Going for the CCIE Security

135

Comments

  • IristheangelIristheangel Mod Posts: 4,133 Mod
    They're supposed to be but my class still has access for the moment.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • nelson8403nelson8403 Member Posts: 220 ■■■□□□□□□□
    Mine are still available as well, I've been through the class about three times now just getting tips on some things and been through the workbooks twice. I take my CCIE Security next week.
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Good luck, Nelson!!
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • nelson8403nelson8403 Member Posts: 220 ■■■□□□□□□□
    Thanks, just trying to collect the nerves and go in there as confident as I can. At least I'll get to enjoy the weather!
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    You can never be 100% when it comes to those labs but the worst case is that you'll be taking it with me and many others next year. If that ends up being the case, let me know and I'll share my notes with you. I've been taking my "usual" level of notes with all the reading and stuff I've been doing so it might help.

    BTW, did my Z2H notes help you out at all?
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • nelson8403nelson8403 Member Posts: 220 ■■■□□□□□□□
    Yes they did, Thank you again! They are printed out in a binder next to me. I added a bit to them, though not in the scale of the notes you took, we covered a few things like ISE 2.1 (though it's not a huge jump from 2.0) and I think a few different things at the end. I know ISE 2.1 wasn't out when you did your session.

    I think either way I'd love to share with you, I still have a boot camp paid for for Narbik so I may take a Sec 5.0 class just to keep up with things, as 4.0 is pretty dated.
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Working my way through the CCIE still. I am actually more than halfway through the ASA book. I found that a lot easier of a read than the IKEv2 book which was... umm... a bit on the overbearing side. This week I'm diving into TrustSec because I do need a deeper understanding than I already have. Loaded up the Sony Digital Paper with all the design guides since I have a presentation at work and POC I need to run with it. Thankfully, this all just compliments my CCIE studies so it's like two birds-one stone
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Still banging away. I finished a LOT of the essential reading list for the CCIE Security. Going through the IPv6 security book this week and probably will attempt the written in the next few weeks.

    They say that after you get your first CCIE, it's easier to get the next one. I would say that feels true. It's not because you know everything or there's tremendous amounts of overlap but I think it comes from having a clearer understanding of what it takes and the amount of time you have to focus on it. It's easy to underestimate the CCIE the first time and life gets in the way. The second time around, you have no illusions on what it would take and you try to make smarter decisions. For example, for my first CCIE, I was ordering a lot of takeout and not exercising at all. I also wasn't planning out my studying or setting boundaries at work as much as I should have been - I'm doing a lot better on both fronts now. I am happy to say that I lost my "CCIE 15" (the 15 pounds I gained from sitting on my arse labbing all day) and am going to the gym from 5-6AM every morning to make sure I'm awake for the day and staying fit. Definitely helping with my focus. I also ditched real books this CCIE and took another members advice to get an ereader solution - that's been helping me burn through the books faster and highlight. I usually give the books a good read and then go back to take notes AFTER based on the highlights I did.

    So throughout this whole thing, I knew I wanted to take the lab early on and I doubt I'll feel ready enough to do it in Feb or March but I'm hoping to shoot for June or July depending on my work schedule. If I don't pass by August 1st, I've got a plan for that. I have a TON of PTO days saved up and I'll be at that tipping point where I will start losing them if I don't use them so if I don't pass by August, I'll take the whole month of August off and do nothing but lab before I attempt it probably early Sept.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    I am happy to say that I lost my "CCIE 15" (the 15 pounds I gained from sitting on my arse labbing all day) and am going to the gym from 5-6AM every morning to make sure I'm awake for the day and staying fit. Definitely helping with my focus. I also ditched real books this CCIE and took another members advice to get an ereader solution - that's been helping me burn through the books faster and highlight. I usually give the books a good read and then go back to take notes AFTER based on the highlights I did.

    I'm still finalizing my R&S plan for the beginning of the year but exercise definitely plays a role. If nothing else, I can ride my bike on a trainer while watching videos. In addition to the IE, I'm hoping that 2018 rings in 20 less pounds. As I plan for the upcoming 12-15 months, I've realized it's more than a study plan and more of a life plan for that period.
  • NOC-NinjaNOC-Ninja Member Posts: 1,403
    Goodluck. It should be easier since it is your 2nd IE.
    Did you go to narbiks zero to hero?
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Yeah I did. I was in the first class and wrote a pretty sizable review on it. It was a good dive into the stuff I wasn't used to before.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • a5a5a9a5a5a9 Registered Users Posts: 1 ■□□□□□□□□□
    what is the demand for CCIE's Security in CA these days ?
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    a5a5a9 wrote: »
    what is the demand for CCIE's Security in CA these days ?

    I haven't checked the job market but I suspect the skills that come along with the CCIE Security v5 will be highly in demand as I'm always getting hit up for Firepower, ISE, etc jobs. I'm not exactly looking for any new jobs though but the CCIE Security was interesting to me after it got updated and it's stuff I do in my day-to-day
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • BobMeadBobMead Member Posts: 55 ■■■□□□□□□□
    Kate,

    I really have enjoyed your thread and your blog as I'm currently building out my lab for the V5 sec cert. Do you plan on covering the deployment of the ESA appliance or did I miss that? I work for a Cisco gold partner in Texas and like you have deployed many of these solutions over the years but never felt like an expert on the technology. I have a ton on knowledge on Check Point, Palo Alto and Cisco but I'm finally going to certify my Cisco knowledge. Keep up the great work and I will share cool stuff I find going down this path as well.

    icon_cheers.gif

    Thanks

    Bobby

    My gear:

    ESX AMD A8 proc
    32 GB DDR 3 ram
    1 TB SSD drive
    Cisco 1841 Router running 15x code (Sure I could use CSR for most items but I own it so why not :)
    3750 switch on 15x code
    3560 12.24 <---need to check for upgrade
    ASA 5506X Firepower/FTD
    Press RETURN to get started

    :roll:
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Have the week off of work and I finished all the CCIE Sec v5 workbooks so I'm getting ramped up by building my lab. This is the logical topology I'm going to be using:


    The lab setup is very similar to the Z2H Micronics setup with some notable exceptions:
    1) Using a real switch in the center with 3.7.4 code like the lab
    2) Using a mobile device with VNC through USB (like the Labminutes video) so I can remotely test wireless
    3) The CCIE Sec v5 topics came out since I took the class so I'm adding the following "data center" shared resources:


    Since I need to test clustering, i have 2 ASAs there. I also have a 5506 to test ASA with Firepower separately.

    Hopefully, I'll have this done by the end of the week and ready to start hitting up topics. There aren't any v5-specific workbooks out there but there's some overlap for sure in the CCIE v4 and if you understand the technologies enough, you could use some of the workbooks for v5 and just mentally translate between v4/v5 concepts. After going through the workbooks, I'll probably just look at the topic list and start hitting up everything I can in order.

    For anyone else who is going to take the exam, some things to be aware of:
    - The 3650 switch code listed in the exam blueprint is deferred and you can't download it. Expect to see that change before the lab comes live. My recommendation is to stick with 3.7.4
    - The WSA version 9.2.0 is interesting. It's a version of code that requires hybrid mode with CWS. Since CWS is most certainly not on the lab or blueprint, that means that there are a whole lotta features that aren't going to be tested in the lab at the moment.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • BobMeadBobMead Member Posts: 55 ■■■□□□□□□□
    Great Topo, I will mirror this design as well in my lab. Another great website for how to on various ASA-Firepower information.

    Re-Image and Update the Cisco FirePOWER Services Module | PeteNetLive
    Press RETURN to get started

    :roll:
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    I enjoyed the SSFIPS book for firepower - there was some stuff out of date on it but I sort of went through and updated that stuff in my notes. Another good video site is labminutes. Metha has about 40 videos on Firepower alone on there.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • justin10justin10 Registered Users Posts: 1 ■□□□□□□□□□
    Iris,

    How do you remember everything from all your certs? Do you use spaced repetition software like anki?
    Do you even make notes, like a document with everything you learnt/read while studying?

    I didn't read every post here so maybe I missed something.

    I, for example, forget things like ospf because I don't use it in my company. How do you keep these things in your mind?

    It's impressive how you're smashing that CCIE.
    I really look up to you and also follow you on twitter :P

    sorry for the bad english, english is not my native language. icon_smile.gif
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Howdy Justin,

    To answer your questions:

    How do I remember everything or certain topics fresh? Well... I can't remember everything tbh. There's some older certs that I no longer do for a job or never used in my role (i.e. Javascript certs, old A+ material, etc) that I probably am really bad at and don't list in my resume anymore. The more relevant stuff like Cisco material, I use every day at my job or at least often enough to keep it sort of fresh. The things that I find the most value from from a work perspective, I try to keep labbing to refresh myself every once in awhile. For example, before I started seriously studying for the CCIE Security, I ran through Jason Lunde's ACI videos and labbed up ACI for awhile after I got my CCIE DC. I still go back and lab every once in awhile to keep the relevant stuff there. Am I as quick as the day I took the lab? Probably not but the core of it is there.

    As much as I would love to say I smashed the CCIE, just remember that it took me 2 years of solid studying + 1 fail to get it. Most people fail multiple times and it's a multi-year process but the reward is definitely worth it.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    I had to rebuild one of my security labs at work and decided to start making videos as I'm configuring and walk through some of the things I'm doing. Definitely relevant to the CCIE Security. A lot of this is on my blog but I'm going to expand past it for a few things as well and hopefully this will help others with CCIE Security labbing.
    Overview of what I'm doing with my lab: https://www.youtube.com/watch?v=a1sZn3rLZ5Q&t=5s
    Configuring everything on Active Directory, CA, GPO, DHCP, DNS, etc: https://www.youtube.com/watch?v=hxMSCWJ-MUY&t=7s
    ISE 2.2 Initial Configuration: https://www.youtube.com/watch?v=vHlmai8Ltis&t=1s
    Configuring basic ASAv, CSR, FTD and FMC: https://www.youtube.com/watch?v=u4gi3Ot9R9w

    That's 3+ hours of what I did today. I have to wrap up this lab later this week for work so I'll keep going and pump out videos daily.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • Henry is GodHenry is God Member Posts: 45 ■■□□□□□□□□
    Great work Iris!

    I start my journey on the Z2H class in June. I have my CCIE R&S but really looking forward to this one. May I see your notes if possible please? I plan to start reading in April for prep and really hit the ground running.

    Thanks!
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    @Henry - Hit up Janet to ask her for it. I gave her a copy of my notes to send to class folks

    Made some more videos:
    Switch configuration: https://www.youtube.com/watch?v=vyv8_MtQuJk
    Profiling with ISE: https://www.youtube.com/watch?v=Zb6tzklhmK4
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JobeneJobene Member Posts: 63 ■■■□□□□□□□
    nice conntent ? CHECK informational? CHECK pleasant voice? CHECKI like ya videos! a big thanks and a lot of respect for you!
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    AD Probes: https://www.youtube.com/watch?v=cGtpBg54wVE&index=7&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W
    Wired Dot1x Fun: https://www.youtube.com/watch?v=EE5ECXtNpgE&index=8&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W
    WLC Installation: https://www.youtube.com/watch?v=Bc5i874_GZM&index=9&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W
    EZ Wireless Creation: https://www.youtube.com/watch?v=wBlqpYz0A4g&index=10&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W

    I'll probably be creating some more videos this weekend. Just need to get caught up on my workie work first :) Hope some people are enjoying watching them as much as I'm enjoying making them
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Knocked out a few more tonight:
    PassiveID: https://www.youtube.com/watch?v=LNY5rADyHhw
    Hotspot and Guest Configuration (Manual): https://www.youtube.com/watch?v=6g_smhZKF14&t=1s
    BYOD: https://www.youtube.com/watch?v=_gYxcozc0kM
    AMP For Endpoints Overview & Integration with ISE: https://www.youtube.com/watch?v=_gYxcozc0kM
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • darkestclowndarkestclown Member Posts: 15 ■□□□□□□□□□
    Hello Iristheangel, Great topology and videos. May I ask what is the server and specification you are using to run the topology? Much Appreciated. DC
  • JobeneJobene Member Posts: 63 ■■■□□□□□□□
    And how you get the Ampthings ? :P Over work?
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Hello Iristheangel, Great topology and videos. May I ask what is the server and specification you are using to run the topology? Much Appreciated. DC

    My server is a bit overkill. It's a C220 M4 with 700+ GB RAM, 8x 1TB SSDs and 2x 12 core procs. You could get away with something much smaller. I do a lot of other testing on the side with it so this is just one thing I am using it for.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Jobene wrote: »
    And how you get the Ampthings ? :P Over work?

    Yes, work. I believe you can get a trial too but you have to speak to your local Cisco account SE about it.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Added some more videos:
    TACACS+ for WLC: https://www.youtube.com/watch?v=c4zwwrrUp74
    TACACS+ for ASA: https://www.youtube.com/watch?v=GRjTyZA_UfY
    TACACS+ for IOS: https://www.youtube.com/watch?v=Fr_zLwY0Sfc
    ISE Posturing: https://www.youtube.com/watch?v=SRvoz4vasfs
    ISE & Prime Infrastructure: https://www.youtube.com/watch?v=TK0CVisiza8
    ISE & Firepower for Rapid Threat Containment: https://www.youtube.com/watch?v=SYdW7jxJWtQ
    ISE & WSA Integration: https://www.youtube.com/watch?v=Az7vuGSJdPA


    I probably won't be doing anymore videos for the next month since I'm in serious grind mode on my labbing
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
Sign In or Register to comment.