CCNA Sec before CCNP

SeekBytes

Hello gents.

I am trying to knock down the CCNA Sec for mid-August in order to make the CV a little bit more round and to start to apply for work.

Currently I just finshed Comptia A+ and CCNA R/S. I would like to learn more about ASA, Encryption, VPN and TACAS in order to not to look stupid at job interviews and also to review my CCNA skills.

Is the CCNA Sec a good certs to learn this skills or as many people say I will find most of these topics during the CCNP?

Any feedback is very welcome.

SeekBytes

I forgot to ask you about the preparation material.

So far I got the followings:

- Official Cisco Book 640-554; Keith Barker and Scott Morris
- Chris Bryant CCNA Security Bootcamp.

I was wondering if is going to be enough to pass the exam. I saw on CiscoPress site that Keith Barker has recorded a video training bundle for the exam (LiveLessons CCNA Security) and I was wondering if it's worth to purchase it to fill any gap.

I look forward to hearing from you.

Kind Regards.

quickman007

Are you trying to get into security? If so go for the CCNA Sec. Are you going for the CCNP R/S? If so there's no reason to get the CCNA Sec beforehand. They're two seperate tracks. I can't see you looking stupid in an interview unless you're apply for security positions and you have no security experience. Start applying for junior network engineer positions now, no reason to wait.

Hondabuff

After doing the CCNP, I came back around to doing the CCNA Security and here are my thoughts after reading the book and doing the CBT nuggets.

1) CCNA Security is nothing like Security+ but is more Cisco best practices against common threats and learning about Cisco's hardware features.
2) Cisco ACS Server is a must for Tacacs and I really made great strides at work but setting one up and using 2 different privilege levels. Priv15 for Admins and Priv 7 for NOC employees to do some basic show commands.
3) The VPN method they teach with crypto maps is legacy and now everyone uses VTI or flex vpns. There are still a ton of IPsec vpns with crypto maps so you better know it.
4) Locking down a switch is basic in CCNA:S and you will learn a ton more in CCNP Switch.
5) The firewall section is basic and if you are handed an ASA to install at work, you will fail. Nothing like the IOS on a router and should have its own course.
6) Security+ is better if you want to go into CISSP or that route. CCNA:S teaches you how to harden your Cisco network.
7) I think having CCNA Security is about 40% from the CCNP Switch material, About 0% from Route.
8 ) If you are doing CCNA:S, Take a peek at CCNP SIMOS course to get a more in depth look at VPN's.
9) I like the cbt nuggets CCNA:S but the Bryant videos has some good "real world" tid bits.
10) I watched the videos and read the book for CCNA:S in 2 weeks so its not that deep. CCNP took me a year if that gives you a better perspective.

SeekBytes

Hello Quick, thank you for replying. I am trying to be more prepared for the real world. Most of the job ads ask for CCNA, but the requirements go well beyond. I wanted to dig more into ACL, IPSEC, GRE, ASA, ACS, Tacas and security best practices. I hope it will help me to become a stronger (aspiring) network engineer, even though the CCNP is still the one to knock down.

SeekBytes

Hei HondaBuff, great achievements yours.

Do you think that the actual study material is going to be enough? Should I add the CBT Nuggets series as well?

Kind Regards.

Hondabuff

SeekBytes wrote: »

Hei HondaBuff, great achievements yours.

Do you think that the actual study material is going to be enough? Should I add the CBT Nuggets series as well?

Kind Regards.

I liked the CBT since Keith Barker also wrote the Cisco Press book. I actually like his style over Jeremy Ciora's or Chris Bryants. He doesn't go off on tangents as much.

TechGuru80

I liked the CBT Nuggets combined with the OCG. Honestly the test is somewhat of a challenge because the passing score is quite high compared to the CCNA:R&S for example.

SeekBytes

TechGuru80 wrote: »

I liked the CBT Nuggets combined with the OCG. Honestly the test is somewhat of a challenge because the passing score is quite high compared to the CCNA:R&S for example.

I am surprised because Jeremy Cioara said that the CCNA/CCNP sec are easier compared to the R/S track.

Cat5

Not to get off on a tangent, but I think it would be a good idea to also grab a Checkpoint Firewall certification, like the CCSA, before moving on to the CCNP. I see lots and lots of employers asking for Checkpoint Firewall knowledge/experience (and no one, incidentally, asking specifically for CCNP-Security certification). One could get this Checkpoint cert in a much shorter period of time, and it would look fantastic to an employer on one's resume. Then spend a year+ pursuing the CCNP-Security.

TechGuru80

SeekBytes wrote: »

I am surprised because Jeremy Cioara said that the CCNA/CCNP sec are easier compared to the R/S track.

Yeah it seems that a lot of people take it multiple times before they pass. I personally was part of that group too and it was great relief when it said passed. I think that's why they change the passing score because a lot of the material is easier to grasp in a lot of cases but you have little room for error.

SeekBytes

TechGuru80 wrote: »

Yeah it seems that a lot of people take it multiple times before they pass. I personally was part of that group too and it was great relief when it said passed. I think that's why they change the passing score because a lot of the material is easier to grasp in a lot of cases but you have little room for error.

Thank you for your reply. I have just finished to review the R/S, so from tomorrow I will be focused on the CCNA Sec.

Good luck to me.

SeekBytes

Cat5 wrote: »

Not to get off on a tangent, but I think it would be a good idea to also grab a Checkpoint Firewall certification, like the CCSA, before moving on to the CCNP. I see lots and lots of employers asking for Checkpoint Firewall knowledge/experience (and no one, incidentally, asking specifically for CCNP-Security certification). One could get this Checkpoint cert in a much shorter period of time, and it would look fantastic to an employer on one's resume. Then spend a year+ pursuing the CCNP-Security.

I agree with you. It seems that many job ads ask for the followings:

- Juniper Netscreen
- Palo Alto
- Checkpoint
- Cisco ASA

Just my two cents.

docrice

Firewalls fundamentally all operate the same. The CCNA Security will teach you the Cisco approach and it's not a bad exam, but it's reliance on having you learn GUI tools is something I found frustrating (when I took it, the emphasis of choice was the SDM which was more of an IOS firewall feature configurator ... and I've never seen it used a real working environment).

Juniper's NetScreen (old ScreenOS) or their SRX line, Palo Alto Networks (PAN-OS), Check Point, ASA, all have slightly different approaches when it comes to things like NATs, rule processing method, logging, VPN flexibility, etc.. This is much more apparent at the CLI. If you're comfortable with, say, ScreenOS, PanOS is somewhat familiar. The ASA is sort of unique in its own ways, but I think you probably won't learn much about it until you get to the CCNP: Security level.

I haven't kept up with the nuances of Cisco's security certification path, but overall I found the CCNA Security sort of lacking when it came to imparting real-world knowledge when I went through it five years ago. Things like AAA and TACACS+ (specifically, ACS which is now ISE) were given relatively cursory, if any, attention.

I'm under the impression that Cisco Press doesn't really make much effort in providing self-study books on their security path as aggressively as their routing/switch bread-and-butter.

SeekBytes

Hello Docrice, thank you for replying.

With your current Cv, are you employed as Security Analyst, Pen Tester or Network Sec Engineer?

If you could list down the certifications and the areas to work on in order to fit the role of a Network Security I would really appreciate.

Kind Regards.

docrice

My title is the latter, but the work is pretty much across the spectrum. The way I see it, doing "traditional" network security means knowing the ins and outs of network devices and hardening their security posture according to organization policy. This implies the typical vendor-related certification paths and maybe something like the GPPA and GCIA as a complement.

However, effective security is a different thing. I find that network security tends to be too focused on learning vendor devices rather than having a holistic understanding of the ecosystem. If you take intrusion detection for example, you need to know about systems (OS, applications, etc.) and not just networking. Otherwise you can't understand how things work in context, whether a flagged attack event is a false or not, or the underlying risk implications of that event. For this reason managing an IPS system without having some sysadmin experience generally means you might be reduced to treating an event-of-interest more blindly and relying on the descriptions by the vendor.

To me, being able to work effectively in security (overall) really comes down to having a sense of curiosity and learning the underlying mechanics further than what the vendor teaches you (TCP/IP, for example), being able to research and leverage knowledge resources, and with a nagging sense of urgency to keep things aligned and shiny. The certification and vendor training books may teach you some things, but bluntly put they fall short when it comes to making someone capable to do security. A lot of the on-the-job delivery relies on personal initiative and keeping up with infosec news daily to maintain situational awareness.

SpetsRepair

quickman007 wrote: »

Start applying for junior network engineer positions now, no reason to wait.

Without experience wouldn't it be hard to get hired for a position like that?

stryder144

The more junior level positions can be had without experience. Naturally, qualifications and luck definitely play a part in the hiring manager making the decision to hire someone without experience. Often times, for junior positions, qualifications get you through the HR filter and then it is up to whether or not your personality fits with the team. Come to think of it, it isn't just junior positions but all positions that require a great personality fit.

Sledge.

stryder144 wrote: »

Often times, for junior positions, qualifications get you through the HR filter and then it is up to whether or not your personality fits with the team. Come to think of it, it isn't just junior positions but all positions that require a great personality fit.

Very true.

I just got picked up for a gig that one of the 'interviews' was just sitting and chatting informally with the team. More and more employers are putting more emphasis on personality fit than ever. Lots of applicants, so you REALLY need to fit well with the team (especially if you are hoping to get hired in with little to no experience). That could literally make the difference in being hired or passed over. In my case, it actually did.

No one wants to hire a jerk who interviews well.

Regards,

Sledge

Smallguy

I agree as well

having sat across the desk on a few occasions and had the opportunity to interview several candidates we looked for the following.

1. general qualifications for the position either schooling, certifications, experience or a a combo of the 3

2. fit it the current team. This was big for us we tended to have a light work place atmosphere lots of joking around but also were able to get a tremendous amount of work completed. We would not have gelled well with someone really reserved.

3. intelligence or at least our perception of how bright we felt someone was and if they would learn well on the job. Fro us it was important to have someone who could take the knowledge they had an apply it on new products and learn on the fly.

but all qualifications aside the most important part was their fit within the team and 2nd was how well we felt they could could learn on the job. The initial qualifications just ruled them interview worthy or not.