After six months of effort and a $300 investment, I achieved my CCNA certification around two years ago. As the three-year renewal deadline approached, I needed an efficient way to earn Continuing Education credits and renew my certification. That is why when Cisco announced the Rev Up to Recert learning path for Splunk in September, I knew I could not miss this golden opportunity to renew my certification and learn about Splunk at the same time.
What is Rev-Up to Recert?
All Cisco certifications have a 3-year validity period, and certificate holders are required to earn continuing education (CE) credits to maintain their certification status. This requirement is necessary as technology is constantly evolving and it is important to stay on top of industry trends.
What I like about Cisco is that they provide a variety of options to maintain certification status. The list of continuing education options can be found here: Continuing Education - Cisco. For this post, I will be focusing on the Rev Up to Recert program where courses are made available for free on Cisco U for a limited time and CE credits will be awarded upon course completion.
What is Splunk and why should I learn it?
Splunk is one of the leading Security Information and Event Management (SIEM) solutions. It is a platform that allows organisations to collect, store, and visualize large quantities of logs and events in real-time. It enables cybersecurity analysts to quickly detect, investigate and respond to incidents across the entire enterprise. So learning about SIEM is highly beneficial for blue teamers.
Source: Splunk.com
Course highlight: Ransomware Investigation
The course started with the core components of Splunk and expanded into modern SOC tools such as Security Orchestration, Automation, and Response (SOAR) and Extended Detection and Response (XDR). It then delves into integration with various Cisco security products such as ISE, Duo, Secure Firewall, etc.
The course content was high-quality and coupled with realistic hands-on labs. At the end of each module, there was a quiz to test for understanding with a passing score of 80%. As expected from Cisco, these quiz questions were quite tricky and you really had to work through the labs to answer them correctly.
I especially enjoyed the ransomware exercise where I got to trigger an actual ransomware on a target and use Splunk to investigate the incident.
Simulated phishing email with malicious attachment
Files getting encrypted on the target
Ransom note after encryption
Investigating the malware event in Splunk
Correlating a malicious file across the environment
It was a great hands-on experience that allowed me to apply what I had learned in a realistic scenario.
Review and takeaways
The Cisco Rev Up to Recert program is a great way to maintain your Cisco certifications and keep your skills up to date. Upon completion of the course, my CCNA certification was renewed almost immediately. I also received a badge of completion on credly, which is a great way to showcase my new skills.
As the materials and exercises were really substantial, I would advise setting aside sufficient time for your learning. The number of CE credits is a good gauge of the hours required to complete the course.
If you are keen to try it out, you can follow the Rev Up to Recert community and keep an eye out for the latest free courses there!