CCNA Automation (exam code 200-901 CCNAAUTO) is the right choice if your career target involves network programmability, infrastructure automation, Python scripting, APIs, and building the tools that make networks run themselves. CCNA Cybersecurity (exam code 200-201 CCNACBR v1.2) is the right choice if your career target is security operations, SOC analysis, incident response, and defending organizations from cyber threats. Both cost $300, take 120 minutes, and launched their current forms on February 3, 2026 — but they open completely different career tracks, require different foundational skills, and lead to different CCNP paths.
Quick Comparison Table
| Factor | CCNA Automation | CCNA Cybersecurity |
| Exam code | 200-901 CCNAAUTO | 200-201 CCNACBR v1.2 |
| Previous name | DevNet Associate (DEVASC) | CyberOps Associate (CBROPS) |
| Renamed on | February 3, 2026 | February 3, 2026 |
| Cost | $300 USD | $300 USD |
| Duration | 120 minutes | 120 minutes |
| Questions | ~100 | ~95 |
| Passing score | Not published | Not published |
| Prerequisites enforced | None | None |
| Validity | 3 years | 3 years |
| CCNP track | CCNP Automation (AUTOCOR 350-901) | CCNP Cybersecurity (CBRCOR 350-201) |
| CCIE path | CCIE Automation | CCIE Cybersecurity |
| DoD 8570 compliance | No direct mapping | Yes — Cyber Defense Analyst, Cyber Defense Infrastructure Support |
| US salary range | $85,000-$130,000 | $80,000-$122,000 |
| Primary tools | Python, REST APIs, Ansible, Cisco platforms | SIEM, Wireshark, PCAP analysis, incident response tools |
The February 2026 Rebrand: What Actually Changed
Both CCNA Automation and CCNA Cybersecurity launched in their current form on February 3, 2026, as part of Cisco’s largest certification restructuring in over a decade. Understanding what changed versus what stayed the same is essential — many study materials available online still use the old exam names.
CCNA Automation (formerly DevNet Associate DEVASC)
The name change from DevNet Associate to CCNA Automation was not cosmetic. Cisco’s engineering team confirmed the exam content was substantially updated alongside the rebrand. The core shift: DevNet Associate was designed to turn network engineers into application developers. CCNA Automation is designed to turn network engineers into automation specialists.
Specific content changes:
- Python emphasis shifted from application development (Flask, Django) to operational automation scripts
- Cisco platform scope expanded to test automation across all eight major Cisco platforms simultaneously
- Infrastructure as Code content added: Ansible, Terraform, and GitOps workflows
- AI in automation content added: Catalyst Center AI analytics, AIOps concepts
- Exam code 200-901 stayed the same
All active DevNet Associate holders had their credentials automatically migrated to CCNA Automation on February 3, 2026. No retesting required.
CCNA Cybersecurity (formerly CyberOps Associate CBROPS)
The name change from CyberOps Associate to CCNA Cybersecurity was primarily a branding decision. Employers understood “CCNA” instantly but were often unsure where “CyberOps Associate” fit in the Cisco hierarchy.
Content changes (v1.2 update):
- AI applications in SOC monitoring added: AI-generated threat intelligence, automated detection and response, ML-powered anomaly detection
- Exam code 200-201 stayed the same
- All v1.1 content remains fully valid
All active CyberOps Associate holders were automatically migrated to CCNA Cybersecurity. No retesting required.
CCNA Automation: Full Domain Breakdown
Topic Area 1: Software Development and Design
- Python fundamentals: data types, control flow, functions, error handling
- Python for network automation: requests library, paramiko/netmiko for SSH, ncclient for NETCONF
- Data formats: JSON, XML, YAML — parsing and constructing each for Cisco APIs
- Version control: Git fundamentals, branching strategies, GitHub/GitLab for infrastructure-as-code
- Testing: unit testing automation scripts, test-driven development for infrastructure changes
- Linux fundamentals: file system, command line, shell scripting for automation environments
Topic Area 2: Understanding and Using APIs
- REST API fundamentals: HTTP methods (GET, POST, PUT, DELETE, PATCH), status codes, authentication (basic auth, token auth, OAuth 2.0)
- Cisco DNA Center / Catalyst Center API: intent API, device management, network hierarchy
- Cisco ACI APIC REST API: managed object model, querying and modifying ACI objects programmatically
- Cisco Meraki Dashboard API: organization, network, and device management through REST
- Cisco IOS XE RESTCONF: YANG model querying, configuration management, operational data
- WebSocket and streaming APIs: event-driven automation using webhooks
Topic Area 3: Cisco Platform Programmability
All eight Cisco platforms are tested. Candidates must know the API style, authentication method, and key automation use case for each.
| Platform | API type | Key automation use case |
| Cisco IOS XE | NETCONF/YANG, RESTCONF, gNMI | Configuration and operational state management |
| Cisco NX-OS | NX-API REST, NX-API CLI | Data center fabric automation |
| Cisco ACI | APIC REST API | Policy-driven data center automation |
| Cisco Meraki | Dashboard REST API | Cloud-managed branch and campus automation |
| Cisco Catalyst Center | Intent REST API | Enterprise campus network automation |
| Cisco SD-WAN (vManage) | vManage REST API | SD-WAN policy and device management |
| Cisco ISE | ERS API, pxGrid | Identity and access policy automation |
| Webex | REST API | Collaboration integration and ChatOps |
Topic Area 4: Application Deployment and Security
- CI/CD pipeline concepts: how network automation changes are validated and deployed automatically
- Container basics: Docker fundamentals, containerizing automation tools
- Infrastructure as Code: Ansible for network automation — playbooks, roles, Cisco modules. Terraform for network resources.
- Automation security: securing API credentials, secrets management, principle of least privilege for service accounts
- Application hosting: IOx on IOS XE, Docker on Catalyst Center
Topic Area 5: Network Fundamentals for Automation
- OSI model and TCP/IP: context for what you are automating
- Networking protocols: OSPF, BGP at conceptual level for programmatic configuration
- Network management protocols: SNMP, NETCONF, RESTCONF, gNMI, model-driven telemetry
- SD-WAN and SDN concepts: software-defined networking principles driving modern automation architecture
CCNA Cybersecurity: Full Domain Breakdown
Cisco publishes approximate domain weights for CCNACBR 200-201.
| Domain | Weight | What it covers |
| 1. Security Concepts | 22% | CIA triad, cryptography basics, vulnerability types, MITRE ATT&CK, AI in security ops |
| 2. Security Monitoring | 25% | SIEM, log analysis, NetFlow, DNS analysis, alert correlation, AI-assisted monitoring |
| 3. Host-Based Analysis | 20% | Windows/Linux artifacts, memory analysis, EDR telemetry, malware indicators |
| 4. Network Intrusion Analysis | 26% | Wireshark PCAP analysis, IDS/IPS alerts, protocol-level attack recognition |
| 5. Security Policies and Procedures | 7% | NIST incident response lifecycle, CSIRT structure, SOC operations, compliance basics |
Domain 1: Security Concepts (22%)
- CIA Triad and how security controls address each pillar
- Access control types: DAC, MAC, RBAC, ABAC with real examples
- Cryptography: symmetric vs asymmetric, hash functions, digital signatures, PKI
- Common vulnerability types: buffer overflow, SQL injection, XSS, race conditions
- Defense-in-depth: layered security architecture
- MITRE ATT&CK framework: mapping TTPs to the ATT&CK matrix for threat intelligence
- AI in security operations (v1.2 addition): UEBA, ML-based anomaly detection, AI-powered threat detection in SOC workflows
Domain 2: Security Monitoring (25%)
The heaviest domain and the most directly tied to real SOC analyst daily work.
- SIEM tools: Splunk, Microsoft Sentinel, QRadar — how they collect, correlate, and alert on security events
- Log analysis: Windows event logs, Linux syslog, application logs, firewall logs, IDS/IPS logs
- NetFlow and IPFIX: flow data analysis for lateral movement, data exfiltration, C2 detection
- DNS log analysis: DGA detection, DNS tunneling identification, malicious DNS query patterns
- HTTP/HTTPS traffic analysis: C2 beaconing patterns, user agent anomalies, data exfiltration via HTTP
- Alert correlation: how multiple low-severity events combine to indicate high-severity incidents
- AI-assisted monitoring (v1.2 addition): ML model behavior and how it complements rule-based detection
Critical Windows Event IDs for security monitoring:
| Event ID | Meaning | Security relevance |
| 4624 | Successful logon | Baseline and anomaly detection |
| 4625 | Failed logon | Brute force detection |
| 4688 | Process creation | Execution monitoring |
| 4698/4702 | Scheduled task created/modified | Persistence detection |
| 7045 | New service installed | Malware persistence |
| 4720 | User account created | Unauthorized account creation |
| 4732 | User added to security group | Privilege escalation detection |
Domain 3: Host-Based Analysis (20%)
- Windows forensic artifacts: registry run keys, prefetch files, LNK files, ShellBags
- Linux forensic artifacts: bash history, /var/log/auth.log, crontab, systemd service files
- Memory analysis concepts: volatile data, why memory matters for forensics, malware in-memory indicators
- EDR telemetry: how endpoint detection and response tools generate alerts and what analysts triage
- Malware indicators: persistence mechanisms, process injection, LOLBins (living-off-the-land binaries), defense evasion
Domain 4: Network Intrusion Analysis (26%)
The second heaviest domain and the most hands-on. PCAP analysis cannot be learned from reading alone.
- Wireshark proficiency: display filters, TCP stream following, protocol dissection, expert information
- PCAP analysis scenarios: port scans, brute force, exploit attempts, C2 beaconing, data exfiltration
- IDS/IPS alert interpretation: Snort/Suricata rule structure, alert severity, false positive assessment
- Protocol-level attack recognition in packet data: ARP poisoning, DHCP starvation, SYN floods, DNS poisoning
- Firewall log analysis: ASA/Firepower/iptables log formats, identifying permitted and blocked anomalies
- Alert triage process: true positive vs false positive determination, escalation criteria, documentation
Domain 5: Security Policies and Procedures (7%)
- NIST SP 800-61 incident response: Preparation, Detection and Analysis, Containment, Eradication, Recovery, Post-Incident
- CSIRT structure: roles, responsibilities, escalation paths within a security team
- SOC Tier model: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting) and escalation criteria
- Evidence handling: chain of custody, documentation for legal proceedings
- Regulatory compliance basics: GDPR, HIPAA, PCI-DSS notification requirements after incidents
Career Paths: Where Each Track Leads
CCNA Automation Career Path
| Stage | Roles | US Salary Range |
| Entry with CCNA Automation | Network Automation Engineer I, Junior NetDevOps | $70,000-$90,000 |
| Mid-career 2-5 years | Network Automation Engineer, Platform Engineer | $95,000-$130,000 |
| Senior with CCNP Automation | Senior Automation Engineer, NetDevOps Lead | $120,000-$160,000 |
| Expert with CCIE Automation | Principal Automation Architect, Staff Infrastructure Engineer | $150,000-$200,000+ |
CCNA Cybersecurity Career Path
| Stage | Roles | US Salary Range |
| Entry with CCNA Cybersecurity | SOC Analyst Tier 1, Security Analyst | $60,000-$85,000 |
| Mid-career 2-4 years | SOC Analyst Tier 2, Incident Responder | $85,000-$110,000 |
| Senior with CCNP Cybersecurity | Threat Hunter, Senior Incident Responder | $110,000-$145,000 |
| Advanced roles | SOC Team Lead, Threat Intelligence Analyst | $120,000-$160,000 |
ZipRecruiter April 2026 data: national average SOC analyst salary is $122,108 with entry-level roles typically $80,000 to $100,000. ISC2’s 2024 Workforce Study identified a global cybersecurity staffing shortfall of 4.7 million professionals, creating strong entry-level demand.
DoD 8570 / 8140 Compliance
| DoD 8570 role | CCNA Automation | CCNA Cybersecurity |
| Cyber Defense Analyst | No | Yes |
| Cyber Defense Infrastructure Support Specialist | No | Yes |
| IAT Level I, II, III | No | No (Security+ for IAT) |
CCNA Cybersecurity maps to US DoD Cyber Defense Analyst and Cyber Defense Infrastructure Support Specialist roles. This DoD alignment makes it a mandatory or strongly preferred credential for many government and defense contractor security operations positions.
Foundational Skills Required
| Prerequisite | CCNA Automation | CCNA Cybersecurity |
| Networking fundamentals | Helpful | Required (PCAP analysis demands TCP/IP fluency) |
| Linux command line | Required | Helpful |
| Python programming | Required | Not required |
| Security concepts | Helpful | Required (Domain 1 is foundational) |
| CCNA 200-301 first? | Strongly recommended | Strongly recommended |
The CCNP Tracks That Follow
| Factor | CCNP Automation | CCNP Cybersecurity |
| Core exam | AUTOCOR 350-901 | CBRCOR 350-201 |
| Core exam cost | $400 | $400 |
| Concentration options | ENAUTO, DCNAUTO, SPAUTO, CLAUTO | CBRFIR (Forensics and Incident Response) |
| CCIE path | CCIE Automation | CCIE Cybersecurity |
| What CCNP validates | Automation system design, AI in automation, multi-platform orchestration | Advanced threat hunting, digital forensics, incident response |
Which Should You Take: Decision Table
| Your situation | Right choice |
| You code Python and want to automate networks | CCNA Automation |
| You work in a SOC or want to work in one | CCNA Cybersecurity |
| You want to move from network admin into security ops | CCNA Cybersecurity |
| You want to move from network admin into automation | CCNA Automation |
| Targeting DoD/government security operations roles | CCNA Cybersecurity (DoD 8570 aligned) |
| Interested in building tools, not just using them | CCNA Automation |
| Prefer defensive/blue team work | CCNA Cybersecurity |
| Prefer infrastructure engineering work | CCNA Automation |
| Unsure which to take | CCNA 200-301 first, then decide based on your job |
FAQs
What is the difference between CCNA Automation and CCNA Cybersecurity?
CCNA Automation (200-901) validates network automation skills: Python, REST APIs, Ansible, and programming across 8 Cisco platforms. CCNA Cybersecurity (200-201) validates security operations skills: SIEM monitoring, PCAP analysis, host-based forensics, and incident response. Both cost $300 and take 120 minutes but open completely different career tracks.
What were these certifications called before February 2026?
CCNA Automation was called DevNet Associate (DEVASC). CCNA Cybersecurity was called CyberOps Associate (CBROPS). Both were rebranded on February 3, 2026. Active holders were automatically migrated — no retesting required.
Is CCNA 200-301 required before CCNA Automation or CCNA Cybersecurity?
No prerequisites are enforced by Cisco. However, CCNA-level networking knowledge is assumed by both specialization exams. CCNA 200-301 first is strongly recommended by the Cisco community and reduces preparation difficulty significantly.
Which pays more, CCNA Automation or CCNA Cybersecurity?
CCNA Automation leads to higher salaries at mid and senior levels due to the supply gap for network automation engineers ($95K-$130K entry to mid). CCNA Cybersecurity entry SOC roles average $80K-$100K. Both escalate significantly with CCNP credentials.
Does CCNA Cybersecurity satisfy DoD 8570 requirements?
Yes. 200-201 CCNACBR is DoD 8570 approved for Cyber Defense Analyst and Cyber Defense Infrastructure Support Specialist roles. CCNA Automation has no DoD 8570 mapping.
What changed in CCNA Cybersecurity v1.2?
The v1.2 update (February 3, 2026) added AI applications in SOC monitoring: AI-powered threat detection, automated detection and response, ML-based anomaly detection, and UEBA. All v1.1 content remains fully valid.
What is new in CCNA Automation compared to DevNet Associate?
The rebrand included substantial content changes: Python shifted from application development to operational automation, platform scope expanded to all 8 Cisco platforms simultaneously, Ansible and Terraform for IaC added, and AI in automation content (Catalyst Center AI analytics, AIOps) added throughout.
What jobs does CCNA Automation lead to?
Network Automation Engineer, Platform Engineer, NetDevOps Engineer, Infrastructure Engineer, and eventually Senior Automation Architect. Roles involve building and maintaining the automation systems that configure, monitor, and manage network infrastructure programmatically.
What jobs does CCNA Cybersecurity lead to?
SOC Analyst (Tier 1 and Tier 2), Incident Responder, Cyber Defense Analyst (DoD), Threat Analyst, and Cyber Defense Infrastructure Support Specialist. Roles involve monitoring networks for threats, analyzing events, and responding to incidents.
Can I take both CCNA Automation and CCNA Cybersecurity?
Yes. The combination is powerful for engineers building toward NetDevSecOps roles — automation skills make security operations more efficient, and security knowledge makes automation engineers more effective at building secure pipelines. Many senior engineers pursue both over time.