Passed SECURE, CCNP Security achieved!

I'm extremely happy to say that after about 6 months, I got my CCNP Security. My initial plan was to sit the exam in a week or two and do some final preparation in this time but work happened - in the next few weeks, I won't have much time to study. This is why I decided to not break my hardcore studying schedule. It never works out for me when I have to stop something and come back to it some weeks later.

The resources were the usual ones - ocg, cbt, quick reference, everything I could find on the web and lots of labbing. I went through all of these at least twice.

I have no complains towards the exam - I felt like it was a fair one and not hard like the others on the track(of course when you put a serious amount of effort into it, it should not be that challenging). Special thanks to the gang for the support and the tips throughout this. Good luck to Vask3n and the others pushing for the deadline. If I can help with something make sure to let me know.

Find more posts tagged with

Comments

colemic

congrats!

RouteMyPacket

Glückwünsche! It's good to see you complete the track. Nice to be well rounded with your CCNP R/S and Security

Onward and upward, what kind of projects are you on currently? Getting to use and expand your Security skills? I'm unfortunately doing more R/S than Security lately : (

Master Of Puppets

Vielen Dank! You have been especially helpful in these past months!

I get to do some R&S stuff too since we are a smaller company but the majority of work is security. In the next couple of weeks I will be analyzing the network security of a client. After that come the suggestions and the implementation of those suggestions. While I help the others with the routing and switching, I am all alone when it comes to the security stuff so on larger projects with huge networks, it becomes a slow process. I also have to set up Snort in our company network which I have never done and I'm excited as hell. I have played around with Snort but not nearly as much as I would want and I haven't had the chance to set it up. But the hardest part is that I have to design the network security on 2 other large projects - something that is above my experience level. This is why I want to give everything I got and make sure I do a great job! I have designed a network security plan only once but it turned out pretty well. After all it is a great chance and, without a doubt, a major learning opportunity. I started in IT 1 year ago and although it was straight in security(because I spent years studying networking and practicing as much as I can before that) some of the things they give me at work are a little over my head. However, I like being thrown into the deep end as I learn quite a bit that way. My boss tells me I have great potential and entrusts me with stuff like that on purpose.

Generally, I want to end up in pen testing so next will be the OSCP. Sadly, I don't know when I will be able to squeeze that in, timewise. I want to have as much time as I can to devote to it when I begin. That means that the hardcore studying continues but with a lot of books on pen testing and a lab with vulnarable VMs. I think I will even be able to take on pen testing responsibilities at work but at at a later time.

I'm also tired of using Metasploit so a bigger dive into the manual process will come. I will better my C skills, read something like Violent Python(I'm already good with Python), get into web app exploits, learn sql etc.

Vask3n

Congrats Master, that is really great news. I knew you would slay this one. Looking forward to joining the ranks soon.

RouteMyPacket

Master Of Puppets wrote: »

Vielen Dank! You have been especially helpful in these past months!

I get to do some R&S stuff too since we are a smaller company but the majority of work is security. In the next couple of weeks I will be analyzing the network security of a client. After that come the suggestions and the implementation of those suggestions. While I help the others with the routing and switching, I am all alone when it comes to the security stuff so on larger projects with huge networks, it becomes a slow process. I also have to set up Snort in our company network which I have never done and I'm excited as hell. I have played around with Snort but not nearly as much as I would want and I haven't had the chance to set it up. But the hardest part is that I have to design the network security on 2 other large projects - something that is above my experience level. This is why I want to give everything I got and make sure I do a great job! I have designed a network security plan only once but it turned out pretty well. After all it is a great chance and, without a doubt, a major learning opportunity. I started in IT 1 year ago and although it was straight in security(because I spent years studying networking and practicing as much as I can before that) some of the things they give me at work are a little over my head. However, I like being thrown into the deep end as I learn quite a bit that way. My boss tells me I have great potential and entrusts me with stuff like that on purpose.

Generally, I want to end up in pen testing so next will be the OSCP. Sadly, I don't know when I will be able to squeeze that in, timewise. I want to have as much time as I can to devote to it when I begin. That means that the hardcore studying continues but with a lot of books on pen testing and a lab with vulnarable VMs. I think I will even be able to take on pen testing responsibilities at work but at at a later time.

I'm also tired of using Metasploit so a bigger dive into the manual process will come. I will better my C skills, read something like Violent Python(I'm already good with Python), get into web app exploits, learn sql etc.

Very cool, get Snort going and that will be a regularly used tool once you join a Compliance type team doing pen testing etc.

Metasploit is ok, I actually used it last week while at Cisco while doing a NGFW lab so funny you mentioned that.

broli720

Congrats! Should my focus at work change, I'll definitely head down the same path.

Master Of Puppets

Thanks!

lol good timing

It is a pretty cool tool but I feel like I need a better understanding of the whole process. I think learning to do it manually will help with that. Once I'm confident I have a firm grasp on everything, I can resort to Metasploit without feeling like I'm cheating

Jobene

Gratuliere

Metasploit is ok,

Not only ok

If you want to do pentesting i would start with ceh before oscp

PCHoldmann

Congrats!

Master Of Puppets

Jobene wrote: »

Gratuliere

Not only ok
If you want to do pentesting i would start with ceh before oscp

Thanks! However, I will have to slightly disagree here. You can't qualify the CEH as a serious cert - it is very entry level and tests on some old tools. The only way you can benefit from it is if you are new to security or want some resume boost(as we know HR values it). Also, we are yet to see how EC-Council's fiasco will affect my last statement.

SecurityThroughObscurity

CEH is a toilet paper.

shednik

Congrats!