O'Reilly logo
live online training icon Live Online training

CCNA Cyber Ops SECOPS crash course 210-255

Get ready to crush the Cisco CCNA Cyber Ops SECOPS exam (210-255)

Charles Judd

As the number of cyberattacks and data breaches continues to increase, so does the demand for cybersecurity talent. Employers are eager to fill these positions, but many estimates suggest a global workforce shortage in the millions. Cisco created the CCNA certifications to help address this challenge by preparing candidates for associate-level positions. CCNA Cyber Ops is Cisco’s newest certification offering, geared towards candidates interested in security analysis. This two-part certification serves as an entry point to a cybersecurity career. This hands-on three-hour training course provides a crash course in the second exam of the series, the SECOPS 210-255, which completes certification requirements.

Join instructor Charles Judd as he walks you through the SECOPS 210-255 exam. You'll get an overview of the important topics you need to know to pass the exam, including threat analysis, cybersecurity forensics, incident response, compliance frameworks, network and host profiling, and intrusion events. Along the way, you'll explore real-world examples and jump into some live lab exercises designed to help ensure success on the exam.

What you'll learn-and how you can apply it

By the end of this live online course, you’ll understand:

  • Threat analysis
  • Forensics concepts
  • Intrusion analysis
  • Incident response teams
  • Compliance frameworks
  • The cyber kill chain model

And you’ll be able to:

  • Analyze threats and intrusions
  • Describe cybersecurity forensics principles
  • Identify important security frameworks
  • Know the important features of network and host profiling
  • Recognize the parts of the cyber kill chain model

This training course is for you because...

  • You've already passed or have prepared to take Cisco’s 210-250 SECFND exam, and you need to complete the requirements for Cisco’s CCNA Cyber Ops certification.
  • You're working toward an associate-level cybersecurity analyst role within a security operations center.


Materials or downloads needed in advance:

  • A running installation of Kali Linux, either as a standalone machine or a virtual instance

Recommended preparation:

About your instructor

  • Charles Judd is a content developer and technical instructor at Kevin Wallace Training, LLC (https://kwtrain.com), a provider of self-paced training materials that simplify networking topics. He holds a bachelor of science in network security, an associate of science in applied technology, an associate of science in machine technology, a CCNA in routing and switching, and many other industry-specific certifications. Charles is currently in progress on the CCNP Routing and Switching track. His real-world experience includes a decade of CNC programming and operation, duties as a network engineer for a healthcare and HIPAA compliance-focused managed service provider, and freelance graphic/web designing and IT consulting. Charles lives in central Kentucky with his wife and their three sons.


The timeframes are only estimates and may vary according to how the class is progressing

Threat analysis (25 minutes)

  • Lecture: The CIA triad; considerations for attacks; attack complexity and vectors; how to use threat modeling to prepare

Introduction to forensics (25 minutes)

  • Lecture: Cybersecurity forensics fundamentals; the importance of the chain of custody; common places to find forensic evidence in Windows, Linux, and macOS systems
  • Hands-on exercise: Use Kali Linux tools Autopsy and Sleuth Kit for digital forensics

Break (10 minutes)

Incident response (25 minutes)

  • Lecture: Incident response plans, processes, and team structures; how security teams work together; how they operate during incident response

Compliance frameworks (25 minutes)

  • Lecture: Common compliance frameworks that are industry standards, based on the organization’s duties; important features for security credit card payments, personally identifiable information (PII), and protected health information (PHI)
  • Hands-on exercise: Explore the distinction between PII and PHI with a hands-on quiz

Break (10 minutes)

Network and host profiling (25 minutes)

  • Lecture: Methods for profiling networks and hosts in order to assess vulnerabilities, including throughput, sessions, port usage, running processes, tasks, and applications, all from a security vulnerability standpoint
  • Hands-on exercise: Examine important profiling features on your system and determine baseline readings

Intrusion events (25 minutes)

  • Lecture: The cyber kill chain; the stages of a malware attack; how to identify and stop such attacks

Wrap-up and Q&A (10 minutes)