scenarios, security intelligence, DNS policies, digging into the network map, diving into Snort rules, etc
Week 5 - Firepower Part 2 - Deeper dive into Snort rules, event filtering, alerting, remediation, scheduling tasks, sandboxing, AMP, file policies, preprocessors, SSL decryption, etc
Week 6 - VPN, IPSec Theory, PKI, VPN types and mode, etc
Week 7 - DMVPN - Definitely going to help with the CCIE R&S
Week 8 - GET VPN and Flex VPN
Week 9 - SSL VPN, EasyVPN (ha! Marketing name, you lie!), RA VPN, Clientless VPN

Next week we're deep diving in to VPN load balancing, HA and mobility. After that, we'll be taking a break from the 5 week VPN onslaught and heading right into content security! Weeeeee. Did I mention I love this class?

So am I right in thinking CCIE Security might be on the cards after R&S?

fumanchu

Hello Iristheangel:

Enjoy reading the post and your blog.

I have done my IE (Voice) a couple of years ago. However, I find myself troubleshooting routing, switching and VPN often. Once the Voice apps are running and phones registered, the action is fully focused on the voice gateway routers, switches and VPN (for vpn phone and mobile); an area that I am not knowledgeable, especially security. I decided to take up CCIE Security but I found a lot of R&S incorporated. So, I have decided to pursue my IE R&S and eventually do Security.
Will I be able to do this course (ZtoH) with ccna R&S knowledge? Is this course geared toward IE Security? 4 months full access to the rack is awesome. Just the cost of the course is equivalent to the rack rental, and I am comparing it to the cheapest rental)

Best with your course and eagerly waiting for your class updates.

Fumanchu

Iristheangel

@Fumanchu - Absolutely. They recommend at least CCNA R&S knowledge so you should be fine

Iristheangel

Week 10 of the class. We finally finished VPN. Coming up this week: ISE 2.0. That will be a FUN class.

For anyone interested in taking this class, it seems they'll be starting the next class around the March 12th timeframe so jump on it if you're interested. Definitely worth the money.

fumanchu

I am looking to join the August batch. That would give me time to do my CCNP Security and some hands on

fumanchu

Hello Iris:

Is the security rack accessible 24x7 during the 16 weeks?

Cheers

Iristheangel

Yes it is

fumanchu

This 16 weeks package with lab access looks like a great deal. Glad I stumbled across your article. On another note, would you recommend WGU?

Regards,
Fumanchu

mitchflossin

Hey Iris - thanks for keeping us updated with the class. I'm very much interested and hoping to convince my boss to let me take the course. A couple of questions for you if you don't mind.

1. You mentioned the instructor had a bit of an accent; does he have any youtube videos or anything where I might be able to hear what he sounds like? Or do you feel like it's a non-issue? I'd hate to spend that kind of money and struggle to understand him. That'd be a mighty long 16 weeks.

2. After taking this course, would it be reasonable to expect to be able to pass all 4 (or any) of the CCNP Security tests?

Thank you so much and glad you're enjoying the course!!

mitch

Iristheangel

1. He does have an accent. He's from Poland. His name is Piotr Matusiak and I was a bit nervous going in that I wouldn't be able to understand him either given that I couldn't find a public video of him speaking in English. It ended up being a non-issue. I found his pretty easy to understand. I think the only word he sometimes kinda slips on is "commands." Sounds like "comments" to me :P I believe you should be able to watch some old videos of his in English here: Narbik Academy | "If you can't explain it simply, you don't understand it well enough"

2. I think so. You'll definitely have deep-dived into ISE, VPN, IOS security, etc. The only thing you won't cover directly is the old old old IPS that's not sold by Cisco anymore. For the purpose of this course, they decided to skip it for obvious reasons but that might still be on the CCNP exams. They do provide workbooks that go through them though so that should fill in a bit for you.

Legacy User

@Iris

I think by default you have to do the CCIE Sec next lol. Great write up on this class, 16 weeks of deep dive for $3500 with 24/7 rack access is a deal and a half. I know most bootcamps charge that for a week. If I could get my boss to pay for it I'm in there lol.

Iristheangel

fumanchu wrote: »

This 16 weeks package with lab access looks like a great deal. Glad I stumbled across your article. On another note, would you recommend WGU?

Regards,
Fumanchu

Sorry. Didn't see the WGU question. Yes. I would recommend it. It checks the degree box and I felt like I learned a lot during my BS. The MS was a lot more boring to be honest but I don't regret either and would recommend it.

jelexy

The prerequisite for this class is unbelievable - Just CCNA R&S ...Really? The topic discuss sounds more advanced topic! I maybe wrong, but I think a CCNP Sec or a few years of exposure to Cisco security appliance is a must for this training.

Iristheangel

It wouldn't be "zero" to "hero" if you started in the middle There's a couple topics I definitely started as a zero on: VPN and ESA/WSA

It definitely helped me a lot. It does require a LOT of work through to be honest. It's not just 8 hours a week... Because to get the most out of it, rewatching the class every week, labbing the tasks and working through the workbooks is key. That's a full-time study job in itself but it definitely will catapult you in security. One thing to note and why I decided to take the class: No other Cisco Learning Partner has a Firesight/Firepower v6.0 or ISE 2.0 class. I believe the closest they have is Firesight v5.4 and ISE 1.3. In time, they'll have it when Cisco marketing decides to pump one out with marketing material and enough slides to lull you into a coma but this guy is 100% CLI and whiteboard so it's a lot more fun. That might be a personal preference but I definitely do NOT learn through powerpoint

Iristheangel

Interesting. Just got the email this morning about IPExpert has teamed up with Micronics to resell the Z2H class with some additional goodies:
https://www.ipexpert.com/Cisco/CCIE/Security/zero-to-hero-bootcamp

You can still buy it through Micronics at lower cost and use learning credits there or pay $499 more to get the Micronics class + IPX's Security workbooks and IPX's CompTIA Security+/CCNA Security/CCNP Security/CCIE Security VODs for a year. Not a bad deal if you're starting from zilch. Both are a good deal but it all depends on where you're starting from. Just throwing it in here since it's news to me as well and if someone is REALLY wanting to start at the basics, this might be a better option.

koz24

Cool stuff Iris, I've been following the thread and the IPX deals makes sense for someone like me. Now if I can just save up the $4k lol.

chrisone

That is very good stuff Iris! Thanks for the update!

Interesting look from IPX. Good to hear they are supporting Micronics.

deshiman

IPX says their class will prepare students to CCIE level, but Micronics says their class would prepare "up to" CCIE level.
Anyways, I have a unique situation. I have all the video training from skillsoft (gift from WGU), and got half of the lab equipment in my garage. Since I dont know how to setup Cisco ISE, WSA/ESA and couple other apps, I am stuck. I desperately need help setting them up for lab exercises. I dont feel like or could afford to spend thousands of dollars for bootcamps. I'm thinking about buying the CCIE workbooks, so at least I can get some configuration samples.
Any ideas?

Iristheangel

The IPX and Micronics class is the same class. IPX is just reselling it at a premium and adding their workbooks and videos to it which definitely can help if someone is starting fresher.

As far as your problem, There's a LOT of documents out there, config guides, quickstart guides, etc that can help you through the basic setup of ISE/WSA/ESA. That shouldn't be so hard. As far as self-studying to a CCIE-level and keeping those costs down? That's going to be a bit problematic. Definitely not saying it's impossible but if you're in it for the long-haul, expect to spend $10-15K on average and 1-3 years depending on your experience. I would suggest maybe looking for a job with a partner or vendor who will pay for your training - that'd probably work more to your advantage

fumanchu

@deshiman:
When I had started my IE Voice track I had bought all the devices (2811 routers, switches, VWIC, HWVIC, Esxi) and had no idea how it would work. Toiling, and tinkering with your home lab is tedious BUT it is also so much fun. After a year working on my home rack, I helped a friend setup and configure his entire Voice rack from scratch in 7 hours.
I don't have the coins to procure a IE Security rack, but most people make virtual (Sec and DC) labs with ASA, vASA, WSE, Nexus7, VPN, IPS, etc. 95% of the INE/IPX/Narbik labs can be done with UNet lab/GNS.
Or, you could simply rent racks (rackrentals) and follow the workbook of the vendors. Getting the All Access Pass from INE will allow you to access their Security videos and also participate in their Blogs for any hardware or lab queries. Further, it is very helpful to join the study groups.

Iristheangel

Spent most of today organizing my notes from the class, indexing them into one big massive word doc with a table of contents and indexing. After everything was condensed and indexed, I had 370 pages of notes from over 13 weeks. Now that they are organized, I think it'll make it a lot easier for when I come back to do the CCIE Security. I'm stubbornly refusing to even think about the CCIE Security until they update the exam. I want a challenge with technology I will be touching daily, not this old dinosaur technology that's currently on the lab (ISE 1.1, pre-8.3 NAT, 4200 IPS, etc).

Today's class was a bit of a freebie. The students wanted to learn about old NAT and IPS since a couple were taking the lab soon so I skipped today. The instructor did go over how to build the class topology and where to get the licenses for a good hour so that was the one takeaway from the class.

Next week is ESA and then the week after is IOS security and Lancope. The Lancope part got added in there at the last moment so I'm excited about that. I currently have Lancope set up on Pxgrid in my lab but it's not doing much more that remediation and monitoring. I've love to dig deeper and customize it some more and be more proactive with Lancope POCs. I definitely see myself getting a lot out of that week.

fumanchu

Hi Iris:
What was your motivation to choose Security after achieving your IE in DC? I noticed people with IE DC would go for Collaboration or R&S as their second IE pursuit

Iristheangel

I'm not going after the CCIE Security. At least not until they update the exam. Currently the CCIE Security lab exam is REALLY long in the tooth so I won't bother on the current version of the exam. I'm studying for the R&S right now but I took this course since it had all the new versions of software and it would help me in my day job. I consider this more "job training" that I can use for the CCIE Security down the road since I'll be pursuing it one day.

fumanchu

I have been fiercely deciding whether to go the R&S route or Security. Your post has made it easier for me to take up R&S. I have heard the IE Sec labs incorporate a heavy dose of R&S (security related). Hence, a strong R&S knowledge would be very helpful.
All the best with R&S.

Iristheangel

Given what I've seen of the CCIE blueprint, there seems to be less routing and switching in the CCIE Security than DC (which didn't have a lot).