Daniel's CCIE Security Thread

aftereffectoraftereffector Posts: 525Member
I never thought I'd end up here, and I still can't quite believe I'm saying it, but I am throwing down the gauntlet: the next stage in my professional development is that I will become a CCIE in Security.

This is a long road and I will not rush to failure, so I am not even close to setting an anticipated lab date or even a hopeful date for the written exam. I intend to take the new version 5.0 written which opens up at the end of January, so I will have eight months at the very least before I can even sit for the easy part - but, again, it's a long road and I am not going to repeat my mistake with the CCNA Security of flinging myself headlong into it, passing the exam, and almost immediately forgetting everything I learned about ASA configuration. Fortunately I have the opportunity to touch all of the technology and concepts that I will be learning about in my current job, so I will be in a much better position to retain knowledge through daily, hands-on practice in addition to studying and labbing.

I have not attempted the CCNP Security, but I am also not going to entirely bypass those four exams. Most of the material will carry over into the CCIE, so I am just going to start on the CCIE topics and take the CCNP exams as check-on-learning events as I ramp up for the Written. That way I'll have some measurable benchmarks, I will recertify my existing certs, and I will have some attainable short-term goals to reach for.

Thanks to Katherine for bullying me into stepping up for the challenge (peer pressure works, kids!), Steve for reminding me to HTFU, Charles for keeping me on track, and RG for the daily grind.

Let's do this!
CCIE Security - this one might take a while...

Comments

  • NetworkNewbNetworkNewb Posts: 3,260Member ■■■■■■■■■□
    Best of luck! Look forward to hearing more icon_thumright.gif
  • ITSpectreITSpectre Posts: 1,040Member
    **Plays eye of the tiger**

    You can do it! I can't wait to follow and learn!
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    Omg! Lets go do 1/31/17 together!
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • gorebrushgorebrush Posts: 2,741Member
    Another victim.. I mean, err... yeah.

    Good luck! Welcome aboard.
  • mistabrumley89mistabrumley89 ■■■□□□□□□□ Posts: 356Member ■■■□□□□□□□
    Good luck! You better not let me finish my degree and get my IE before you do icon_study.gif.
    Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
    LinkedIn: www.linkedin.com/in/charlesbrumley
  • nelson8403nelson8403 ■■■□□□□□□□ Posts: 220Member ■■■□□□□□□□
    Good Luck!!
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • aftereffectoraftereffector Posts: 525Member
    First update - I've read chapters 2-11 in the CCNP Security SISAS 300-208 Official Cert Guide for about eight hours so far, and I also fired up the dCloud Firepower Management Center 6.0 v1.1 lab for a quick introduction to FMC. I've done this "lab" (it's really a sales demo) before, but I hadn't gone through it with the intention of learning how to configure the product. It's a little different when the only goal is to know how to talk about the product's features, and so today I went through it again and tried to pay attention to how the policies were built. I definitely have some major gaps in my understanding of how to design and configure a NGFW...

    ISE is my overall priority right now, and I am focused on getting 300-208 knocked out within the next couple of months or so in order to renew my CCNAs for another few years. My plan is to read as much of the OCG as possible, take a note of anything that is new or unfamiliar in any way, study the crap out of those topics, and go back through the guided walkthrough sections with a live ISE system and follow along to get the muscle memory for building policies, authorization rules, conditions, and so on. On test day I won't have time to fumble around wondering where to go to configure a Downloadable ACL (Policy > Policy Elements > Results > Authorization > Downloadable ACLs).
    CCIE Security - this one might take a while...
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    Great job. I finished the SSFAMP stuff. Probably going to ready the Presidio ISE book then re-read the SISAS book. Makes me a little sad that it focuses on the old versions of ISE. Once you go ISE 2.1, you never go back...
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • aftereffectoraftereffector Posts: 525Member
    Today's "lab" time - I use the word loosely - came from a customer engagement where the customer wanted to set up an automatic email alert whenever her network was getting DoSed. Simple, right? And, in fact, it is - it just took me a good half hour of fumbling around to figure out that I was looking for a Correlation policy with a rule and an associated email alert. Halfway through documenting the solution for the customer with a lot of pretty screenshots of the dCloud FMC 6.0 demo environment, I managed to create a server error on the back end of dCloud by deleting one of my user-created correlation rules, so that brought an end to that particular lab until I can get another instance spun up. That shouldn't take more than another twenty minutes or so and I will probably spend that time reading up on correlation events in the admin guide to get a better handle on where they are typically deployed. All in all, once I realized what it was I was trying to do, the Firepower Management Center made it pretty easy to actually accomplish it. +1 for logical UI design!
    CCIE Security - this one might take a while...
  • ccnpninjaccnpninja Senior Member EuropePosts: 1,008Member ■■■□□□□□□□
    This is tough. Good luck Daniel!
    من طلب عزائم الأمور ، هان عليه بذل النفس فيها - محمد إبن ابي عامر
    www.keyboardbanger.com
  • bharvey92bharvey92 Posts: 419Member
    I will definitely follow this with interest as It is a possibility I will chase this one day! Good luck, and I shall check in often!
    2018 Goal: CCIE Written [ ]
  • aftereffectoraftereffector Posts: 525Member
    Ten days to the Security Zero to Hero class, and I'm finally done with studying ISE (for now)! Next up will be ASA, NAT, and some VPN. I am also learning StealthWatch for a work requirement.

    Not much to report, and I haven't been as structured as I need to be, but I am leaning on the Z2H class to set up a framework for my studying. We'll see how that works out.
    CCIE Security - this one might take a while...
  • KrekenKreken Posts: 284Member
    Ten days to the Security Zero to Hero class, and I'm finally done with studying ISE (for now)! Next up will be ASA, NAT, and some VPN. I am also learning StealthWatch for a work requirement.

    Cool. Will be in the same class.
  • mistabrumley89mistabrumley89 ■■■□□□□□□□ Posts: 356Member ■■■□□□□□□□
    Congrats on passing SISAS!!!
    Goals: WGU BS: IT-Sec (DONE) | CCIE Written: In Progress
    LinkedIn: www.linkedin.com/in/charlesbrumley
  • zmalikzmalik ■□□□□□□□□□ Posts: 2Registered Users ■□□□□□□□□□
    Dear,
    I am wondering which **** you used for training.
  • MitMMitM ■■■■□□□□□□ Posts: 587Member ■■■■□□□□□□
    zmalik wrote: »
    Dear,
    I am wondering which **** you used for training.

    Seriously? Bye
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAPosts: 4,117Mod Mod
    zmalik wrote: »
    Dear,
    I am wondering which **** you used for training.

    You might be shocked to learn this but he didn't ****. **** aren't studying. They are for window lickers that don't know the technology and fail miserably in technical interviews
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • adam9870adam9870 ■■□□□□□□□□ Posts: 53Member ■■□□□□□□□□
    You might be shocked to learn this but he didn't ****. **** aren't studying. They are for window lickers that don't know the technology and fail miserably in technical interviews
    I like it.
Sign In or Register to comment.