Posts Cisco's Introduction to Cybersecurity: A Review
Post
Cancel

Cisco's Introduction to Cybersecurity: A Review

In this post I will give you my review of the free Introduction to Cybersecurity course from Cisco by Jackson Smith.


Context

I’d heard some good things about this course, and since I’m on a roll reviewing free cybersecurity resources I thought it would fit right in! It’s a beginner course so I wasn’t sure I was going to learn much, but this way I’ll be able to validate whether or not it has a place in the beginners section of my resources page. I’ve also heard something about exam vouchers..

First impressions

Initially I wasn’t at home in the Cisco Network Academy environment, but the good (textual and sometimes graphical) content, relevant labs and engaging quizzes of the first chapter made it easy to keep going.

Look and Feel

The platform feels a bit clunky.

You’ll need to register twice and pass through the login pages multiple times before getting to the course. Then, after registration is complete, you’ll be asked for even more of personal information to complete your profile. This last questionnaire is not mandatory to continue on to the course, but you will have to ‘complete your profile’ to get your Certificate of Completion.

Besides the excessive login page exposure, the ‘flow’ to get to the course content is also very roundabout.
You need to:

  • Launch a chapter to get to the page with a link to the slideshow.
  • Press Launch chapter again, which opens another page with the actual slideshow hosted as an AWS resource.
    • Note that this resource is served over HTTP, while support for HTTPS is available1.
  • Then you need to ‘Click any image to begin’ the actual slideshow.
    • Additional ‘lab’ content is also provided through links to other AWS resources.

Perhaps it feels this clunky because they’ve tried to allow for many different kinds of media to be embedded in that first page you are presented with. You’ll for example be greeted with embedded interactive flashcards later on.

Content

The first thing to note is that the learning content is text with (most of the time) some barely relevant advertising image next to it. Actually the image is aligned centrally of the screen and takes up more space than the text as if the text is only a secondary element. Sometime these mostly rather boring and irrelevant images are replaced with a nice picture or animation which explains an important concept also described in the text.

Luckily they provided a vertical ‘…’ button which, when pressed, expands the text over the image so you don’t need to scroll anymore. This really improves the reading experience.

At first glance, the written content is actually pretty good. They provide you with the basics and put a nice number of real life examples in there too. Starting out, this is being an enjoyable read even though most of it is repetition for me.

The lab content seems focused on Windows users, but they still do a good job of guiding you through some relevant beginner tasks.

Their first Quiz is also pretty engaging, not what I would’ve expected but rather well executed with reviews to elaborate on the correct answers.

There’s even these small tasks you’ll unexpectedly be presented with while going through the slides. You can just skip them and go to the next slide of course, but they offer yet another way to practice the stuff you just learned to make it stick better2.

You’ll also be able to use flashcards before each quiz to practice the subjects discussed in the previous courseware. If flashcards aren’t for you, they provide the option to switch to different modes of testing your knowledge, like matching words or timed games. They use Quizlet for this, which works quite nice. The cookie permission pop-up does get annoying over time though.

A Good Balance

This course strikes a good balance between technical detail (and accuracy!) and being approachable by beginners. It also keeps its content relevant to your business and personal life.

Included in this balance is their self-promotion, they only barely ever mention their Cisco products and if they do it’s mostly relevant and can be excused. Although the later sections are hit a bit harder with the Cisco references, the majority of the course is clean. I had honestly expected much worse from a free course3.

The content is also very broad and varied. It also touches on the legal and ethical issues involved in cybersecurity. Not that the course goes in a deep-dive about the subject, but it gives you a feel and makes you think about the ethics involved, which is way more than some other courses out there. Very nice to see it included.

Scoring & Practice

This good balance is again repeated in how they score their students and make them practice their newfound knowledge throughout the course. You’ll be provided with both voluntary but interesting labs and some mandatory tests to actually check how well you understood the material.

One point of critique is that you can both see the correct answers while reviewing your test and retake the test to improve your score. I don’t understand why these kind of courses make it so easy to cheat their tests.. In this course specifically you get a whole explanation about the correct answer, which would’ve been great feedback to those who made a mistake. But then at the bottom they still just reveal the correct answer explicitly.. Why??

I suppose it doesn’t matter all that much since the course has a final exam, in which you can’t cheat as easily. Or at least there’s some reward at getting it right the first time around.

Conclusion

This is a good introduction to cybersecurity for a complete rookie. It is engaging, well balanced and well written. The author makes many excellent recommendations (SANS for training, NIST for guidelines & security best practices and countless others) and serves you with technically correct content (99.99% of the time) whilst remaining understandable and natural. I could only dream of a world in which every executive took a few hours to get through this and understand the basics of cybersecurity. It would hugely benefit both their professional and personal lives, it would genuinely make the world a better place. But let’s get back to reality..

This course is truly open for everyone who wants to learn the basics of cybersecurity, I recommend it to any absolute beginner interested in the field.

My Takeaways

I did manage to learn a thing or two. Besides the educational tricks they used, I also got to know the following:

  • A new term: Man-In-The-Mobile (MitMo), an attack on smartphones focused on exfiltrating sensitive information like 2FA text messages.
    • ZeuS had this kind capability, once it infected a smartphone.
  • SEO poisoning, I knew about the concept but now It’s got a name.
  • Interesting blended attacks like issuing a DDoS on a store, then sending phishing mails to their customers with an apology for the downtime.
    • Due to the importance of social engineering/phishing to get an initial foothold, making these kinds of combinations can probably prove rather effective. How would you detect something like this?
  • It referred to the KRACK attack on WPA2, making me read up on the rather interesting wireless attack although not very practical anymore.
  • I learned some things I won’t be divulging here, since they originate from my mistakes on the quizzes and final exam of the course.
    • My final exam grade (95.2%) also nicely stroked my ego, another great takeaway as well!

Thanks Cisco, for the great course, the confidence boost and the voucher!

Another something worth mentioning: for those who complete this course’s final exam with a 75% or higher on the first try get a discount voucher for a Cisco certification exam. A very nice move of Cisco!

Footnote

  1. I notified the creator of the course about this and will update this statement when he changes anything because of it. 

  2. Or it might very well be that they put this in there so you would enable HTML5 canvas image data access to uniquely identify your browser, or those of some crooks using the slides by visiting the link directly. (IDOR alert!) 

  3. I guess the personal data we offer in registration is enough to fund this course’s operation. ;) 

This post is licensed under CC BY 4.0 by the author.
Hell is empty and all the devils are here.
-WS