On 10 August 2020, I took and passed the Automating Cisco Security Solutions (SAUTO) exam on my first attempt. In February of the same year, I passed DEVASC, DEVCOR, and ENAUTO to earn both the CCDevA and CCDevP certifications. You might be wondering why I decided to take another concentration exam. I won’t use this blog to talk about myself too much, but know this: learning is a life-long journey that doesn’t end when you earn your degree, certification, or other victory trinket. I saw SAUTO as an opportunity to challenge myself by leaving my “comfort zone” … and trust me, it was very difficult.
One of the hardest aspects of SAUTO is that it encompasses 12 different APIs spread across an enormous collection of products covering the full spectrum of cyber defense. Learning any new API is difficult as you’ll have to familiarize yourself with new API documentations, authentication/authorization schemes, request/response formats, and various other product nuances. For that reason along, the scope of SAUTO when compared to ENAUTO makes it a formidable exam.
Network automation skills are less relevant in this exam than in DEVASC, DEVCOR, or ENAUTO, as they only account for 10% of the exam at most. The remaining 90% is divided roughly equally between network (35%), endpoint (30%), and cloud (25%) security categories. Like the other DevNet exams, the questions represented a good sampling of blueprint topics relative to their weights and the time limit was appropriate. I also took the exam remotely, which was a fun experience.
I said this in my ENAUTO blog, so I won’t be too repetitive, but you really need DevNet Associate level skills before attempting this exam. I’d also recommend at least 3 years of programming experience and a strong understanding of Python. Any existing security automation skills you have, using ANY product (even non-Cisco), is also beneficial.
In terms of study strategy and areas of focus, my advice is largely similar to ENAUTO:
- Get familiar with all available APIs and programmatic capabilities of each product. Some products, like Cisco ISE, have multiple APIs that exhibit completely different behavior (ERS vs. pxGrid). Other product families, like Stealthwatch, contain multiple products (Enterprise vs. Cloud). These are completely different technical solutions and thus have completely different APIs.
- Perform complex API interactions. The blueprint often requires you to make changes to devices, like managing a complex Firepower policy, configuring/processing Stealthwatch alerts, and collecting security telemetry from ISE pxGrid. These are non-trivial tasks that often require hundreds of lines of code. You’ll want to rely heavily on sandboxes and API documentation. Be warned that many products, such as Cisco AMP, ThreatGrid, Stealthwatch Cloud, and Umbrella Investigate do not have sandboxes available in DevNet or dCloud, so you’ll need to find alternative means of testing these products/services.
To help you study, I’ve published a 4 course SAUTO series on Pluralsight. The first course is common to all specialist exams and is carried over from ENAUTO, covering network provisioning, automation, and telemetry techniques. The remaining 3 courses cover network, endpoint, and security management solutions, in that order. You can watch the video for context or go straight to the plan to begin your journey. I’ve also created free Postman collections for all in-scope security products here, which are 100% free. As always, feel free to ping me on twitter @nickrusso42518. I’m happy to help!