CCNP vs. CCSP

MrD

Hope everyone is doing well. I just passed the CCNA today, and am reading up on which route I want to take now. I want to eventually be mac daddy security pro, but I've talked to a couple guys who say to go for CCNP first. Reasoning is to have a complete and total grasp on internetworking etc...and then to veer towards security; first with CCSP and then maybe CISSP or whatever. Can I get some input? Also, should I even bother with the Security+ cert or no? I'm thinking it might give me a decent baseline into the security world. Thanks all!

Webmaster

I'm thinking it [Security+] might give me a decent baseline into the security world.

It does serve that purpose well.

Reasoning is to have a complete and total grasp on internetworking etc...

Especially when security started to become hot several years ago, the lack of basic networking skills amongst security professional was a problem. Not sure how that's nowadays, but CCNP goes much further than the basics. It's a specialist cert, and you don't need to go 'that' far for the CCSP. But, it will add value to your resume, it can open doors more easily, and it may make the road to becoming a security pro easier, as in being able to get a job as a CCNP first. One usually doesn't roll into a security job without having filled other roles, such as networker, first. So it can be very useful, but knowledge and skills-wise CCNP is a bit overkill for CCSP (why Cisco requires CCNA and not CCNP for CCSP). Note that CISSP requires 4 years full-time experience as an infosec pro (or 3 years + masters degree). So that's not one to get into the security field, more to advance it the security field.

MrD

Ok, I'm thinking...

First-CCNP
Second-CCSP
Third-CISSP


& Security+ thrown somewhere in there ha

Thanks for the input, oh Master of the Web

mikej412

With the CCNA you can administer a network.

With the CCNP you can build the network.

With the CCSP you can secure the network.

So.... if you have the CCNP and CCSP, then you can build secure networks.

I'd go with the CCNP first.... if there is no network built, there is nothing to secure.

I feel that the CCNP lays the foundation for the rest of the professional certifications.... but that said -- if you have an opportunity at work for a voice or security position, don't hesitate to go for the other tracks first.

Webmaster

Instead of Security+ and/or before CISSP, you may want to consider SSCP (also from ISC2, requires 1 year infosec experience instead of the 4 four CISSP).

Thanks for the input, oh Master of the Web

If you say that out loud in the test center, 10 times, while standing on your head, at full moon, you will pass any test.

HHHTheGame

Note that CISSP requires 4 years full-time experience as an infosec pro (or 3 years + masters degree). So that's not one to get into the security field, more to advance it the security field.

It's actually just a college degree, not masters.

Webmaster

I stand corrected.

ISC2 wrote:

Have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree. Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.

MrD

Well, thanks for all the input. I have a semi-clear direction of my future studies. I just purchased Sybex CCNP complete, and figure I'll read that before I start the Cisco Networking Academy 5 (or CCNP 1) this fall in school.

uksmurf

I've been pondering over this same dilemma (CCNP or CCSP) since passing my CCNA a couple of months ago.

You've all made valid points in this thread, so I'll most likely pick up on the CCNP.

Munck

Instead of going all Cisco-wise, perhaps take a vendor-independant cert or two. There IS a difference between securing a network acording to best-practice, and securing it according to Cisco.

For example, until PIXOS7 came out last year, PIX couldn't handle ICMP in a secure way (stateful). So by enabling it you exposed your network to all kinds of ICMP threats. I don't think you obtain that kind of knowledge doing CCNP/CCSP. As I haven't done them myself, it's ofcause only a speculation.

agustinchernitsky

Hello Everyone,

I recommend Security+, CCNA (very valued networking basics), CCDA (design and all that), CCSP (nice value to your CV if you want to be a security pro) and close it with SSCP and CISSP.

I believe CCNP is "too much" for my profile (a security consultant)... I would suggest, you do at least:

MSCA Security
CompTIA linux+ or LPI... I already have Linux+ & network+, but I will add LPI as well.

PS: I am MCSA security, but for 4 examns more I will get the MCSE... its just 4!!

Good luck!!

MrD

I want to have a kickin' all around knowledge of networking, so I'm going to get the CCNP, MCSA/security, Security+, CCSP, and then go up the security side of certifications. Of course, I could always change my mind, but I now have my heart set on CCNP. Planning on taking the BSCI in 2 months.