New objectives

I've been weighing my options for my next cert. Since obtaining the CCNA Sec last year, I took a hard look at CCNP Sec. Now I'm considering the "regular" CCNP and I think I'm leaning in that direction. My reasoning for this:

1) In my place of work, we use Cisco gear but not to the extent of CCNP/CCNP Security level knowledge. So I'm neutral in that regard.
2) CCNP Security is 4 tests, CCNP is 3. That's attractive in itself.
3) One full test dedicated to IPS seems a little silly to me. Sorry if I've offended any IPS experts.
4) Materials/resources/books seem to be more plentiful and accessible for regular CCNP.
5) Getting hands on with the equipment should be easier with CCNP.

Thoughts?

Find more posts tagged with

Comments

ChooseLife

They are two very different tracks, and my advice, FWIW, would be to choose one based on the path you want to take, rather than on number of exams or availability of books.

P.S. I considered both, will be starting CCNP:Sec later this year.

Forsaken_GA

benbuiltpc wrote: »

3) One full test dedicated to IPS seems a little silly to me. Sorry if I've offended any IPS experts.

Honestly, I used to feel the same, but I've seen so many poor IPS implementations that ended up being blockers to getting projects done, that I no longer feel that way. It's particularly frustrating for me when I receive a complaint about traffic being dropped from a person who wrote the freaking IPS rule that's dropping the traffic.

Turgon

I have to say that it's long overdue that Cisco provided basic coverage of firewalls, IPS, load balancers and proxies into the CCNA. I realise there is the CCNA Security these days but not everyone goes down the specialist tracks. Firewalls are everywhere and introduce situations that any network professional needs to be aware of. The CCNA theory of routing and switching bypasses those realities completely. An issue for the fledgling network engineer when they have to grapple for the first time with concepts of state, layer 4 and the consequences of asymmetric routing for firewalls and routing and firewalls in general.

benbuiltpc

Forsaken_GA wrote: »

Honestly, I used to feel the same, but I've seen so many poor IPS implementations that ended up being blockers to getting projects done, that I no longer feel that way. It's particularly frustrating for me when I receive a complaint about traffic being dropped from a person who wrote the freaking IPS rule that's dropping the traffic.

Interesting take. Sounds like a little separation of duties would help there?

#6 on my list would have to be the ASA product lifecycle. I'm sure it's not going away soon, but I for one would be pissed if Cisco were to announce plans to move to a different platform.