Daniel's CCIE Security Thread
aftereffector
Member Posts: 525 ■■■■□□□□□□
in CCIE
I never thought I'd end up here, and I still can't quite believe I'm saying it, but I am throwing down the gauntlet: the next stage in my professional development is that I will become a CCIE in Security.
This is a long road and I will not rush to failure, so I am not even close to setting an anticipated lab date or even a hopeful date for the written exam. I intend to take the new version 5.0 written which opens up at the end of January, so I will have eight months at the very least before I can even sit for the easy part - but, again, it's a long road and I am not going to repeat my mistake with the CCNA Security of flinging myself headlong into it, passing the exam, and almost immediately forgetting everything I learned about ASA configuration. Fortunately I have the opportunity to touch all of the technology and concepts that I will be learning about in my current job, so I will be in a much better position to retain knowledge through daily, hands-on practice in addition to studying and labbing.
I have not attempted the CCNP Security, but I am also not going to entirely bypass those four exams. Most of the material will carry over into the CCIE, so I am just going to start on the CCIE topics and take the CCNP exams as check-on-learning events as I ramp up for the Written. That way I'll have some measurable benchmarks, I will recertify my existing certs, and I will have some attainable short-term goals to reach for.
Thanks to Katherine for bullying me into stepping up for the challenge (peer pressure works, kids!), Steve for reminding me to HTFU, Charles for keeping me on track, and RG for the daily grind.
Let's do this!
This is a long road and I will not rush to failure, so I am not even close to setting an anticipated lab date or even a hopeful date for the written exam. I intend to take the new version 5.0 written which opens up at the end of January, so I will have eight months at the very least before I can even sit for the easy part - but, again, it's a long road and I am not going to repeat my mistake with the CCNA Security of flinging myself headlong into it, passing the exam, and almost immediately forgetting everything I learned about ASA configuration. Fortunately I have the opportunity to touch all of the technology and concepts that I will be learning about in my current job, so I will be in a much better position to retain knowledge through daily, hands-on practice in addition to studying and labbing.
I have not attempted the CCNP Security, but I am also not going to entirely bypass those four exams. Most of the material will carry over into the CCIE, so I am just going to start on the CCIE topics and take the CCNP exams as check-on-learning events as I ramp up for the Written. That way I'll have some measurable benchmarks, I will recertify my existing certs, and I will have some attainable short-term goals to reach for.
Thanks to Katherine for bullying me into stepping up for the challenge (peer pressure works, kids!), Steve for reminding me to HTFU, Charles for keeping me on track, and RG for the daily grind.
Let's do this!
CCIE Security - this one might take a while...
Comments
-
ITSpectre
Member Posts: 1,040 ■■■■□□□□□□
**Plays eye of the tiger**
You can do it! I can't wait to follow and learn!In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios -
gorebrush
Member Posts: 2,743 ■■■■■■■□□□
Another victim.. I mean, err... yeah.
Good luck! Welcome aboard. -
mistabrumley89
Member Posts: 356 ■■■□□□□□□□
Good luck! You better not let me finish my degree and get my IE before you do
. Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
LinkedIn: www.linkedin.com/in/charlesbrumley -
nelson8403
Member Posts: 220 ■■■□□□□□□□
Good Luck!!Bachelor of Science, IT Security
Master of Science, Information Security and Assurance
CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016) -
aftereffector
Member Posts: 525 ■■■■□□□□□□
First update - I've read chapters 2-11 in the CCNP Security SISAS 300-208 Official Cert Guide for about eight hours so far, and I also fired up the dCloud Firepower Management Center 6.0 v1.1 lab for a quick introduction to FMC. I've done this "lab" (it's really a sales demo) before, but I hadn't gone through it with the intention of learning how to configure the product. It's a little different when the only goal is to know how to talk about the product's features, and so today I went through it again and tried to pay attention to how the policies were built. I definitely have some major gaps in my understanding of how to design and configure a NGFW...
ISE is my overall priority right now, and I am focused on getting 300-208 knocked out within the next couple of months or so in order to renew my CCNAs for another few years. My plan is to read as much of the OCG as possible, take a note of anything that is new or unfamiliar in any way, study the crap out of those topics, and go back through the guided walkthrough sections with a live ISE system and follow along to get the muscle memory for building policies, authorization rules, conditions, and so on. On test day I won't have time to fumble around wondering where to go to configure a Downloadable ACL (Policy > Policy Elements > Results > Authorization > Downloadable ACLs).CCIE Security - this one might take a while... -
Iristheangel
Mod Posts: 4,133 Mod
Great job. I finished the SSFAMP stuff. Probably going to ready the Presidio ISE book then re-read the SISAS book. Makes me a little sad that it focuses on the old versions of ISE. Once you go ISE 2.1, you never go back... -
aftereffector
Member Posts: 525 ■■■■□□□□□□
Today's "lab" time - I use the word loosely - came from a customer engagement where the customer wanted to set up an automatic email alert whenever her network was getting DoSed. Simple, right? And, in fact, it is - it just took me a good half hour of fumbling around to figure out that I was looking for a Correlation policy with a rule and an associated email alert. Halfway through documenting the solution for the customer with a lot of pretty screenshots of the dCloud FMC 6.0 demo environment, I managed to create a server error on the back end of dCloud by deleting one of my user-created correlation rules, so that brought an end to that particular lab until I can get another instance spun up. That shouldn't take more than another twenty minutes or so and I will probably spend that time reading up on correlation events in the admin guide to get a better handle on where they are typically deployed. All in all, once I realized what it was I was trying to do, the Firepower Management Center made it pretty easy to actually accomplish it. +1 for logical UI design!CCIE Security - this one might take a while...
-
ccnpninja
Member Posts: 1,010 ■■■□□□□□□□
This is tough. Good luck Daniel!my blog:https://keyboardbanger.com -
bharvey92
Member Posts: 420 ■■■□□□□□□□
I will definitely follow this with interest as It is a possibility I will chase this one day! Good luck, and I shall check in often!2018 Goal: CCIE Written [ ] -
aftereffector
Member Posts: 525 ■■■■□□□□□□
Ten days to the Security Zero to Hero class, and I'm finally done with studying ISE (for now)! Next up will be ASA, NAT, and some VPN. I am also learning StealthWatch for a work requirement.
Not much to report, and I haven't been as structured as I need to be, but I am leaning on the Z2H class to set up a framework for my studying. We'll see how that works out.CCIE Security - this one might take a while... -
Kreken
Member Posts: 284
aftereffector wrote: »Ten days to the Security Zero to Hero class, and I'm finally done with studying ISE (for now)! Next up will be ASA, NAT, and some VPN. I am also learning StealthWatch for a work requirement.
Cool. Will be in the same class. -
mistabrumley89
Member Posts: 356 ■■■□□□□□□□
Congrats on passing SISAS!!!Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
LinkedIn: www.linkedin.com/in/charlesbrumley -
Iristheangel
Mod Posts: 4,133 Mod
Dear,
I am wondering which **** you used for training.
You might be shocked to learn this but he didn't ****. **** aren't studying. They are for window lickers that don't know the technology and fail miserably in technical interviews -
adam9870
Member Posts: 53 ■■■□□□□□□□
I like it.Iristheangel wrote: »You might be shocked to learn this but he didn't ****. **** aren't studying. They are for window lickers that don't know the technology and fail miserably in technical interviews
