Thoughts on Cisco security tracks

So i'm flirting with the idea of doing CCNA+NP Security before I start down the lonely CCIE road. Mainly because I'm doing a ton of ASA work now and don't have much background in it other than very plain configs.

The blueprint looks promising to become well versed in the ASA and IOS security. I'm really looking at this as knowledge and experience first and resume fodder a distant second. How would you guys rate the value of these certs?

Find more posts tagged with

Comments

astorrs

Personally I think ASA is crap compared to much of the competitions offerings - but with that said there is an absolute ton of it out there in the wild. Same goes for their IPS line - garbage compared to SourceFire, NitroSecurity, etc. - but hundreds of thousands of sensors in production.

They got lazy in the security market for quite a while and focused R&D elsewhere or had some missteps/slow-to-market problems - now they're playing catch-up. There are however some hopeful signs over the past year or two with changes in BU leadership and renewed R&D (as a result of market share losses).

So while that probably comes across as negative, the reality is from a career path it's worth knowing as you are extremely likely to run into it - especially in environments where Cisco is the choice for R&S (which is still very strong in most Enterprises).

Mike-Mike

I am currently studying the CCNA Security, and i'm sure it would be easy for you if you're already a CCNP. Pretty short book, doesn't seem to get too deep into stuff really

wave

I'm in the same boat as you vinbuck. I actually started to studdy for the CCIE R&S but then got a new job where I'm working with the ASA and other security appliances most of the time. Holding off on the IE and going for the NP Security is feeling like a better plan right now. I agree with you about not doing it for the letters. It's great to have a framework like the CCNP Security track to build knowledge from.

bighornsheep

Definitely a good idea to be well rounded, Cisco certs are now very much lined up with the technology tracks, but in the real world, unless you're with a huge organization, you need to know basically RS, Security, and Voice to various extent. It's too bad they got rid of ONT and ISCW in the CCNP track, I think those were great exams to learn the basics of other non-RS topics at the CCNP level.

chrisone

vinbuck

Ok, ok....y'all talked me into it

I'm currently reading the OCG for 640-554 for the CCNA Sec and will probably jump on the CCNP Sec VPN exam as soon as the NA is out of the way. I've been on a long break since getting CCNP RS earlier this year and am ready for more Cisco exams

dover

I'm doing the CCNP Security track now. What astorrs says is true - some of the Cisco security devices aren't the best-of-the-best but there are a ton of them out there that need to be managed. Let's face it, most people buy Cisco for the name.

I'm working on the VPN exam myself at the moment - although I enjoyed Secure and Firewall much more...

Also, gotta second Bighorn's thought: In the real world if you have a good general knowledge of R/S, some security and a sprinkling of voice and wireless you will have a solid foundation and be in demand.

I'm actually doing the opposite of your track. Getting CCNP: Security, then going after the CCNP: R/S and then MAYBE CCIE: Something-er-other

viper75

dover wrote: »

I'm doing the CCNP Security track now. What astorrs says is true - some of the Cisco security devices aren't the best-of-the-best but there are a ton of them out there that need to be managed. Let's face it, most people buy Cisco for the name.

I'm working on the VPN exam myself at the moment - although I enjoyed Secure and Firewall much more...

Also, gotta second Bighorn's thought: In the real world if you have a good general knowledge of R/S, some security and a sprinkling of voice and wireless you will have a solid foundation and be in demand.

I'm actually doing the opposite of your track. Getting CCNP: Security, then going after the CCNP: R/S and then MAYBE CCIE: Something-er-other

Haha...I'm doing the same thing as you. NP Sec 1st then NP R\S

wintermute000

from skimming the material, if you're going to be knee deep in ASAs then sounds like a good plan.

I have a heavy R&S and voice background but ended up in a few jobs requiring in depth ASA knowledge so had to google-fu or swim lol, it was pretty brutal at times but fortunately I knew IPSEC/vpn back to front on IOS (old environment had a boss who loved IOS and hated ASAOS!) so it was more a case of learning the ASA syntax than anything else. Now going down the CCNP Sec route for this reason.

Yah juniper/palo alto etc. beat the pants off ASA but a lot of this knowledge is transferrable, esp in large environments its usually installed by the vendor then you just manage the damned thing via some GUI like juniper NSM anyway.