CCNA for security?

DDStime

I am trying to really gain as much knowledge as possible.

I have a lot of exp, but would love to pick a path and get great at it.

My background is in security and I think following the CCNA CCNP path would be more benifitial than the pen testing route with OSCP.

Do you think an employer would value a security guy with CCNP over OSCP?

Which one would you think a security guy would be better off obtaining? I'm talking from a knowledge standpoint.

danny069

OSCP, very respectable cert. You learn a lot, it is hands on, and you also have to submit a report. So it also teaches you writing skills, for example, creating a report from scratch (title, index and everything in between), describing technical data into an executive summary, utilizing spell check (it really bothers me when I see people with a lot of experience and knowledge misspell words) You can obtain the OSCP, then OSCE.

DDStime

I would have to do a great deal of research and studying before I attempt the OSCP. CCNA I could prob knock out in a few months.

My end goal is to really start to dive deep into one direction that is marketable.

I think both routes would be fun, but I don't see many jobs looking for OSCP and I see plenty of sec roles looking for CCNP/IE.

I want to really get to the technical side of security and better my understanding of it all.

danny069

If you're looking for marketable, and say you can knock out the CCNA in a few months, then go for it. August 20th 2016 is the last day to test for the 200-120, they are adding new material after.

OctalDump

Cisco Security path is very focussed on their security products and security features of their products. It is useful for doing network defence in a Cisco network environment. Think blue team. My experience with Cisco security track is that it isn't quite as good as their networking track for covering generic security knowledge.

There also is the new Cisco Cybersecurity track, which I don't know a lot about.

OSCP is all about penetration testing. This means understanding well the weaknesses and how to exploit them. Think red team. There are similar offerings from Mile2, eLearnSecurity, GIAC and (ahem) EC Council. GIAC and Offensive Security are probably the best known and respected, but eLearnSecurity is getting increasing love here thanks to their more accessible junior pen test cert.

Neither will give a nice, rounded, info sec background. If you have no security background, or no formal info sec training, then I'd recommend starting with Security+ (or if you can get someone else to pay, the GIAC GISF or GSEC). I believe that good specialists are also good generalists, so having a solid, general, base to start with is ideal before pursuing a specialisation.

DDStime

@octal

I'm in a brocade environment, do you think someone could get to CCNP without being in a CISCO env?

I'm just looking for the knowledge, I look at the CEH, elearn and others and they are basically just using tools. I want to actually understand what is actually happening and I feel that networking would be a fundamental thing to understand intimately before diving into pen certs.

I'm already CISSP, Sec+ and some other crap but they are worthless. All I have learned I thought myself, but after reading tom lamells CCNA book I feel like I could actually learn from doing that cert.

For some reason my gut feeling is that CCNP would help me in my career more than anything else....but you would know.

What do you think?

DDStime

danny069 wrote: »

If you're looking for marketable, and say you can knock out the CCNA in a few months, then go for it. August 20th 2016 is the last day to test for the 200-120, they are adding new material after.

Damn. I better make a desision soon.

OctalDump

DDStime wrote: »

Damn. I better make a desision soon.

I wouldn't panic. Most of the material will be the same. One good thing is they have dropped frame relay.

DDStime

Is the two test version going to change as well

OctalDump

DDStime wrote: »

@octal

I'm in a brocade environment, do you think someone could get to CCNP without being in a CISCO env?

You can get CCNA without too much hands on with real gear. CCNP level is more challenging. I'm not sure what the current state of play is with CCNP Security, it is likely to be refreshed 'soon'. It covers a bunch of things that are more difficult to replicate in a home lab. It is also quite Cisco-centric, so you'd need to be working with Cisco gear to keep your skills from going rusty.

CCNP Routing and Switching is more accessible to do, but real experience is still very useful.

DDStime wrote: »

I'm just looking for the knowledge, I look at the CEH, elearn and others and they are basically just using tools. I want to actually understand what is actually happening and I feel that networking would be a fundamental thing to understand intimately before diving into pen certs.

I'm already CISSP, Sec+ and some other crap but they are worthless. All I have learned I thought myself, but after reading tom lamells CCNA book I feel like I could actually learn from doing that cert.

For some reason my gut feeling is that CCNP would help me in my career more than anything else....but you would know.

What do you think?

Well, based on that you have already CISSP and Sec+, deeper technical skills do seem like a good option. Pen testing benefits from a good general technical knowledge (networking, OS, web, databases, programming etc), and if you feel you don't have enough of that, then getting those skills first does make sense.

General networking skills are also a bit more stable than some other areas of IT. So they are not a bad thing to invest in. I'd say that starting with CCNA R+S is a good idea, and then look at the Cisco security track. Maybe also look at Cloud Security or something similar that's up and coming. It'd be a good way to get in early and get in deep. Due to the demand, you could likely get a role where you get to do a lot of different things and learn a lot in the process.

Danielm7

Agree with OctalDump. You already have a few security certs, have you really narrowed down your end goal? If you want to end up in pen testing then sure, grind out the OSCP. I think the CCNP is overkill if you're a security generalist, aka, not a network security person specifically. I have the CCNA, ccna security, etc. It's important to understand all the networking aspects, but unless you're specifically configuring Cisco gear or really want to, i don't see a point in going for the CCNP. I'm sure you see it in job searches, but is it really in searches for security or just network engineers?

DDStime

Well the thing is that I want to get on the technical side of security. So if I end up loving CISCO gear I might go that route.

Would you all agree that CCNA R&S would be a good start to dive into a more technical understanding of IT?

Or would you advise something else?

DDStime

Or should I just keep hitting the net stuff on the side and shoot for some sans certs?

I just want to understand everything in more detail

doctorlexus

I think CCNA R&S is a good baseline of knowledge for almost anyone in IT to have. It may not always be marketable, but it's still good to know.

If I were aiming for the security field, I'd jump in neck deep into OSCP. I can't think of anything more beneficial in security than having a first hand understanding of how systems are compromised. But it seems a lot of people shy away from OSCP as it's a seemingly-scary cert, which requires a significant time investment.

As for CCNP, as Danielm7, it's likely overkill for a security career. And I've read a few negative reviews of the CCNA Security cert on here, so I don't think I'd bother with that unless your employer is specifically asking for it.

Do CCNA R&S if you want, but I wouldn't do it just to avoid OSCP or to procrastinate harder obstacles. You're going to learn more with OSCP than anything else.

NetworkNewb

doctorlexus wrote: »

I think CCNA R&S is a good baseline of knowledge for almost anyone in IT to have.

I would say CCNA is a little overkill for alot of positions in IT. CCENT would be a good baseline for anyone... But then again CCNA looks 100 times better on a resume! Not sure if CCENT really impresses anyone, good knowledge for everyone to have though.

doctorlexus

NetworkNewb wrote: »

I would say CCNA is a little overkill for alot of positions in IT. CCENT would be a good baseline for anyone... But then again CCNA looks 100 times better on a resume! Not sure if CCENT really impresses anyone, good knowledge for everyone to have though.

I agree with you on CCENT. Unfortunately, it's going to take the industry a little while to catch up to the shift Cisco made in the CCENT curriculum back in 2013--they added a lot more to the certification then, and CCENT became the sole prerequisite for several CCNA tracks. Before 2013, CCNA was the baseline certification, which opened the doors to other paths. A lot of people still have that pre-2013 mindset.

NetworkNewb

True that! I only have my CCENT and when people see my resume I just hope they even know what it is!

Trucido

OctalDump wrote: »

I wouldn't panic. Most of the material will be the same. One good thing is they have dropped frame relay.

so is it going to be easier or?