Micronics Zero to Hero Security Course

IristheangelIristheangel Mod Posts: 4,133 Mod
I just wanted to start a thread on this class I started today to document my journey through this class from beginning to end. I'm putting this under CCNP: Security since while I do think it's marketed as a "Zero to CCIE" class, I probably will have more luck at being closer to CCNP: Security worthy after 16 weeks than CCIE.

I heard about this class from Narbik's Facebook page and it looked really interesting to me because it was being taught by a Cisco Advanced Services guy who is on the A-team which means he'd have some great insightful experience and they decided to teach material that wasn't on the CCIE Security exam such as Firepower/Sourcefire which made it a lot more useful and probably future-proof that knowledge since I'm sure the CCIE Security is up for a refresh very very soon.

This class is about 16 weeks long. It's run online via Webex with access to remote labs every Saturday. All of us students thought were were only going to have access to the lab racks for the course of the class on Saturdays but we found out today that would we get remote access to the pods for all 16 weeks of the class which is awesome. Prior to starting the class, we were sent Webex details and a 350 page lab guide that would cover the first 2 weeks of the class (ASA configuration). The weekly agenda breakdown can be viewed here: Security Zero-To-Hero | Micronics Training

One thing to note is that the instructor is from Europe and he does have an accent but I didn't find it too thick or hard to understand. That may be me personally but I always found it easier to understand European accents.

So the raw details of the class so far is this:
- Cost: $3500
- Venue: Online via Webex
- Length - 16 courses spanning over 16 weeks on Saturday
- Lab access: Yes, during the entire 16 weeks we get access to pods to lab all this up
- Workbooks: Yes, we've provided with customized workbooks for the class. It's day 1 and I've only received the ASA workbook so far which is 350 pages co-written by the instructor and Narbik for this course. I suspect they will be adding more workbooks once we get to Firepower, WSA, ISE, etc.


I'll try to write up a review of what I think at the end of every week on here so if anyone else is interested in jumping in the next class they run, they get an idea of what it's all about and from the perspective of a student.
BS, MS, and CCIE #50931
Blog: www.network-node.com
«13456

Comments

  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    Sounds very interesting, is your employer paying for this?
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Nope. I paid for this out of pocket. If I asked my employer to pay, they would have required me to take a certification after or I would not have get my future CCIE R&S bootcamp paid for. This I did for fun and is certainly is fun :)
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    Man, there's just no downtime for you is there?

    icon_study.gificon_study.gificon_study.gif
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    LoL. My entire early and mid 20s was nothing but downtime. I'm making up for it now
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JobeneJobene Member Posts: 63 ■■■□□□□□□□
    Or like Ghandi "Live as if you were to die tomorrow. Learn as if you were to live forever" ;)Please give us some feedback about the course ;)=)
  • Mike-MikeMike-Mike Member Posts: 1,860
    sorry if my reading is the dumbz.. but is it only on Saturdays? or are you going to class during the week and saturday?
    Currently Working On

    CWTS, then WireShark
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Mike, it's only on Saturdays and it's online. They give us a big lab workbook and access to lab pods through the whole week which as ISE 2.0. Firepower 6.0 (just released a day or two ago), ASAs, CSR1000v, etc.


    Ok, here's my update. Week 2: My brain just got broken. A lot. We just went though NAT types, manipulating them, MPF, and some other things but MAN... this guy is super deep. I'm definitely going to be re-watching the videos of today's session. That was amazing. Even though this guy isn't Narbik, it's very Narbik-style in terms of "here's a subject, here's some more, and here's the DEEP dive - now let's lab it out and try some crazy stuff we can do" :P

    So far, this is the best $3000 I've spent on any technical security education in my career so far
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□
    Since I have 0 access to the actual hardware I'd be interested in this class. Is it just recorded videos and accompanying labs?

    I'd be willing to pay for it or get a small loan if you feel like the quality of the class is good. I have my NA Security and would love be a NP Security (and possibly an I.E. security).
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    Like the previous poster, I'm highly interested in this as my rough certification outline involves the NP:Sec and IE:Sec and this sounds like a pretty nice class, although $3500 is a big ouch. I'll be following this so keep us updated how things go!
    Latest Completed: CISSP

    Current goal: Dunno
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    @Spider - It's a live class via Webex every Saturday. After the session ends, you get the video that you can watch for approx 30 days after each class. I like to review the video during the week because the guy is a machine gun and I'm always finding more information after rewatching.

    As far as the equipment, we're using ASAv 9.5, CSR1000v 15.5 for the routers, Windows 2008 servers, CDA 1.1, ISE 2.0, Firepower 6.0, etc. This is the class topology that we get to lab for 16 weeks of unrestricted access:



    The access to the lab is worth the price of admission alone to be honest but the instructor is honestly amazing and really knows his stuff so that just makes it even better. Add to that, the huge workbooks we're getting to lab everything out (first three weeks is a 350 page workbook on ASAs alone and more workbooks coming) and the individual tasks he's giving us outside to lab every week.

    Most 5-day bootcamps are $3500 and you get access to a pod for only those 5 days. This is approx 16 days over 16 weeks though I suspect it might go longer if the class is really slow. He has said that it's ok if he needs to slow down because it's important we get all the subject matter. $3500 for a 16 days of bootcamp plus 4 months of rack access, workbooks, etc is a steal imho.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□
    I'm overseas so access to the live sessions would be next to impossible. So with my schedule I'm looking for CBTs and accompanying labs to help enforce the lesson material. I don't have access to the Cisco specific software (Firepower, ISE, etc). My desktop definitely can't run that topology lol. Maybe I can shoot Mrs Kocharian a note to see my options.

    It sounds like a good investment. I appreciate the feedback.
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Definitely reach out. The gentleman running the class is in Europe so its afternoon for him when he runs the class. Definitely reach out to Janet. I know they had a couple open spots in this class. You would have to catch up on two videos but maybe they offer a discount for starting late (speculating). Can't hurt to ask. 14 weeks of lab access is stil awesome
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • 21ctl21ctl Banned Posts: 93 ■■□□□□□□□□
    good review from you, happy about the access, waiting for DC class to start mind May.
    how is R&S studies coming along
  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    This might sound off but how do you sign up for this? I visit their website and it looks half broken. I just want to check out scheduling information.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    The class already started so it probably isn't going to let you sign up on the webpage. E-mail sales@micronicstraining.com and she should get you information
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    The class already started so it probably isn't going to let you sign up on the webpage. E-mail sales@micronicstraining.com and she should get you information

    Thanks! Will do!
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    I'll update this week's review later. I ended up missing most of the class on Saturday so I'm going to have to catch up by re-watching the video over the week. We have next week off thanks to Thanksgiving and the week after, we should be starting Firepower. That was supposed to be on the schedule for this week but Advanced ASA topics took a bit longer. The instructor has made pretty clear that he'll take an additional week on a class if the subject matter warrants it just to make sure we cover all the topics so that's pretty nice.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • jamthatjamthat Member Posts: 304 ■■■□□□□□□□
    Sorry if I missed it while skimming through here, but what's the recommended experience level going into this course???
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    In the first class, Piotr recommends at least a CCNA Rotue and Switch. You don't have to have a CCNA Security or anything like that. Of the classes he's done so far, he's covered the following:
    Week 1: Basic ASA, ASA modes, interface configuration, ASA Management, traffic flow, troubleshooting tools, etc
    Week 2: All things NAT, Modular Policy Framework (MPF) and manipulating it all
    Week 3: QoS, Firewall clustering, Threat Detection & Botnet, ID Firewall, PBR, Transparent firewall, etc

    Piotr said that we'll make up some of the time we spent on these topics on some of the easier sections that won't take up the whole day even though we have a whole day on the outline like ESA/WSA.

    The guy running the class is a machine gun for sure so I take notes like a man woman during the class but I force myself to rewatch the video and lab it out while he's explaining it. I always end up doubling my notes this way and get a better understanding
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • OctalDumpOctalDump Member Posts: 1,722
    jamthat wrote: »
    Sorry if I missed it while skimming through here, but what's the recommended experience level going into this course???

    Yeah, I looked at that and what Iristheangel says, and then her experience...

    It seems a little intense. Certainly not something I would attempt off the back of a CCNA R+S.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • jamthatjamthat Member Posts: 304 ■■■□□□□□□□
    OctalDump wrote: »
    Yeah, I looked at that and what Iristheangel says, and then her experience...

    It seems a little intense. Certainly not something I would attempt off the back of a CCNA R+S.

    Right? Weeks 1-2 seem like they go above and beyond CCNA Sec material alone. Seems awesome though, I haven't heard of this. Seeing as how I'm starting to dabble in a little more of all of this stuff as certain responsibilities (hopefully) get handed off to me at work, this would be a solid training in place of SANS for next year if the timing of the next course works out.

    Thanks Iris!
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    If they didn't record the classes, give you a pod to play in the entire time, and give you workbooks, yeah... it'd be too intense to really get through. I wouldn't say it's for someone with ZERO professional experience but someone who's touched Cisco IOS (not ASA specific) and has a good 1-2 years of networking experience would get a lot of out this class.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Week 4 of the class: Firepower part 1. It started out with me thinking I was going to be way ahead of the curb and by the end, I was madly scribbling notes to keep up. Re-reviewing the videos every week definitely helps. For the first 3 weeks, we had a "Mastering ASAs" lab workbook that was approx 350 pages. This week, they ended up giving us another 200 page workbook on Firepower/Sourcefire which has been excellent.

    I have to say... I'm REALLY loving this class. I have a sneaking suspicion that we'll probably end up doing more that 16 weeks in this class because the instructor is dead set on us really understanding the topics but I'm loving it so far. We have a pretty bright group on this class so no one is bogging us down and we've had some insightful conversations.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Week 5 of the class: An even deeper dive into Firepower. We went through AMP, AMP for endpoints, more complex IPS rules, troubleshooting, logging, etc. I think next week we start into approx 3-4 weeks of straight VPN so that'll be interesting. If Micronics ends up having this instructor (Piotr) do any other Z2H type classes, I would not to join in on it. He's got a good machine-gun style of teaching that's pretty clear. On the risk of sounding repetitive, this class isn't meant to be sat for 8 hours a week and turn you into an expert. Instead, he goes through the content consistently and clearly but you'll get lost if you just give it one listen to. I always sit the class but probably lose track thanks to ADHD halfway through then give the recording 1-2 hours a night where I type notes out in Google Docs and lab up the tasks. By the time the next class comes around, I feel like I'm pretty strong in the previous weeks topics.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • 21ctl21ctl Banned Posts: 93 ■■□□□□□□□□
    very good review about the class, sounds very interesting..cannot wait for the dc class next year
    happy xmas season
  • Mike-MikeMike-Mike Member Posts: 1,860
    We went through AMP, AMP for endpoints, more complex IPS rules, troubleshooting, logging, etc.


    how is AMPS? I briefly looked into it, but no one was very familiar with it
    Currently Working On

    CWTS, then WireShark
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    @Mike - I run it at home and in my lab for Endpoints. It's a good product and integrated with Threatgrid so it has some pretty awesome sandboxing and analysis utilities to detect zero day malware and help you mitigate it. I love the File and Device trajectory views so I can see how big my mess is, where it spread to, what action did the file take, etc. Just to give you an idea, here's the dashboard when I login:


    It's pretty easy for me to switch over to Events and check out different files received, their disposition, what action was taken, the File Anaysis in the sandbox, etc:


    Under the File Analysis, i can see the threat score and the high-level indicators of why it was determined to be malware:


    If I click that Report button, I get to see WAYYYYY more information:
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    From here, you can see the whole file analysis report. It'll tell you how long it took to determine that the file was malware (6 minutes), the comprehensive report of behavioral indicators, what action the file took when executed in the sandbox, what it changed, what network traffic was generated, etc:


    On the top of the report, you can also download the sample in a compressed and password-protected format if you really feel the need, you can actually watch a video replay of it being executed in the sandbox, download the PCAP captures of the network traffic the malware generated and download the artifacts that the malware produced.

    As far as the File Trajectory or Device Trajectory feature, this is how it looks:




    So as you can see, definitely seeing a lot of data. Files and changes are tracked and if a file is changed from the disposition of Clean or Unknown later on, it will alert you, tell you where it spread and give you the ability to pull it out of all the infected hosts. It's some cool stuff.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    This week is the start of multiple weeks of VPN. I'm noticing a trend in this class for me personally:
    - Class starts
    - 10 minutes in, I'm feeling like I already know the material and it's going to be a coasting week...
    - 30 minutes in, I say to myself: "Hmmm... that's new. I'm going to start taking some notes..."
    - 60 minutes in: *scribble* *scribble* *scribble*
    - 90 minutes in: "F it. I'm not going to get everything in the first pass..." and I just give up on notes and sit back.
    - 2 hours in: Brain explodes

    I ALWAYS end up rewatching the class a little at a time throughout the week and always try to finish by the time the next class rolls around. I probably have over 200 pages of notes from 5 weeks of class now. Amazing stuff. I paid for this class out of pocket and I still can get enough. I thought I knew Firepower prior to this class.... I was so so so so wrong. I had to accept that around the time we were manipulating preprocessors, playing with IPS layers, and examining/creating raw SNORT rules that I was so so so wrong and it's AWESOME. This is exactly what I hoped for out of a class and I rarely get: Mostly new material and a solid deep dive with lots of foundation included.

    One thing this class is inspiring me to do is go after my Sourcefire Certified Expert certification. I'd have to get the SSFIPS and SSFAMP exams out of the way. I checked out the SSFIPS book on Safari and it looked like most of the stuff this class already covered so I might not really need to read the book and feel pretty comfortable with most of the topics of the exam. The SSFAMP one has me a little worried. I couldn't find any VODs or books online about it and the only class I see is one through Cisco Learning Partners for 2-3 days for $2000. Not sure if that's really worth it or it's not something I can just self-study and knock out.

    Anyways, this week is ALL about VPN theory and DMVPN. If you want to ever believe that theory is going to be a light week, check that notion at the door with this class (I mean that in an awesome way). I'm happy to report that at Week 6, this class is still worth the money and the quality hasn't dropped. It's supposed to be a 16 week class but I suspect it might end up being closer to 17 weeks. We got stalled up on the third week with ASA concepts so we're going to have to spend a week going over what we missed: BotNet, Threat Detection, ASA Clustering, etc on the ASA native platform. That being said, I'm very much appreciative of the fact that he's not going to make us miss concepts just because we didn't cover it on the day it was scheduled.

    That's all for me this week on this class :)
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • Mike-MikeMike-Mike Member Posts: 1,860
    thanks for the detailed review, AMPS looks pretty legit
    Currently Working On

    CWTS, then WireShark
Sign In or Register to comment.