New CCNP Security path

Cisco just annouced new CCNP Sec path and exams.

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/syllabus

--
Regards
Piotr

Find more posts tagged with

Comments

Iristheangel

I have some mixed feelings on it. I originally meant to take the CCNP Security this year but my plans changed. I'm disappointed that my books are now irrelevant and even if I was studying for the test, Cisco only gave until April to finish the current track so there would be no way I could finish it. On the other hand, a whole exam on ISE? Another whole exam on next generation firewalls? Well... That's definitely more relevant and fun. I guess bring it on....

JustFred

Cisco is on the role lately.

SecurityThroughObscurity

I like the new exams.
Fresh materials, new products.

veritas_libertas

First Look at the CCNP Security Refresh - PacketU

theodoxa

I guess that means no more specialist (IOS Security Specialist, Firewall Security Specialist, VPN Security Specialist) certs for passing one or two exams??? Will they let you mix (SECURE, FIREWALL, VPN, IPS) and match (new exams)??? I would like to at least take a run at "Cisco Firewall Security Specialist" (SECURE + FIREWALL) before they change the exams.

I'm thinking: SECURE (IOS Security Specialist) --> FIREWALL (Firewall Security Specialist) --> SIMOS --> SITCS (CCNP: Security)

Master Of Puppets

Well this is certainly interesting. Thank you for sharing that as I had no idea. Taking into account I am earning it at the moment, this is pretty relevant to me. I will be aiming to complete it by April. However, as Iris said, the new ones look pretty interesting. I will get my CCNP Security before the changes(I'm taking IPS in a few days and will push for SECURE before the deadline) but I will definitely get the new materials and study them too.

veritas_libertas

What I find interesting is the lack of focus on ASAs. I'm curious where Cisco is going with this. I'm also wondering how soon they will have books out for the next version.

SharkDiver

Wow! What a blow!

I have really been on a roll of working on the certification that Cisco is about to change or retire.

After I finished CCNP, I started working on CCIP. I got about 3/4 of the way through the MPLS book when they announced they were retiring the CCIP.

So, I bought the 642-617 book and practice questions (CCNP FIREWALL) to start working on the CCNP Security. About a month later, they released the 642-618 exam and I had to buy the new book and start over.

Now, I'm finishing up my studying and getting ready to schedule the exam, and they are changing it again.

So, if I pass the CCNP FIREWALL exam before April 21st, what does that get me? (other than recertifying all my other certs)
If I pass FIREWALL, I can still continue towards the CCNP Security, I just don't have to take the Mobility Solutions exam?

It's been over 2 years since my last Cisco exam and it's because they keep changing them.

SecurityThroughObscurity

SharkDiver wrote: »

If I pass FIREWALL, I can still continue towards the CCNP Security, I just don't have to take the Mobility Solutions exam?

http://www.cisco.com/web/learning/certifications/professional/ccnp_security/docs/migration.pdf

gorebrush

So I guess that makes my FIREWALL irrelevant then..... Oh well.

SharkDiver

SecurityThroughObscurity wrote: »

http://www.cisco.com/web/learning/certifications/professional/ccnp_security/docs/migration.pdf

Thanks SecurityThroughObscurity, that makes much more sense the way that lines up. The syllabus in the top post has the old and new exams lined up differently. Hopefully, they'll fix it.

RouteMyPacket

Wow, I didn't know this was coming, must be based on the recent CCIE Security update. For those of you looking to complete your Security this looks good to me and seems more "real" world.

I would recommend keep reading your current OCG's and labbing as normal then perhaps buy the new one and scan through it? That's probably what I would do. If you are 2/4 into your security it could be possible to finish before April..depends on your exposure to what you have left.

Good luck MoP on your IPS exam.

How far are you into your Iris? Just now starting or?

I love the idea of the 300-208 SISAS exam topics because while SECURE covered dot1x, it went into other topics like GETVPN, DMVPN...this seems really focused and that is a good thing. ISE is not something you learn via certification, it's always been a beast of it's own. Understanding the underlying functionality dot1x and identity services is great but to understand ISE inside/out is something alltogether different.

BYOD is covered as well..i'm impressed by the topics. I feel cheated. lol

Iristheangel

Nope. Not starting at all. I decided it made more sense in my short-term goals to start on the DC track first so I suppose by the time I get around to the CCNP:Security, there will be material and books out for it. The only thing that makes me a little sad is that my parents got me all the CCNP:Security books for Christmas 2012. I guess they'll just become desk reference material now but it's not a big deal.

I'm fairly sure after the next month or two of work, I'll be able to take the ISE exam with ease if I want to but I won't visit the rest of the CCNP:Security track until I'm done with the CCNA/CCNP DC

SharkDiver

Here's a question:

Are the new exams going to count towards recertification of your CCNP?
I would think they would, but if you take Cisco literally, they say:
"To recertify, pass ONE of the following before the certification expiration date: Pass any current 642-XXX Professional level exam"

The new exams are not 642-XXX exams.

Is it just too early for them to have made the appropriate changes, or are they changing everything?

JustFred

I'm hoping Cisco doesn't pull a fast one on CCNP R&S until maybe next year.

RouteMyPacket

Iristheangel wrote: »

Nope. Not starting at all. I decided it made more sense in my short-term goals to start on the DC track first so I suppose by the time I get around to the CCNP:Security, there will be material and books out for it. The only thing that makes me a little sad is that my parents got me all the CCNP:Security books for Christmas 2012. I guess they'll just become desk reference material now but it's not a big deal.

I'm fairly sure after the next month or two of work, I'll be able to take the ISE exam with ease if I want to but I won't visit the rest of the CCNP:Security track until I'm done with the CCNA/CCNP DC

Are you actively working with Nexus gear? I think I will head down that path eventually, I've been working with more Nexus over the last year. The big saying is

"Once you go Nexus, you don't go back"

Iristheangel

@RouteMyPacket - I will be by the third quarter of this year. My company also is paying for as many rack rental hours as I want so there's that as well. Since we're doing a whole data center redesign and rebuild this year, I really want to get a jump on Nexus before deployment

theodoxa

I just noticed the names and exams don't seem to match up on the Syllabus. They have the wrong names for SITCS (Transposed with SENSS), SENSS (Transposed with SIMOS), and SIMOS (Transposed with SITCS).

SECURE = SISAS (Secure Access Solutions)
FIREWALL = SENSS (Edge Network Security Solutions)
VPN = SIMOS (Secure Mobility Solutions)
IPS = SITCS (Threat Control Solutions)

I like the new exams, but wish they weren't retiring the Specialist Certs.

SecurityThroughObscurity

The old exams cover a small part of the security products.

ande0255

JustFred wrote: »

I'm hoping Cisco doesn't pull a fast one on CCNP R&S until maybe next year.

I was just thinking this same thing. I was going to start on CCNA Sec after voice, but starting to think tackling NP R&S might be a better idea before they pull the rug on that exam. I'm surprised at how small of a time window they provide for current candidates to complete their studies, I assume most NP level exams take about 3-4 months a piece to study for.

Vask3n

Hey everyone,

I apologize for not having done a more thorough read through of these changes but wanted to ask for clarification directly:

I just passed FIREWALL and am taking VPN this coming friday. Will both of these be irrelevant starting April or will I be able to use them until December 2014 in conjunction with the two new counterparts to IPS and SECURE like I think was mentioned in that flow diagram posted above?

SharkDiver

It looks like FIREWALL and VPN will count as if you passed the 300-206 and 300-209 exams.
You will need to take the 300-208 and 300-207 within three years from when you passed your first one (FIREWALL).

The December 2014 date only applies to the very bottom row of exams in the document above - http://www.cisco.com/web/learning/certifications/professional/ccnp_security/docs/migration.pdf

Not for the 642-617, 618, 647 or 648.

docrice

Given the recent Sourcefire acquisition, I wonder if this will influence the IPS area...

shodown

The security track seems to have the most changes. For those of us who work in VAR environments we see that cisco is loosing ground in security day by day. As Juniper VPN's, Palo Alto firewalls and other security appliances come forward cisco has to keep adapting to keep up. I honestly feel they are in a loosing battle in security.

Vask3n

Thanks for the clarification everyone. It looks like for those of us who are already in the middle of NP Security will need to either scramble to finish all four before April which would be stressful or finish the current exam/exams we are working on and then switch over to the new version of the remaining ones. I'm interested in seeing some new OCG material come out for these new tests.

geek4god

docrice wrote: »

Given the recent Sourcefire acquisition, I wonder if this will influence the IPS area...

Yea, I have been wondering since they announced the Sourcefire deal how that would impact the Security certs in general. Will be interesting to see.

aaron0011

shodown wrote: »

The security track seems to have the most changes. For those of us who work in VAR environments we see that cisco is loosing ground in security day by day. As Juniper VPN's, Palo Alto firewalls and other security appliances come forward cisco has to keep adapting to keep up. I honestly feel they are in a loosing battle in security.

Agreed. Cisco's best security products are the Iron Port devices. The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO. As far as Cisco IPS, I've never seen one so that's not a good sign they lead in that area either.

RouteMyPacket

aaron0011 wrote: »

Agreed. Cisco's best security products are the Iron Port devices. The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO. As far as Cisco IPS, I've never seen one so that's not a good sign they lead in that area either.

Please explain why the ASA is not a good enterprise firewall? There are differences between 5505, 5510, 5520, 5585 and now the X series.

Jobene

The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO

This is something i cant understand...
Cisco isnt easy: TRUE! Cisco isnt cheap: TRUE! BUT CISCO IS EFFECTIV! You will never get the speed that Asa is providing!

aaron0011

Jobene wrote: »
The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO
This is something i cant understand...
Cisco isnt easy: TRUE! Cisco isnt cheap: TRUE! BUT CISCO IS EFFECTIV! You will never get the speed that Asa is providing!

But the management sucks. Sure ASDM has made strides but it's not great by no means.