Micronics Zero to Hero Security Review

Disclaimer: As with all my reviews, I have not received any compensation or special benefits to write this. I don't write reviews unless I really enjoy the material and would like to endorse it because I found it to be great material.


I wanted to write up a review of my experience with Micronics Learning Z2H Security class. A lot of folks have asked me both on Twitter and on forums about it. I was lucky enough to attend the first class they had late in 2015 and it was honestly one of the best uses of my money for training that I've ever spent. If you're looking for CCIE Security v5 training or just Cisco security training in general, this is probably the best class on the market to get it. Since they are a Cisco Learning Partner, they do accept Cisco Learning Credits definitely can help if you have an employer that will only purchase training with learning credits.

The format of the class is different from typical bootcamps. Instead of being crammed into a class for 7-10 days, the training is conducted over 4 months via Webex. The classes are held on Saturdays live but if you aren't able to attend the training live, the webex recording is sent to you after it's completed.

The trainer isn't Narbik himself but a gentleman named Piotr who has been working deploying all this technology for years. This guy wasn't just some powerpoint reader by any means - in fact, I don't recall him ever using powerpoints at all during the training class. He was 100% whiteboarding all the concepts and working his way through the configuration after he explained the theory to us. Over the course of the 16 weeks, we asked him all sorts of questions and I don't think anyone stumped him once. The great  thing about having a professional teaching us who has so much daily hands on with the technology is that we had someone who would speak from a deployment point of view and give us best practices which was great. I've attended a lot of bootcamps and training in the past and one of the hardest things to work with is an instructor who have never touched the technology - I call them "professional powerpoint readers." Piotr was definitely not one of those. 

The only prerequisite for the class is that you have at least a CCNA R&S. It's definitely fair to expect that and Piotr doesn't hold back on details or slows the class down but it's certainly digestible for someone to follow along to. There were times in the class where I needed to rewatch the video because he gave us a LOT of content but I'd rather get too much information than too little. Also the beauty of having the class recorded is that you can go back at any time and rewatch the class. My method of staying up to day in the class was rewatching an hour a night of the class during the week and taking notes. By the end of the Z2H class, I had almost 500 pages of typed notes of nothing by straight awesome content (pictured below).


During the 16 weeks, we all had access to our own dedicated pods so we had 16 weeks of rack rentals 24/7. The topology the instructor gave each of our pods is screencaptured below. 

The awesome part about the above topology is that we were configuring the newest and greatest technology. When I was in the class, it was before the CCIE Security v5 blueprint had been announced and before ISE 2.1 had been released so we were using ISE 2.0, Firepower 6.0, etc. Subsequent classes after mine are using ISE 2.1, Firepower 6.1, etc and following the CCIE Security v5 blueprint as closely as possible. 

You also get four lab workbooks as part of the class: 

  • Mastering ASA Workbook
  • CCIE Security v4 Vol 1
  • CCIE Security v4 Vol 2
  • CCIE Security v4 Vol 3
  • Firepower workbook 

At the time of my class, there was no CCIE Security v5 yet. I suspect the v4 workbooks will be updated eventually to bring them to v5 but in reality, a lot of the same exercises can be practiced with newer versions of the software as well. 

So basically what you get from the class which costs approx $3,899 is the following:

  • 16 weeks of training sessions once a week 
  • Instructor answering your email in between classes 
  • 16 weeks of a dedicated pod to lab 24/7 with 
  • Thousands of pages of lab workbooks
  • Recordings of the sessions 

I did a quick google search before I started writing and the closest comparable class is the CCIE Security Fundamentals which is a 7 day classroom bootcamp for $3,990 or a CCIE Security bootcamp which is another 7 days for $4,990. Not to bag on Micronics competition by any means but the Z2H Security class is definitely a steal for the price and everything you're getting with it. 

The last thing I will leave you with is the Outline for the class: 

Week 1

  • Class Introduction
  • LAB Topology
  • Class Agenda
  • Basic Student Assessment
  • Security Certification
  • Cisco Security Architecture
  • Network Security – ASA
  • Basic ASA Configuration
  • ASA Management
  • ASA Deployment Scenarios
  • ASA Traffic Flow

Week 2

  • Network Security – ASA
  • Dynamic Routing (RIP, OSPF, EIGRP, BGP)
  • NAT
  • Modular Policy Framework (Inspection Policy)
  • Virtual Firewall
  • Active/Active Failover
  • Transparent Firewall
  • Threat Detection & Botnet Traffic Filtering
  • QoS
  • ID Firewall
  • Firewall Clustering
  • PBR on ASA

Week 3

  • Network Security – Next Generation Firewall (NGFW)
  • Introduction to FirePOWER
  • FirePOWER on ASA
  • FirePOWER Traffic Flow
  • Device Management
  • Object Management
  • Access Control Policy
  • AD Integration

Week 4

  • Network Security – Next Generation Firewall (NGFW)
  • FireSIGHT Technology
  • File Detection and FireAMP
  • IPS Policy and Preprocessors
  • SSL Decryption
  • Correlation Policies
  • Event Analysis and Reporting

Week 5

  • Network Security – VPN
  • IPSec theory
  • PKI
  • VPN types and modes
  • Configuring Site-to-Site VPNs

Week 6

  • Network Security – VPN
  • EasyVPN for S2S VPN

Week 7

  • Network Security – VPN
  • IKEv2 theory
  • FlexVPN

Week 8

  • Network Security – Remote Access VPN
  • EasyVPN (DVTI)
  • SSL VPN theory
  • Clientless VPN

Week 9

  • Network Security – Remote Access VPN
  • Introduction to AnyConnect
  • Mobile User Security
  • VPN Load Balancing and HA

Week 10

  • Content Security – Web Security
  • Web proxy deployment modes
  • L4TM
  • User Identity & Authentication
  • Web Security Policies
  • URL Filtering
  • Bandwidth Control
  • Application Visibility & Control (AVC)
  • Content Security – Web Security
  • SSL Decryption
  • Outbound Data Security

Week 11

  • Content Security – Email Security
  • How SMTP works
  • SMTP Relay deployment
  • ESA Packet Flow
  • Reputation Filters
  • Message Filters
  • Anti-Spam & Anti-Virus
  • Content Security – Email Security
  • Content Filters
  • Outbreak Filters
  • Data Loss Prevention (DLP)
  • Email Encryption (CRES)

Week 12

  • Secure Access – AAA
  • Introducing to AAA
  • Setup AAA Clients
  • Using TACACS+ for Administrators
  • Using RADIUS for Network Access (802.1x)
  • Introducing to Cisco ISE
  • AD Integration
  • Configuring MAB

Week 13

  • Secure Access – AAA
  • Configuring Wired 802.1x
  • Configuring Wireless 802.1x
  • Guest Access
  • Device Profiling
  • BYOD & MDM
  • L2 Security

Week 14

  • Network Security – Routers
  • Router ACL
  • Configuring Zone-Based Firewall on Router
  • Router Hardening
  • Configuring NAT on Routers
  • NetFlow and Traffic Monitoring

Week 15

  • All-in-one LAB #1

Week 16

  • All-in-one LAB #2