Going for the CCIE Security

Iristheangel

They're supposed to be but my class still has access for the moment.

nelson8403

Mine are still available as well, I've been through the class about three times now just getting tips on some things and been through the workbooks twice. I take my CCIE Security next week.

Iristheangel

Good luck, Nelson!!

nelson8403

Thanks, just trying to collect the nerves and go in there as confident as I can. At least I'll get to enjoy the weather!

Iristheangel

You can never be 100% when it comes to those labs but the worst case is that you'll be taking it with me and many others next year. If that ends up being the case, let me know and I'll share my notes with you. I've been taking my "usual" level of notes with all the reading and stuff I've been doing so it might help.

BTW, did my Z2H notes help you out at all?

nelson8403

Yes they did, Thank you again! They are printed out in a binder next to me. I added a bit to them, though not in the scale of the notes you took, we covered a few things like ISE 2.1 (though it's not a huge jump from 2.0) and I think a few different things at the end. I know ISE 2.1 wasn't out when you did your session.

I think either way I'd love to share with you, I still have a boot camp paid for for Narbik so I may take a Sec 5.0 class just to keep up with things, as 4.0 is pretty dated.

Iristheangel

Working my way through the CCIE still. I am actually more than halfway through the ASA book. I found that a lot easier of a read than the IKEv2 book which was... umm... a bit on the overbearing side. This week I'm diving into TrustSec because I do need a deeper understanding than I already have. Loaded up the Sony Digital Paper with all the design guides since I have a presentation at work and POC I need to run with it. Thankfully, this all just compliments my CCIE studies so it's like two birds-one stone

Iristheangel

Still banging away. I finished a LOT of the essential reading list for the CCIE Security. Going through the IPv6 security book this week and probably will attempt the written in the next few weeks.

They say that after you get your first CCIE, it's easier to get the next one. I would say that feels true. It's not because you know everything or there's tremendous amounts of overlap but I think it comes from having a clearer understanding of what it takes and the amount of time you have to focus on it. It's easy to underestimate the CCIE the first time and life gets in the way. The second time around, you have no illusions on what it would take and you try to make smarter decisions. For example, for my first CCIE, I was ordering a lot of takeout and not exercising at all. I also wasn't planning out my studying or setting boundaries at work as much as I should have been - I'm doing a lot better on both fronts now. I am happy to say that I lost my "CCIE 15" (the 15 pounds I gained from sitting on my arse labbing all day) and am going to the gym from 5-6AM every morning to make sure I'm awake for the day and staying fit. Definitely helping with my focus. I also ditched real books this CCIE and took another members advice to get an ereader solution - that's been helping me burn through the books faster and highlight. I usually give the books a good read and then go back to take notes AFTER based on the highlights I did.

So throughout this whole thing, I knew I wanted to take the lab early on and I doubt I'll feel ready enough to do it in Feb or March but I'm hoping to shoot for June or July depending on my work schedule. If I don't pass by August 1st, I've got a plan for that. I have a TON of PTO days saved up and I'll be at that tipping point where I will start losing them if I don't use them so if I don't pass by August, I'll take the whole month of August off and do nothing but lab before I attempt it probably early Sept.

EANx

Iristheangel wrote: »

I am happy to say that I lost my "CCIE 15" (the 15 pounds I gained from sitting on my arse labbing all day) and am going to the gym from 5-6AM every morning to make sure I'm awake for the day and staying fit. Definitely helping with my focus. I also ditched real books this CCIE and took another members advice to get an ereader solution - that's been helping me burn through the books faster and highlight. I usually give the books a good read and then go back to take notes AFTER based on the highlights I did.

I'm still finalizing my R&S plan for the beginning of the year but exercise definitely plays a role. If nothing else, I can ride my bike on a trainer while watching videos. In addition to the IE, I'm hoping that 2018 rings in 20 less pounds. As I plan for the upcoming 12-15 months, I've realized it's more than a study plan and more of a life plan for that period.

NOC-Ninja

Goodluck. It should be easier since it is your 2nd IE.
Did you go to narbiks zero to hero?

Iristheangel

Yeah I did. I was in the first class and wrote a pretty sizable review on it. It was a good dive into the stuff I wasn't used to before.

a5a5a9

what is the demand for CCIE's Security in CA these days ?

Iristheangel

a5a5a9 wrote: »

what is the demand for CCIE's Security in CA these days ?

I haven't checked the job market but I suspect the skills that come along with the CCIE Security v5 will be highly in demand as I'm always getting hit up for Firepower, ISE, etc jobs. I'm not exactly looking for any new jobs though but the CCIE Security was interesting to me after it got updated and it's stuff I do in my day-to-day

BobMead

Kate,

I really have enjoyed your thread and your blog as I'm currently building out my lab for the V5 sec cert. Do you plan on covering the deployment of the ESA appliance or did I miss that? I work for a Cisco gold partner in Texas and like you have deployed many of these solutions over the years but never felt like an expert on the technology. I have a ton on knowledge on Check Point, Palo Alto and Cisco but I'm finally going to certify my Cisco knowledge. Keep up the great work and I will share cool stuff I find going down this path as well.



Thanks

Bobby

My gear:

ESX AMD A8 proc
32 GB DDR 3 ram
1 TB SSD drive
Cisco 1841 Router running 15x code (Sure I could use CSR for most items but I own it so why not
3750 switch on 15x code
3560 12.24 <---need to check for upgrade
ASA 5506X Firepower/FTD

Iristheangel

Have the week off of work and I finished all the CCIE Sec v5 workbooks so I'm getting ramped up by building my lab. This is the logical topology I'm going to be using:


The lab setup is very similar to the Z2H Micronics setup with some notable exceptions:
1) Using a real switch in the center with 3.7.4 code like the lab
2) Using a mobile device with VNC through USB (like the Labminutes video) so I can remotely test wireless
3) The CCIE Sec v5 topics came out since I took the class so I'm adding the following "data center" shared resources:


Since I need to test clustering, i have 2 ASAs there. I also have a 5506 to test ASA with Firepower separately.

Hopefully, I'll have this done by the end of the week and ready to start hitting up topics. There aren't any v5-specific workbooks out there but there's some overlap for sure in the CCIE v4 and if you understand the technologies enough, you could use some of the workbooks for v5 and just mentally translate between v4/v5 concepts. After going through the workbooks, I'll probably just look at the topic list and start hitting up everything I can in order.

For anyone else who is going to take the exam, some things to be aware of:
- The 3650 switch code listed in the exam blueprint is deferred and you can't download it. Expect to see that change before the lab comes live. My recommendation is to stick with 3.7.4
- The WSA version 9.2.0 is interesting. It's a version of code that requires hybrid mode with CWS. Since CWS is most certainly not on the lab or blueprint, that means that there are a whole lotta features that aren't going to be tested in the lab at the moment.

BobMead

Great Topo, I will mirror this design as well in my lab. Another great website for how to on various ASA-Firepower information.

Re-Image and Update the Cisco FirePOWER Services Module | PeteNetLive

Iristheangel

I enjoyed the SSFIPS book for firepower - there was some stuff out of date on it but I sort of went through and updated that stuff in my notes. Another good video site is labminutes. Metha has about 40 videos on Firepower alone on there.

justin10

Iris,

How do you remember everything from all your certs? Do you use spaced repetition software like anki?
Do you even make notes, like a document with everything you learnt/read while studying?

I didn't read every post here so maybe I missed something.

I, for example, forget things like ospf because I don't use it in my company. How do you keep these things in your mind?

It's impressive how you're smashing that CCIE.
I really look up to you and also follow you on twitter :P

sorry for the bad english, english is not my native language.

Iristheangel

Howdy Justin,

To answer your questions:

How do I remember everything or certain topics fresh? Well... I can't remember everything tbh. There's some older certs that I no longer do for a job or never used in my role (i.e. Javascript certs, old A+ material, etc) that I probably am really bad at and don't list in my resume anymore. The more relevant stuff like Cisco material, I use every day at my job or at least often enough to keep it sort of fresh. The things that I find the most value from from a work perspective, I try to keep labbing to refresh myself every once in awhile. For example, before I started seriously studying for the CCIE Security, I ran through Jason Lunde's ACI videos and labbed up ACI for awhile after I got my CCIE DC. I still go back and lab every once in awhile to keep the relevant stuff there. Am I as quick as the day I took the lab? Probably not but the core of it is there.

As much as I would love to say I smashed the CCIE, just remember that it took me 2 years of solid studying + 1 fail to get it. Most people fail multiple times and it's a multi-year process but the reward is definitely worth it.

Iristheangel

I had to rebuild one of my security labs at work and decided to start making videos as I'm configuring and walk through some of the things I'm doing. Definitely relevant to the CCIE Security. A lot of this is on my blog but I'm going to expand past it for a few things as well and hopefully this will help others with CCIE Security labbing.
Overview of what I'm doing with my lab: https://www.youtube.com/watch?v=a1sZn3rLZ5Q&t=5s
Configuring everything on Active Directory, CA, GPO, DHCP, DNS, etc: https://www.youtube.com/watch?v=hxMSCWJ-MUY&t=7s
ISE 2.2 Initial Configuration: https://www.youtube.com/watch?v=vHlmai8Ltis&t=1s
Configuring basic ASAv, CSR, FTD and FMC: https://www.youtube.com/watch?v=u4gi3Ot9R9w

That's 3+ hours of what I did today. I have to wrap up this lab later this week for work so I'll keep going and pump out videos daily.

Henry is God

Great work Iris!

I start my journey on the Z2H class in June. I have my CCIE R&S but really looking forward to this one. May I see your notes if possible please? I plan to start reading in April for prep and really hit the ground running.

Thanks!

Iristheangel

@Henry - Hit up Janet to ask her for it. I gave her a copy of my notes to send to class folks

Made some more videos:
Switch configuration: https://www.youtube.com/watch?v=vyv8_MtQuJk
Profiling with ISE: https://www.youtube.com/watch?v=Zb6tzklhmK4

Jobene

nice conntent ? CHECK informational? CHECK pleasant voice? CHECKI like ya videos! a big thanks and a lot of respect for you!

Iristheangel

AD Probes: https://www.youtube.com/watch?v=cGtpBg54wVE&index=7&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W
Wired Dot1x Fun: https://www.youtube.com/watch?v=EE5ECXtNpgE&index=8&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W
WLC Installation: https://www.youtube.com/watch?v=Bc5i874_GZM&index=9&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W
EZ Wireless Creation: https://www.youtube.com/watch?v=wBlqpYz0A4g&index=10&list=PL4Npr0SsZ_9W4egx0wSmXCT5vycb4j7_W

I'll probably be creating some more videos this weekend. Just need to get caught up on my workie work first Hope some people are enjoying watching them as much as I'm enjoying making them

Iristheangel

Knocked out a few more tonight:
PassiveID: https://www.youtube.com/watch?v=LNY5rADyHhw
Hotspot and Guest Configuration (Manual): https://www.youtube.com/watch?v=6g_smhZKF14&t=1s
BYOD: https://www.youtube.com/watch?v=_gYxcozc0kM
AMP For Endpoints Overview & Integration with ISE: https://www.youtube.com/watch?v=_gYxcozc0kM

darkestclown

Hello Iristheangel, Great topology and videos. May I ask what is the server and specification you are using to run the topology? Much Appreciated. DC

Jobene

And how you get the Ampthings ? :P Over work?

Iristheangel

darkestclown wrote: »

Hello Iristheangel, Great topology and videos. May I ask what is the server and specification you are using to run the topology? Much Appreciated. DC

My server is a bit overkill. It's a C220 M4 with 700+ GB RAM, 8x 1TB SSDs and 2x 12 core procs. You could get away with something much smaller. I do a lot of other testing on the side with it so this is just one thing I am using it for.

Iristheangel

Jobene wrote: »

And how you get the Ampthings ? :P Over work?

Yes, work. I believe you can get a trial too but you have to speak to your local Cisco account SE about it.

Iristheangel

Added some more videos:
TACACS+ for WLC: https://www.youtube.com/watch?v=c4zwwrrUp74
TACACS+ for ASA: https://www.youtube.com/watch?v=GRjTyZA_UfY
TACACS+ for IOS: https://www.youtube.com/watch?v=Fr_zLwY0Sfc
ISE Posturing: https://www.youtube.com/watch?v=SRvoz4vasfs
ISE & Prime Infrastructure: https://www.youtube.com/watch?v=TK0CVisiza8
ISE & Firepower for Rapid Threat Containment: https://www.youtube.com/watch?v=SYdW7jxJWtQ
ISE & WSA Integration: https://www.youtube.com/watch?v=Az7vuGSJdPA


I probably won't be doing anymore videos for the next month since I'm in serious grind mode on my labbing