Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

CCNA Cyber Ops Training Boot Camp

Infosec’s authorized CCNA Cyber Ops Boot Camp is an intense two-day training designed to build a foundation of skills around cybersecurity operations. You will acquire the skills necessary to begin a career working with associate-level cybersecurity analysts within a security operations center (SOC).

Train from home — save up to $1,000

Get expert, live instruction without having to travel with an Infosec Flex Pro boot camp. We’ve trained 1,000s of students online over the past 5 years, helping our clients meet their career goals wherever they are most comfortable studying.

Now through the end of the month, you can enroll in any online Infosec Flex boot camp and save up to $1,000.

Earn your CCNA Cyber Ops, guaranteed!

Boot camp overview

There is a growing need for security professionals in the business world. As awareness of security threats grow, businesses of all sizes are beginning to understand the need for increased preparedness against these threats. Our CCNA Cyber Ops Boot Camp is an excellent starting point for those interested in a career in this exciting, challenging and growing field.

This boot camp builds your foundation of cybersecurity knowledge and skills — with the goal of preparing you for the responsibilities of an entry-level security analyst working in a SOC. It also prepares you to validate your new skills by earning your CCNA Cyber Ops certification.

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

  • Two days of intense instruction with an expert instructor
  • Infosec digital courseware (physical textbooks available to purchase)
  • 90-day access to replays of daily lessons (Flex Pro)
  • CCNA Cyber Ops exam vouchers (210-250 and 210-255)
    • In class: Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0
    • Post class: Implementing Cisco Cybersecurity Operations (SECOPS) v1.0
  • 4-month subscription to Infosec Skills
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Industry-leading exam pass rates

Infosec’s CCNA materials are always up to date and synchronized with the latest Cisco exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Cyber Work with Chris Sienko

Best Cybersecurity Podcast

2019 Wisconsin Innovation Award


Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Who should attend?

  • Network engineers
  • Network administrators
  • Systems administrators
  • System engineers
  • IT managers/directors
  • Anyone looking to improve their network skills


Prior to enrolling in our authorized CCNA Cyber Ops Boot Camp, you should have a sound working experience with basic network security and TCP/IP.

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee

Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Exam 1: Understanding Cisco Cyber Security Fundamentals

This boot camp goes in-depth into the fundamentals of security and prepares you to pass the first (210-250) of the two exams needed earn the CCNA Cyber Ops certification. You will be introduced to fundamental security concepts, with a focus on how these concepts are presented on the test.

Topics covered in the exam include:

  • Network concepts
  • Security concepts
  • Cryptography
  • Host-based analysis
  • Security monitoring
  • Attack methods

Exam 2: Implementing Cisco Cybersecurity Operations

After completing the bootcamp, you will receive access to the training content for the second exam (210-255) required to earn the CCNA Cyber Ops certification. With four-months unlimited access to the state-of-the art Infosec Skills online training platform, you will be able to prepare for the SECOPS exam at your own pace and also brush up your knowledge on other topics by exploring over 500 courses.

Topics covered in the exam include:

  • Endpoint threat analysis and computer forensics
  • Network intrusion analysis
  • Incident response
  • Data and event analysis
  • Incident handling

Can’t get away for a week?

Learn cybersecurity on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 70+ learning paths
  • 500+ courses
  • Cloud-hosted cyber ranges and hands-on projects
  • Skill assessments and certification practice exams
  • Infosec community peer support

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

CCNA Security Boot Camp details

CCNA Cyber Ops – Understanding Cisco Cyber Security Fundamentals (200-250)

Network concepts

  • Function of the network layers as specified by the OSI and the TCP/IP network models
  • Understanding the operation of the following:
    • IP
    • TCP
    • UDP
    • ICMP
  • Operation of common network services
    • ARP
    • DNS
    • DHCP
  • Basic operation of different network device types
    • Router
    • Switch
    • Hub
    • Bridge
    • Wireless access point (WAP)
    • Wireless LAN controller (WLC)
  • Functions of common network security systems as deployed on the host, network or the cloud:
    • Firewall
    • Cisco Intrusion Prevention System (IPS)
    • Cisco Advanced Malware Protection (AMP)
    • Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
    • Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)
  • IP subnets and communication within an IP subnet and between IP subnets
  • Relationship between VLANs and data visibility
  • Operation of ACLs applied as packet filters on the interfaces of network devices
  • Deep packet inspection compared to packet filtering and stateful firewall operation
  • Inline traffic interrogation compared to taps or traffic mirroring
  • Characteristics of data obtained from taps or traffic mirroring compared to NetFlow in the analysis of network traffic
  • Identifying potential data loss from provided traffic profiles

Security concepts

  • Principles of the defense in depth strategy
  • Understanding key cybersecurity risk concepts
    • Risk
    • Threat
    • Vulnerability
    • Exploit
  • Understanding key terminology
    • Threat actor
    • Run book automation (RBA)
    • Chain of custody (evidentiary)
    • Reverse engineering
    • Sliding window anomaly detection
    • PII
    • PHI
  • Understanding key security terminology
    • Principle of least privilege
    • Risk scoring/risk weighting
    • Risk reduction
    • Risk assessment
  • Access control models
    • Discretionary access control
    • Mandatory access control
    • Nondiscretionary access control
  • Understanding key network security terminology
    • Network and host antivirus
    • Agentless and agent-based protections
    • SIEM and log collection
  • Understanding key security management concepts
    • Asset management
    • Configuration management
    • Mobile device management
    • Patch management
    • Vulnerability management


  • Uses of a hash algorithm
  • Uses of encryption algorithms
  • Symmetric and asymmetric encryption algorithms
  • Processes of digital signature creation and verification
  • Understanding the operation of a PKI
  • Security impact of commonly used hash algorithms
    • MD5
    • SHA-1
    • SHA-256
    • SHA-512
  • Security impact of commonly used encryption algorithms and secure communications protocols
    • DES
    • 3DES
    • AES
    • AES256-CTR
    • RSA
    • DSA
    • SSH
    • SSL/TLS
  • How the success or failure of a cryptographic exchange impacts security investigation
    • Understanding key items related to SSL/TLS
    • Cipher-suite
    • X.509 certificates
    • Key exchange
    • Protocol version
    • PKCS

Host-based analysis

  • Understanding important terminology related to Microsoft Windows OS
    • Processes
    • Threads
    • Memory allocation
    • Windows Registry
    • WMI
    • Handles
    • Services
  • Understanding key terminology pertaining to Linux
    • Processes
    • Forks
    • Permissions
    • Symlinks
    • Daemon
  • Functionality of endpoint technologies in regards to security monitoring
    • Host-based intrusion detection
    • Antimalware and antivirus
    • Host-based firewall
    • Application-level whitelisting/blacklisting
    • Systems-based sandboxing (such as Chrome, Java, Adobe reader)
  • Interpreting operating system log data to identify an event
    • Windows security event logs
    • Unix-based syslog
    • Apache access logs
    • IIS access logs

Security monitoring

  • Identifying the types of data provided by common security technologies
    • TCP Dump
    • NetFlow
    • Next-Gen firewall
    • Traditional stateful firewall
    • Application visibility and control
    • Web content filtering
    • Email content filtering
  • Types of data used in security monitoring
    • Full packet capture
    • Session data
    • Transaction data
    • Statistical data
    • Extracted content
    • Alert data
  • Understanding security monitoring concepts
    • Access control list
    • NAT/PAT
    • Tunneling
    • TOR
    • Encryption
    • P2P
    • Encapsulation
    • Load balancing
  • NextGen IPS event types
    • Connection event
    • Intrusion event
    • Host or endpoint event
    • Network discovery event
    • NetFlow event
  • Function of common protocols in the context of security monitoring
    • DNS
    • NTP

Attack methods

  • Difference between an attack surface and vulnerability
  • Common network attacks
    • Denial of service
    • Distributed denial of service
    • Man-in-the-middle
  • Common web application attacks
    • SQL injection
    • Command injections
    • Cross-site scripting
  • Social engineering, phishing, and evasion methods
  • Common endpoint-based attacks
    • Buffer overflows
    • Command and control (C2)
    • Malware
    • Rootkit
    • Port scanning
    • Host profiling
  • Common evasion methods
    • Encryption and tunneling
    • Resource exhaustion
    • Traffic fragmentation
    • Protocol-level misinterpretation
    • Traffic substitution and insertion
    • Pivot
  • Privilege escalation
  • Difference between remote exploits and local exploits

CCNA Cyber Ops – Implementing Cisco Cybersecurity Operations (210-255)

Endpoint threat analysis and computer forensics

  • Interpreting the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
  • Understanding important terminology as defined in the CVSS 3.0 (attack vector, attack complexity, scope, etc.)
  • Understanding key concepts pertaining to the Microsoft Windows file system (FAT32, NTFS, alternative data streams, etc.)
  • Understanding key concepts pertaining to the Linux file system (EXT4, journaling, MBR, etc.)
  • Three types of evidence (best, corroborative, indirect)
  • Altered and unaltered disk image
  • Role of attribution in an investigation

Network intrusion analysis

  • Interpreting basic regular expressions
  • Understanding the fields in common protocol headers (Ethernet frame, IPv4, IPv6, HTTP, etc.) as they relate to intrusion analysis
  • Identifying the elements from a NetFlow v5 record from a security event
  • Identifying key elements (source address/port, destination address/port, payload, etc.) in an intrusion from a PCAP file
  • Extracting files from a TCP stream with Wireshark
  • Interpreting common artifact elements from an event to identify an alert
  • Mapping events to common source technologies (NetFlow, IDS/IPS, firewall, etc.)
  • Evaluating impact of true/false positives/negatives
  • Interpreting an intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

Incident response

  • Essential elements of an incident response plan as stated in NIST.SP800-61 r2
  • Mapping elements to steps of analysis based on the NIST.SP800-61 r2
  • Mapping the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61r2)
  • Goals of different types of CSIRT (internal CSIRT, national CSIRT, coordination center, etc.)
  • Understanding elements used for network profiling (total throughput, session duration, ports used, etc.)
  • Understanding elements used for server profiling (listening ports, logged in users/service accounts, running processes, etc.)
  • Mapping data types to compliance frameworks: PCI, HIPAA, SOX Act
  • Identifying data elements that must be protected with regards to a specific standard (PCIDSS)

Data and event analysis

  • Process of data normalization
  • Interpreting common data values into a universal format
  • 5-tuple correlation
  • 5-tuple approach to isolate a compromised host in a grouped set of logs
  • Using retrospective analysis method to find a malicious file
  • Identifying potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
  • Mapping DNS logs and HTTP logs together to find a threat actor
  • Mapping DNS, HTTP and threat intelligence data together
  • Identifying a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
  • Differences between deterministic and probabilistic analysis

Incident handling

  • Understanding types of intrusion events into these categories as defined by the Cyber Kill Chain Model
  • Applying the NIST.SP800-61 r2 incident handling process to an event
  • Incident handling activities
  • Understanding evidence concepts as documented in NIST SP800-86 (evidence collection order, data integrity, data preservation, volatile data collection)
  • Applying the VERIS schema categories to an incident