In my previous life as a sysadmin, I always found the topic of security a fascinating one. All those different layers to protect whilst maintaining usability was certainly a challenge. Back then, I earned myself an MCSE 2003 and opted to specialise on the security track. This meant doing an extra exam and I decided to go for the external CompTIA Security+ to give myself a different perspective.
When I began the migration to becoming a network engineer, I was already working on PIX and ASA platforms for basic tasks such as ACLs. I quickly realised that continuing my security based knowledge quest made perfect sense and so always had the CCNP Security certification on my roadmap once I had the routing and switching covered. The fact that about 90% of my day-to-day work involves working on ASAs makes this a no brainer.
The CCNA Security is a prerequisite for the CCNP Security and it made sense to get that one done first. I used the same three methods for learning that I have used for almost all of my IT career exams:
The book I opted for was the Cisco Press Official Cert Guide for the 640-554 exam. This book has been co-authored by Keith Barker and Scott Morris. I found almost every one of the 22 chapters a breeze to read through thanks to the easy writing style and well laid out topics. At about 600 pages divided over 22 chapters, it was finished much quicker than I had initially anticipated. In addition to the book, I would also visit Cisco’s site to review their documentation on the various topics being covered and download various PDFs for review.
For the videos, I used the CBTNuggets video series by Jeremy Cioara. Unfortunately, the latest exam videos are not available yet and so I had to watch the 640-553 series but this is an otherwise very good series. For those not familiar with Jeremy’s training, I heartily recommend you try him out. He is a proper geek that ‘totally’ digs what he does.
The most important part of learning for me, whether it is for an exam or just learning a new feature or technology, has always been the hands on labbing. This is where the rubber meets the road and I quite often learn things outside the scope of the both the books and the videos, which lends itself to a far more rounded understanding.
Turn up early for exam
The exam itself was an interesting experience. I initially turned up very early without realising it. I gave the woman in the test centre my name and she advised me that she didn’t have me listed for an exam. I got my phone out to check the confirmation email and immediately spotted that I was exactly one week early for my exam. Plonker! I pleaded with her to find me another spot but she said that all workstations were booked for the day. Funny looking back at it now, not amusing at all on the day. I could not be bothered waiting another seven days. I have a rough schedule for achieving my CCNP Security and I didn’t want to lose a week so I rescheduled for the Friday, the earliest spot I could get. I had done the test questions that came with the book. Each exam was 60 questions. I’ll just say I was a little surprised when I loaded up the real exam. In the four days between the Monday and Friday, I had started on the Cisco Press exam guide for the SECURE exam and was thankful but a little surprised when a topic covered in that book appeared in this exam.
My overall experience of the CCNA Security has been very positive. It covers a fair amount of material, although perhaps not in too much depth (this is where the CCNP Security comes in). Some of it will be revision for those of you who are CCNA certified but there is also a lot of new topics being covered e.g. zone based firewall, IPS. Let’s not also forget that with the latest version of the exam, the SDM has been banished in favour of Cisco Configuration Professional (CCP). This is an improvement for sure, but I still think it’s way behind where it should be, albeit as a free management GUI.
I now have four professional level exams to now begin studying for to attain the CCNP Security. My next goal is the SECURE exam (642-637) and I’ll be applying the same three-step process as above except I’ll be using INE video training in addition to CBTNuggets and doing far more hands on labbing.
As I stated at the beginning of this post, I’ve always been interested in the topic of security. It’s so much more than just the glorified image of a hacker sat in a darkened room trying to break in to a top-secret system, or the endless tales of social engineers using their unique skills to get the information they want. The day-to-day tasks of creating site to site VPNs, amending ACLs, creating class maps and tying them in with policy maps, configuring remote access VPN policies; all of these feel like pieces of a big puzzle and its my job to solve them. I find it both challenging and rewarding beyond the satisfaction of working on networking kit in general.
I’m already looking down the road of my career to decide if I want to specialise in security or keep my skill set a little broader. Time will tell. I am just going to enjoy the CCNP Security journey as it happens for now and soak up as much knowledge as I can.
Till the next time.