Steps to a CCSP

Hi all. I recently obtained my CCNA, and I'll be in school here in town to get my CCNP. However, the CCSP is much more interesting to me, but the school doesn't offer this particular track. I suppose I could spend the time getting a CCNP, as I've been told I should, then move along to get the CCSP, but it's not my first choice; I'm in my 40s with a family, going back to school, and desperately in need of the higher income that these certs can get me (compared to my current $11.00/hr job). I've been told that one should get the CCNP anyway and build on it, but is it a requirement if you want to get into security? If I were in my twenties, I'd get all the certs I could, but with my family slowly going into debt each month, I can't afford the luxury of time, I'm afraid. I'll get the CCNP, then the CCSP if I have to, but is there a better way that won't necessarily be a "lesser" path and will get me to my goal in a shorter time?

Find more posts tagged with

Comments

networker050184

How much experience do you have in the industry? Security positions are not positions you can jump into with a certification. This is why most people recommend the CCNP first. The CCNA - CCNP route will help (not garuntee) you get positions in networking. Usually after a few years of experience with general networking you could move into more of a security role. You have to know the ins and outs of networks before securing them. You don't have to get the CCNP, but you will definatley need the knowledge that would come along with studying for the exams. Since you would be learning the material anyway you might as well take the exams while you progress. Unless money is a concern, then you could just learn the material and not take the exams.

Ahriakin

While every bit of knowledge you can get about Cisco and networking in general helps it is not necessary to do the CCNP before the CCSP, obviously I didn't. If you have a strong understanding of the CCNA level topics then you'll have enough TCP/IP theory and general Router/Switch knowledge to continue into Cisco Security. I agree that effective Security requires a broader view of a network than just the topics you study but it's a chicken before the egg scenario. Unless your job specifically requires it for example knowing that MPLS circuits are often classified as VPNs but aren't usually encrypted would be enough for an initial evaluation of security and implementing threat mitigation at other levels of your network, the CCNP level knowledge of the inner workings and config of MPLS would be helpful but not necessary. Ditto with the various routing protocols, you don't need to know their config. inside out to secure them, just the security options (keys, Authentication etc. Covered in the CCSP for RIP and OSPF) they do provide and how they can be controlled on your firewalls/vpns etc. while maintaining functionality.
But really what it comes down to is what your heart is in, if your interest lies with security then by all means to the CCSP next, you'd likely drag on the CCNP if R&S is not what gets you going.

ITdude

Sounds like really good advice!

mikej412

I say the same thing about going for the CCVP and CCSP after the CCNA.... if you have a job opportunity, go for it.

mikej412 wrote:

It made sense in the "old days" to get the CCNP before the CCVP and the new CCNP seems to include the "Voice 101" stuff now -- so it's still good advice. But I have said that if you have the job opportunity, you can go from the CCNA to the CCVP (and then backfill with the CCNP later).

mikej412 wrote:

It really comes down to what opportunities do you have, or what's available in your area. What you'd like to do could also be a consideration.

<< some stuff deleted>>

mhdanas wrote:

Shall I go into security ( if yes, CCSA or CCSP ? )

You need to get some experience before people will trust you with their network and their security. Doing the CCSA or some of the Cisco Qualified Specialist certs (like the CQS-CFWS) can get you the "entry level" experience you'd need. But you'd also have to look at some of the higher level networking certs like the CCNP -- I wouldn't trust someone to secure a network that they didn't know how to build. Then you'd look at the CCSE or finishing the CCSP -- depending on what you like better or which gives you more opportunities.

mhdanas wrote:

or CCVP ?

Hot! Hot! Hot! I'd usually say go for the CCNP after the CCNA -- but if you have an opportunity to work with Voice Stuff, do it. It seems to be very popular. Check out this CCVP vs CCNP thread from a day or two ago for some more CCVP info (and I did mention the CCSP in there too).

mikej412 wrote:

With the CCNA you can administer a network.

With the CCNP you can build the network.

With the CCSP you can secure the network.

So.... if you have the CCNP and CCSP, then you can build secure networks.

I'd go with the CCNP first.... if there is no network built, there is nothing to secure.

I feel that the CCNP lays the foundation for the rest of the professional certifications.... but that said -- if you have an opportunity at work for a voice or security position, don't hesitate to go for the other tracks first.

The other thing I say about Voice and Security - larger and more expensive hardware requirements.

mikej412 wrote:

There are individual threads about the equipment used for the CCVP and CCSP in the forums -- but both of these certifications (and the corresponding CCIE versions) have larger and more expensive hardware requirements than the CCNP/CCIP (and the corresponding R&S and Service Provider CCIEs). But for the CCSP and CCVP, renting rack time would still be cheaper (but less convenient) then building a home lab. The hybrid approach usually works best -- get the hardware you can afford and use rack rental for the rest. Also, Dynamips (with Dynagen) and PEMU are two emulation options to check out for the home lab.

If you have a large Cisco Network Academy close by, they may offer a security class (and lab access) that would get you started on the CCSP. I haven't seen them hint about any Voice offerings.

You might also want to check the Cisco Partner Locater and see if there are any Cisco Business Partners in your area. You could get lots of great Cisco experience working for a partner, and access to lab equipment and to the good "training stuff." The down side -- the partner may have you taking exams you didn't know existed so that they could fill "partner roles."

As I quoted myself above, doing the Cisco Firewall Specialist Certification (CS-CFWS) MIGHT get you the "entry level" job and experience you'd need to "break into security." Plus with PEMU available now, it wouldn't be as cost prohibitive as before.

The other thing to consider -- if you have your CCNA but no experience, about the only way a Professional Certification would be useful would be to a temp agency recruiter who wants to pimp you out as a CCNP/CCSP and pay you as a CCNA. You'd get experience (assuming you succeed at the job) and the agency/recruiter gets a lot more billable hours as you struggle learn as you go.

If you're still looking for that first CCNA position, starting to work on the Professional Certs isn't a bad thing -- it shows your interest in all things Cisco and would differentiate you from the other CCNA newbs.

Unless you are also working on a degree in College and getting certifications to differentiate yourself from the other new college graduates -- having the Professional Certification but no work experience to "back up the certifications" makes me think "dumped" when I see that on resumes.

Slowhand

Something to keep in mind, especially as you said that you were going down the debt-trail. Right now, with your CCNA, you're pretty marketable. You should start looking for work ASAP, and you can make a safe bet that you'll be doing better than $11/hour, even now. In the meantime, you may want to think about doing the CCNP anyway, especially since the updated CCNP exams include topics from not only the routing and switching path, but also expanded topics from other areas, like security and voice. You'll be learning the basline networking skills you'll need in order to get the most out of CCSP, as well as a lot of things that will be security-related, right off the bat.

And don't forget, you'll get a lot of recognition as a CCNP, especially if you're already working a CCNA type of job as you're going through the exams to get that professional experience, and not just lab-work. Since security is a very specialized field, many employers may not recognize what a CCSP is, but they'll definitely know what a CCNP can do for them. Getting hired will be easier, even if it's not necessarily a security-related job right away, and that'll help you put your finances back on track a lot faster. As Mike said, the equipment and training material for CCNP is more readily available and usually a lot more affordable than the stuff for the speciality exams, and I'm sure that will be an impacting factor in your path.

Let us know how you do, where you end up, and how you're liking the journey.

ConstantlyLearning

mikej412 wrote:

Unless you are also working on a degree in College and getting certifications to differentiate yourself from the other new college graduates -- having the Professional Certification but no work experience to "back up the certifications" makes me think "dumped" when I see that on resumes.

What do you mean by dumped?

Brain dumped as a way to pass the exam or dumped from jobs beacause they just arn't good workers for whatever reason?

Cheers.

Crunchyhippo

Ahriakin wrote:

While every bit of knowledge you can get about Cisco and networking in general helps it is not necessary to do the CCNP before the CCSP, obviously I didn't. If you have a strong understanding of the CCNA level topics then you'll have enough TCP/IP theory and general Router/Switch knowledge to continue into Cisco Security. I agree that effective Security requires a broader view of a network than just the topics you study but it's a chicken before the egg scenario. Unless your job specifically requires it for example knowing that MPLS circuits are often classified as VPNs but aren't usually encrypted would be enough for an initial evaluation of security and implementing threat mitigation at other levels of your network, the CCNP level knowledge of the inner workings and config of MPLS would be helpful but not necessary. Ditto with the various routing protocols, you don't need to know their config. inside out to secure them, just the security options (keys, Authentication etc. Covered in the CCSP for RIP and OSPF) they do provide and how they can be controlled on your firewalls/vpns etc. while maintaining functionality.
But really what it comes down to is what your heart is in, if your interest lies with security then by all means to the CCSP next, you'd likely drag on the CCNP if R&S is not what gets you going.

It would appear to me that, yes, my heart is in the security field, and it's definitely not in the CCNP area, although that's the only second-tier track offered at the local Cisco Networking Academy. My option would be self-study for the CCSP, but the school does have one or two classes related to Cisco security; I'll have to look to see which. For the CCSP, I would be relegated to renting virtual lab time in order to finish it, since I just don't have the thousands of dollars to spend on necessary equipment (welcome to family life). I would much rather study something I'm interested in than something offered that I would have to mentally plod through, and since I will probably not go further than a solo "professional" cert, I wouldn't proceed past a CCNP or CCSP anyway.

So the CCSP is possible through only self-study and online rack rental/book study?

ITdude

Crunchyhippo wrote:

since I will probably not go further than a solo "professional" cert, I wouldn't proceed past a CCNP or CCSP anyway.

I bet you are not the only person who said that before, who became CCIE!

Crunchyhippo

I'm also curious if anyone has obtained his CCSP using only "virtual" online lab equipment? I can't imagine how much all the necessary equipment for a professional cert. like this would cost - as if I had the money for it all anyway. I could get some, but it probably wouldn't be enough. I've seen several sites touting that they have what's needed to get these certs, all the way to a CCIE.

It may be the course I would have to take if I decided to follow this path.

Ahriakin

Do a search on this forum for PEMU and Dynamips/Dynagen - Virtual PIX and Routers you can run on your PC, perfect emulation running live code and not a potentially flawed sim. You can pick up some old switches on Ebay quite cheaply (2x2924XLs will do everything you need for the CCSP and you can get them usually between $40 and$100 depending on condition). So if you got the above running you'd be covering the SNRS, most of the SNPA and SND. The VPN exam (being deprecated now I believe, haven't checked Cisco's exam pages in quite a while) is not that hard after the PIX/ASA. The real killer though is the IPS exam. You will need some hands on as it's a totally different beast to any of the others and the devices are horribly expensive even 2nd hand, for this one I did online rack rental and passed. The good thing is you can use the same equipment if you do head on to the CCIE, and most of it if you head down the CCNP route. It's not cheap but not as expensive as you think.
When I started the CCSP I did the SNRS with no hands on, barely passed and I regretted doing it that way as the knowledge did not stick (needed it quickly for a job interview, and I've since gone back and redone a lot of the material). After that I waited until I had a job with access to more equipment and had the use of a PIX 515 and VPN3k at work for those exams - not perfect since I couldn't mess with them too much but still better than nothing. Since then I've scrounged every bit of old hardware from work and upgraded them to at least run new code at decent levels, the latest is that PIX 515 that's going home with me tonight to join the Collective

, finally got it replaced with an ASA 5510. My point really is that a lab isn't something you have to run out and equip in one go. Watch Ebay, let your co-workers and IT friends know what you're doing and need and you'll be surprised what you can scrounge up for nothing or next-to on the way. last year my home lab was a PIX 501 and AP 1100, now it's a small wind-tunnel maker with 3 routers, 2 switches, 3 firewalls and soon a VPN3K that got put together for about $500 (so $10 a week)...sure it's dusty old stuff for the most part but it works.