Heh... I guess I'm going to say my R&S thread is dormant for now. I've been working on nothing but security stuff on the side and for POCs since last July and I took the 4 month long Micronic's security class as well so I was all ready without an exam to really take. I'm banking this on the hopes and dreams that the exam gets refreshed relatively soon and I'm pretty sure it will. The entire Cisco security landscape has changed and they can't afford to keep it this stale for longer so with Cisco Live approaching, I feel like I should strike while the iron is hot and just beastmode this thing.
I got back from the partner Security VT thing last week in San Jose and put out a blog post on what I'm going to study based on what theoretically would be on the next exam. Obviously, I work at Cisco but they don't tell us when an exam is coming and there's a huge separation between the team that pumps out exams and the rest of us. That being said, a lot of what's coming on exams or how exams are crafted are based on the Cisco messaging. i.e. Cisco R&S v5 ditched PFRv2 because PFRv3 was right around the corner and forcing people to learn PFRv2 would be a direct contradiction to their iWAN messaging. When there's eventually a v6 for R&S, I would expect PFRv3 to pop it's pretty head in there (if anyone wants to contest that it's pretty, go lookup v1/OER or v2. Nuff said). With CCIE VoIP, it changed to collaboration. With CCIE DC v2, ACI is there....
So with the lack of a valid blueprint, I'm going based on Cisco trends and marketing. That being said, this is based on my best guesses. Nothing else and I think even if I'm wrong on 20%, I'm probably right on a good chunk.
Most likely what I see on the next Security lab:
- pxGrid - Knowing how to do self-signed and CA-signed. I suspect that self-signed would be the preferred method. Like the CCIE DC didn't want it to be a VMware exam, I would think they would want to keep it away from being a Microsoft AD exam...
- AMP - Endpoints, networks, etc
- Some flavor of Firepower (Unknown whether it'll be the unified FTD code or the ASA with Firepower module). I doubt they would use Firepower managed by the ASDM. While that would be one of those "tricky" things they could throw in there, there isn't as many options with the ASDM part so it would be silly to put it in there. I'm thinking FMC-controlled.
- VPN in some form - The real question is WHICH types of VPN. Are they going to be ditching EZVPN? Keeping it? Who knows... I probably won't study it hard until the end when I know what's on the blueprint. S2S IPSec, SSL, Anyconnect
- The regular blend of IOS, WLC, and router security
Not so sure about:
- Cisco Cognitive Threat Analytics
- AMP Private cloud
- Cisco Defense Orchestrator
- OpenDNS - This isn't very hard either way
Going through the most likely, I think I'm pretty strong on a lot of those so the ramp-up time isn't that bad. I need to play around with more of ISE's self-signed certificate actions and pxGrid with self-signed certs, VPN I need work on, and maybe some ESA in there but the rest, I'm pretty solid on. I'd go as far to rank me as a 7 or 8 out of 10 on most of the above. One thing I can see them potentially doing is having a section be about detecting threats and neutralizing them which I probably could be better at to be honest... I configure and troubleshoot these things often but I'm probably a 5 at actually using them to their full potential in terms of identifying more hidden threats with the information it gives me. I could see detecting and identifying threats as it's own sort of "Diag" section if that was the case so I need to get better at using the tools as an end-user.
Anyways, my goal is a little bit crazy. Most people scramble to take a CCIE lab BEFORE the exam changes. I am purposely going to study for the exam change that will eventually come. Crazy as it sounds, it's a lot easier for me given where I'm starting from and I get to use the last 8 months of labbing, my new job role in Cisco, and the 4 month class I just took. I'll keep updating this thing as I go as well as my blog as I go. Maybe you guys will learn some new stuff about the security stuff I'm working on too so win-win.
I'm making this commitment now: I'm taking the new CCIE Security lab (whenever it's announced) on the 1st day it comes out. I don't know if I'll get a pass but if I did, I would be sooooo happy. It just would validate a lot of the hard work I've been doing on the side.
BS, MS, and CCIE #50931
Bonus TE Fun: Nerd Photos