Thoughts on Cisco security tracks

vinbuckvinbuck Posts: 785Member
So i'm flirting with the idea of doing CCNA+NP Security before I start down the lonely CCIE road. Mainly because I'm doing a ton of ASA work now and don't have much background in it other than very plain configs.

The blueprint looks promising to become well versed in the ASA and IOS security. I'm really looking at this as knowledge and experience first and resume fodder a distant second. How would you guys rate the value of these certs?
Cisco was my first networking love, but my "other" router is a Mikrotik...

Comments

  • astorrsastorrs Posts: 3,139Member ■■■■■■□□□□
    Personally I think ASA is crap compared to much of the competitions offerings - but with that said there is an absolute ton of it out there in the wild. Same goes for their IPS line - garbage compared to SourceFire, NitroSecurity, etc. - but hundreds of thousands of sensors in production.

    They got lazy in the security market for quite a while and focused R&D elsewhere or had some missteps/slow-to-market problems - now they're playing catch-up. There are however some hopeful signs over the past year or two with changes in BU leadership and renewed R&D (as a result of market share losses).

    So while that probably comes across as negative, the reality is from a career path it's worth knowing as you are extremely likely to run into it - especially in environments where Cisco is the choice for R&S (which is still very strong in most Enterprises).
  • Mike-MikeMike-Mike Posts: 1,860Member
    I am currently studying the CCNA Security, and i'm sure it would be easy for you if you're already a CCNP. Pretty short book, doesn't seem to get too deep into stuff really
    Currently Working On

    CWTS, then WireShark
  • wavewave Posts: 342Member
    I'm in the same boat as you vinbuck. I actually started to studdy for the CCIE R&S but then got a new job where I'm working with the ASA and other security appliances most of the time. Holding off on the IE and going for the NP Security is feeling like a better plan right now. I agree with you about not doing it for the letters. It's great to have a framework like the CCNP Security track to build knowledge from.

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • bighornsheepbighornsheep Posts: 1,506Member
    Definitely a good idea to be well rounded, Cisco certs are now very much lined up with the technology tracks, but in the real world, unless you're with a huge organization, you need to know basically RS, Security, and Voice to various extent. It's too bad they got rid of ONT and ISCW in the CCNP track, I think those were great exams to learn the basics of other non-RS topics at the CCNP level.
    Jack of all trades, master of none
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,886Member ■■■■■■■■□□
    nike-just-do-it2.jpg
    2019 Goals:
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
    2020 Goals:
    Certs: AZ-500, MS-500, Pentester Academy - PACES, Varonis Certified Admin (in-progress)
  • vinbuckvinbuck Posts: 785Member
    Ok, ok....y'all talked me into it icon_smile.gif

    I'm currently reading the OCG for 640-554 for the CCNA Sec and will probably jump on the CCNP Sec VPN exam as soon as the NA is out of the way. I've been on a long break since getting CCNP RS earlier this year and am ready for more Cisco exams icon_smile.gif
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • doverdover Posts: 184Member ■■■■□□□□□□
    I'm doing the CCNP Security track now. What astorrs says is true - some of the Cisco security devices aren't the best-of-the-best but there are a ton of them out there that need to be managed. Let's face it, most people buy Cisco for the name.

    I'm working on the VPN exam myself at the moment - although I enjoyed Secure and Firewall much more...

    Also, gotta second Bighorn's thought: In the real world if you have a good general knowledge of R/S, some security and a sprinkling of voice and wireless you will have a solid foundation and be in demand.

    I'm actually doing the opposite of your track. Getting CCNP: Security, then going after the CCNP: R/S and then MAYBE CCIE: Something-er-other
  • viper75viper75 Posts: 726Member ■■■■□□□□□□
    dover wrote: »
    I'm doing the CCNP Security track now. What astorrs says is true - some of the Cisco security devices aren't the best-of-the-best but there are a ton of them out there that need to be managed. Let's face it, most people buy Cisco for the name.

    I'm working on the VPN exam myself at the moment - although I enjoyed Secure and Firewall much more...

    Also, gotta second Bighorn's thought: In the real world if you have a good general knowledge of R/S, some security and a sprinkling of voice and wireless you will have a solid foundation and be in demand.

    I'm actually doing the opposite of your track. Getting CCNP: Security, then going after the CCNP: R/S and then MAYBE CCIE: Something-er-other


    Haha...I'm doing the same thing as you. NP Sec 1st then NP R\S
    CCNP Security - DONE!
    CCNP R&S - In Progress...
    CCIE Security - Future...
  • wintermute000wintermute000 Posts: 172Banned
    from skimming the material, if you're going to be knee deep in ASAs then sounds like a good plan.

    I have a heavy R&S and voice background but ended up in a few jobs requiring in depth ASA knowledge so had to google-fu or swim lol, it was pretty brutal at times but fortunately I knew IPSEC/vpn back to front on IOS (old environment had a boss who loved IOS and hated ASAOS!) so it was more a case of learning the ASA syntax than anything else. Now going down the CCNP Sec route for this reason.

    Yah juniper/palo alto etc. beat the pants off ASA but a lot of this knowledge is transferrable, esp in large environments its usually installed by the vendor then you just manage the damned thing via some GUI like juniper NSM anyway.
Sign In or Register to comment.