Renew CCNA:R&S or go to CCNP:R&S?

TechGuru80

Here's an interesting situation...so I originally got my CCNA:R&S in 2013 (version 2) and renewed with CCNA:Security in 2015 but primarily I have been in InfoSec / compliance roles so I haven't used much Cisco with the exception of studying and minimal labbing.

I really enjoy networking but overall I want to be in network security. I watched a CBT Nuggets clip on YouTube where Keith Barker recommended network+, security+, CCENT, CCNA, CCNA:Security, CCNP:R&S, then getting certified with Palo Alto or Checkpoint.

Since most network related jobs want at least CCNP...should I renew my CCNA first since I haven't touched it in a while, or will the CCNP give me enough refresh and avoid backtracking?

Node Man

I've found, by talking to IT recruiters, that a CCNP may be listed at required, but its not really. Experience and a good conversation can go a long way. I think a CCNP is a great way to distinguish someone, but is not always a deal maker. A lot of it (cough **EIGRP**), are not very beneficial in a work place.

shortstop20

TechGuru80 wrote: »

Here's an interesting situation...so I originally got my CCNA:R&S in 2013 (version 2) and renewed with CCNA:Security in 2015 but primarily I have been in InfoSec / compliance roles so I haven't used much Cisco with the exception of studying and minimal labbing.

I really enjoy networking but overall I want to be in network security. I watched a CBT Nuggets clip on YouTube where Keith Barker recommended network+, security+, CCENT, CCNA, CCNA:Security, CCNP:R&S, then getting certified with Palo Alto or Checkpoint.

Since most network related jobs want at least CCNP...should I renew my CCNA first since I haven't touched it in a while, or will the CCNP give me enough refresh and avoid backtracking?

CCNP will give you enough of a refresh that you don't need to do CCNA again since you're still certified.

If Security is going to be your focus, I'm not sure going for CCNP R&S makes sense. Does Keith recommend that even for people who want to work in Security?

Seems like CCNP Security or some other Security cert should be your focus since you already have the CCNA R&S/Security as a foundation. I mean, how much does knowing EIGRP K timers, OSPF stub areas and route redistribution really benefit a security person day to day?

TechGuru80

Yeah the video was geared towards security with the reasoning that Palo Alto and Checkpoint make better security products...which is interesting since he has a CCIE:Security.

Danielh22185

If you are aiming toward doing Network Security roles get your NP. Even with NP I think an effective network security engineer should go even deeper into the R/S / general networking realm to thoroughly understand how networks work.

That said too you shouldn't need to back track all the way into CCNA. Get your NP R/S and build from there for sure. Being a strong network security engineer requires that you understand networks, it would only make sense to nail down the R/S cert before moving on to the next stuff.

mnashe

TechGuru80 wrote: »

Yeah the video was geared towards security with the reasoning that Palo Alto and Checkpoint make better security products...which is interesting since he has a CCIE:Security.

Palo Alto firewalls are pretty good. I'd say they are better than the cisco firewall of old, but the NextGen Cisco ASA with FirePower) look real nice.

I am in a similar situation as you. I want to focus on Network Security, so I'm studying for CCNP Security. I do have my CCNP R&S, but I'd recommend leaning towards the CCNP Security instead. Like Daniel said having a strong R&S foundation is important, but you can always learn the CCNP R&S topics without taking the exams.

Btw, Keith has a great course on learning Palo Alto firewalls, so does RouteHub.net. The problem is Palo does not like giving free trial licenses.

Are you looking to change jobs?

Sy Kosys

FWIW, my IT path had me finally earning CCNA R&S in the summer of 2013. Afterwards, a few months of job hunting netted a callback from a security company and I began working there shortly thereafter. It was nice to know about routing and switching technologies while performing our daily duties, but we did not interface at all with Cisco gear, not directly anyways. It's been nearly 3 years, just refreshed the NA cert with NP/Switch, and the future as they say is bright.

I work with plenty who have let their Cisco certs lapse, while several there are CISSP. It was quite odd, before I started working here I wanted to be in the security field and the CCNA was a step towards that goal. It has since branched out into a multitude of areas and I find myself going back to the Cisco certifications and knowledge to make my security focus that much more streamlined. Mainly because, sometimes that dropped packet ain't the firewall's fault, but you gotta prove it. Once I finish the CP certs and the Cisco NP R&S track, I'm going to cycle back to the security related aspects.

I can see where this UToob vid would suggest the certification path as you have outlined above would be beneficial, but to be totally honest with you places like Check Point and Palo Alto will see it as being overly qualified for their entry-level programs. There are the occasional exceptions, and I've seen maybe 5 or 6 out of 100+ that have done so. Companies that utilize or support CP/PAN should be beating down your doors with both Cisco and CP/PAN certs (a local company is headhunting and a few of us got the same offer of six figures plus a crazy bonus.....tempting.....)

The Check Point firewall is a ridiculously awesome product (we do not speak of PAN lol), but it is also ridiculously complex. I wish you an abundance of luck should you go the CCSA/E route, VMWare will be your friend, and try to get the current study materials if you can.

/rant

mnashe

Sy Kosys wrote: »

The Check Point firewall is a ridiculously awesome product (we do not speak of PAN lol), but it is also ridiculously complex.
/rant

The one benefit of PAN, it is really straight forward. Personally, I was going the CheckPoint /CCSA route before I was offered my current job. We're all PAN. I'll still probably do it, as it is widely used. They make a really good product.

Being that your Cisco certification expires in 2018, why not go for CCSA or PCNSE for a 2016/early 2017 goal, then renew your Cisco certs by taking a higher exam (I'd suggest starting with SWITCH, if going the CCNP R&S route)

Sy Kosys

mnashe wrote: »

The one benefit of PAN, it is really straight forward. Personally, I was going the CheckPoint /CCSA route before I was offered my current job. We're all PAN. I'll still probably do it, as it is widely used. They make a really good product.

Being that your Cisco certification expires in 2018, why not go for CCSA or PCNSE for a 2016/early 2017 goal, then renew your Cisco certs by taking a higher exam (I'd suggest starting with SWITCH, if going the CCNP R&S route)

I've not been exposed to much of PAN, just Checkpoint, and my opinion of PAN (or lack thereof) is more tongue-in-cheek than anything else because of how they got started. I've heard plenty of positives about PAN, several friends have since gone on to work there, not trying to bag on em at all.

I've already have the CCSA and am currently working on CCSE/CCSM since I passed SWITCH last month. After the CP certs are done, I'm getting ROUTE and TSHOOT by the end of 2017 if I can make the time for it all. After that...something with a Security focus.

mnashe

Sy Kosys wrote: »

I've not been exposed to much of PAN, just Checkpoint, and my opinion of PAN (or lack thereof) is more tongue-in-cheek than anything else because of how they got started.

LOL...that's funny, good point. Do you work for CP?

My suggestion was for the OP, I was suggesting instead of him going straight for CCNP, why not get a cert from one of these other firewall vendors in the meantime, and then focus back on an NP.

Sy Kosys

mnashe wrote: »

LOL...that's funny, good point. Do you work for CP?

My suggestion was for the OP, I was suggesting instead of him going straight for CCNP, why not get a cert from one of these other firewall vendors in the meantime, and then focus back on an NP.

Yeah I do, which is quite an interesting place to be letmetellya. Sorry to hijack, got a little carried away lol

Legacy User

Node Man wrote: »

A lot of it (cough **EIGRP**), are not very beneficial in a work place.

Well actually you'd be surprised to find EIGRP is running on plenty of places running cisco based networks in these environments OSPF would not be beneficial in the workplace.