CCNP Security + CISSP

Hi,

I was wondering if anyone who is going for the CCNP Security is also going to do (or has done) the CISSP?

I'm looking to focus on security, so I'm wondering if these certs are for people that are going different directions

Find more posts tagged with

Comments

aftereffector

CISSP is almost completely management-focused, not technical at all. A CISSP knows what a firewall is and how it works, but not how to design, configure, and administer an ASA. The CISSP might help you out if you're in a technical role (and CCNP Security might help if you're a manager) but the two certs are really going separate directions within infosec.

mnashe

Thanks for reply. I see you have CISSP, CASP, CCNA Sec and going for CCIE Security. I'll assume you're in a technical role?

I'm having a tough time (internal struggle haha) figuring out if I should really pursue the CISSP or maybe there's something more appropriate . I'm not a manager, but I am looking to move to a role that's more security based.

Today, I'm a hybrid server and network administrator. I do it all from build servers (windows/vmware), deploy switches, firewalls, telcom and run scans using Nessus.

beads

Clearly the CISSP is a non-vendor specific cert intended to show general experience with security and concepts. I don't get the management thing as I see no management tasks included in the exams just general concepts. The CCNP series is obviously focused on Cisco so the concentration is much narrower and technically specific to Cisco products.

CCNA, CCSP and CCNA (R&S) all retired but I have certified in each. My career went down a different path to include more pentesting, security architecture and investigation so those became irrelevant in my case.

- b/eads

mnashe

Thanks for the info beads. Do you feel the CISSP is relevant to your current role?

Mike-Mike

I dont have either the CCNP Security or the CISSP. However I am in Security, and I do have a CCNA Security.

Number of interviewers who asked about my CCNA Security: 0

Percentage of interviewers who see my list of certs and then ask about the CISSP: 100%

mnashe

Mike-Mike wrote: »

I dont have either the CCNP Security or the CISSP. However I am in Security, and I do have a CCNA Security.

Number of interviewers who asked about my CCNA Security: 0

Percentage of interviewers who see my list of certs and then ask about the CISSP: 100%

That's funny and not surprising at the same time. The CCNP Security certification is really just a goal for me from a technical perspective.

The way I've been looking at it is, if the CISSP teaches you that you need a firewall/IPS, but you don't know how to configure a firewall or IPS, what good is it going to do for me, career wise?

mackenzae

Mike-Mike wrote: »

I dont have either the CCNP Security or the CISSP. However I am in Security, and I do have a CCNA Security.

Number of interviewers who asked about my CCNA Security: 0

Percentage of interviewers who see my list of certs and then ask about the CISSP: 100%

AKA HR FILTER

J/K. I think it depends on the role you are applying for whether they will ask about certain certs.. if you are in a information security role and your job is more about policy, procedure, overall security, etc. etc.. i can see them asking about CISSP. If you are applying for a technical role and they ask you about the CISSP then well you better either set them straight or get out of there because they don't know what they want.

I work in a purely Network Security Technical role - i deploy firewalls, vpns and everything else - i don't have a CISSP and i probably won't get one.. but if i ever look for another technical job and they ask me about CISSP well lets just say I probably won't work there. I guess once you've been in the field long enough.. you know what you want and you know when a company has the position you want and you can weed out the potential bad jobs where people think they want one thing but are asking about another.

mbarrett

mnashe wrote: »

Hi,

I was wondering if anyone who is going for the CCNP Security is also going to do (or has done) the CISSP?

I'm looking to focus on security, so I'm wondering if these certs are for people that are going different directions

I did my CISSP, and did the CCNP Security later on, after working in the Infosec field for a while. I had an extensive background in servers & networks before I did my CISSP which helped my understanding of some of the Domains on the CISSP.

The CCNP Security is way more hands-on technical with Cisco and their specific product line with ASA, IDS, VPN, Cisco L2-L3 network security, etc. The CISSP is much, much more broader and spans most, if not all aspects of the Infosec field. It is not vendor specific. With the CISSP you are expected to have a solid understanding of all the concepts covered in the domains of the CISSP Common Body of Knowledge, and not all of them are technical. It's more of a 20,000-ft view of the Infosec terrain, and the CCNP Security is like a 5000-foot view and contains all the detail you would expect in a smaller area of focus.
On the other hand, CCNP Security develops networking skills & knowledge that are not part of Infosec, rather it's usually considered a networking cert that happens to be focused on the security technology from Cisco.

beads

mnashe wrote: »

Thanks for the info beads. Do you feel the CISSP is relevant to your current role?

As the or a Senior Security Architect for my current set of clients, yes but only to get past the HR filters. Otherwise, I find certificates in general to be overly relied upon to judge experience in general.

They (certificates in general) have become a bit of a crutch for HR and hiring managers who are looking to side step the harder candidate evaluation questions if not the filtering process as a whole. This is exactly why you see so many contract to hire positions - vetting candidates is hard - especially security people. The more material made available by third party authors likewise allows for less experienced people to pass an exam they should have no business taking in the first place.

On the positive side. I like certification to make me learn the last 10-20 percent of testable material I probably wouldn't otherwise learn or be exposed.

Finishing Cloud Security Alliance and ISC(2) CCSP. Finished Wireshark earlier this year and saw half a dozen SANS certifications retire this year alone. So its a mixed bag of what will help my clients and help me make money. As a consultant I have to work harder than corporate types in regard to skill level. Besides, I bore easily to the point of being a bit OCD or arch typical 'router jock' by nature. Those skills that become old or deprecated retire only to be replaced by newer, shinier certs that in demand. OK wireshark is still just plain cool and useful so I broke down and finished it for my own good - its too useful, not to.

- b/eads

mnashe

mackenzae wrote: »

I work in a purely Network Security Technical role - i deploy firewalls, vpns and everything else - i don't have a CISSP and i probably won't get one.. but if i ever look for another technical job and they ask me about CISSP well lets just say I probably won't work there.

Are you working for a VAR? I've seen quite a bit of technical positions in my area that ask for CISSP, which is one of the reasons I was looking to pursue it.

mbarrett wrote: »

I did my CISSP, and did the CCNP Security later on, after working in the Infosec field for a while. I had an extensive background in servers & networks before I did my CISSP which helped my understanding of some of the Domains on the CISSP.

Is you in a technical Infosec role now?

I also have a background in servers and networks. I'd say 60/40. I'm looking to move away from the normal server admin/network admin tasks and focus mostly on security role but I want to configure the security appliances. I'm not really looking to be focused on writing policies.

I'm familiar with ASA and Palo Alto firewalls, but not much IDS/IPS appliances. My VPN knowledge could also be better, I've setup remote access and site to site VPNs, but not often. The CCNP Security (current blueprint) has a whole course on VPNs, which interests me.

I thought maybe I should look at GIAC Perimeter Protection Analyst, Intrusion Analyst or Incident Handler certs instead. The courses are expensive and I'm self funded

mbarrett

At the moment, I'm working more hands-on with firewalls. I'm planning on maintaining the hands-on roles with firewalls, IDS, VPN etc in the future but I have a pretty good Infosec background at this point that I can utilize as well, to enable me to function in that world.
The GPPA certification program was suspended until 2017, they are not offering the training at this time - I looked into it earlier this year. You might be able to schedule the test.
The GCIA and GCIH are pretty good to have, at least from what I have seen.

mnashe

beads wrote: »

Otherwise, I find certificates in general to be overly relied upon to judge experience in general.

As do I. Most of the time, I study to learn and take the exams just because I studied. The goal is always learning, not passing exams.

Wireshark is cool, so no harm there haha and the CCSP looks like a cool exam too.

For me, the certificates help as I do not have a degree.

mnashe

mbarrett wrote: »

At the moment, I'm working more hands-on with firewalls. I'm planning on maintaining the hands-on roles with firewalls, IDS, VPN etc in the future but I have a pretty good Infosec background at this point that I can utilize as well, to enable me to function in that world.
The GPPA certification program was suspended until 2017, they are not offering the training at this time - I looked into it earlier this year. You might be able to schedule the test.
The GCIA and GCIH are pretty good to have, at least from what I have seen.

I didn't know that about the GPPA, good to know.

My OCD has me all over the place with these certifications (only for learning). I want to work with firewalls, IPS/IDS, but also cloud security. I have a virtualization background too

mackenzae

mnashe wrote: »

Are you working for a VAR? I've seen quite a bit of technical positions in my area that ask for CISSP, which is one of the reasons I was looking to pursue it.

No I work for a giant health system in their Network Security Team which is the technical side of Security (Deploying/managing an array of firewalls like Palo Altos, Junipers, ASAs - approx 300 or so overall - NAT/ACLS/policys etc..), managing a couple of VPN environments which there are probably 250+ VPNs and increase on a weekly/monthly basis, managed F5 viprions/vCMP from a network/chassis level plus some more..

There is another team which would handle the more incident response/IDS/IPS type of security work and i know a bunch of them have their CISSP. There is then yet another team which handles vul mgmt/scanning/documentation of firewall requests/systems and more of the policy side of security. Perhaps this is a unique setup since the environment is so large.

chrisone

Going for the CISSP right now and have half of my CCNP Security. Both complement each other really well.

mnashe

mackenzae wrote: »

No I work for a giant health system in their Network Security Team which is the technical side of Security (Deploying/managing an array of firewalls like Palo Altos, Junipers, ASAs - approx 300 or so overall - NAT/ACLS/policys etc..), managing a couple of VPN environments which there are probably 250+ VPNs and increase on a weekly/monthly basis, managed F5 viprions/vCMP from a network/chassis level plus some more..

There is another team which would handle the more incident response/IDS/IPS type of security work and i know a bunch of them have their CISSP. There is then yet another team which handles vul mgmt/scanning/documentation of firewall requests/systems and more of the policy side of security. Perhaps this is a unique setup since the environment is so large.

Thanks for the info. Seems to be the area that probably interests me most. I'm just sick of traveling

mnashe

chrisone wrote: »

Going for the CISSP right now and have half of my CCNP Security. Both complement each other really well.

Good to know! This is how I was going to do mine actually, 2 exams then cissp, then finish the other two. I was planning on saving the ISE exam and 300-207 (I think) for last

Techand$$

Just passed the CISSP, currently doing the endorsement process. I'm planning to complete CCNP security by next year, currently working for a MSSP and the primary reason I did CISSP was to get past the HR (future job security), but that does not mean I haven't gained anything out of the cert, now i'm able to confidently talk to IT manager or security manager using a common 'CISSP like' language when configuring firewalls, email-filters, AD/Exchange audit solutions etc. As you progress through your career you will realize that communication play's a major role as you climb up the ranks. So gain as much knowledge as you can, be it security management or technical security because there seems to be an overlap somewhere....... right?

mnashe

Techand$$ wrote: »

Just passed the CISSP, currently doing the endorsement process. I'm planning to complete CCNP security by next year, currently working for a MSSP and the primary reason I did CISSP was to get past the HR (future job security), but that does not mean I haven't gained anything out of the cert, now i'm able to confidently talk to IT manager or security manager using a common 'CISSP like' language when configuring firewalls, email-filters, AD/Exchange audit solutions etc. As you progress through your career you will realize that communication play's a major role as you climb up the ranks. So gain as much knowledge as you can, be it security management or technical security because there seems to be an overlap somewhere....... right?

Congrats on passing the CISSP!

JustFred

Techand$$ wrote: »

Just passed the CISSP, currently doing the endorsement process. I'm planning to complete CCNP security by next year, currently working for a MSSP and the primary reason I did CISSP was to get past the HR (future job security), but that does not mean I haven't gained anything out of the cert, now i'm able to confidently talk to IT manager or security manager using a common 'CISSP like' language when configuring firewalls, email-filters, AD/Exchange audit solutions etc. As you progress through your career you will realize that communication play's a major role as you climb up the ranks. So gain as much knowledge as you can, be it security management or technical security because there seems to be an overlap somewhere....... right?

Awesome. Congratulations

mackenzae

Techand$$ wrote: »

but that does not mean I haven't gained anything out of the cert, now i'm able to confidently talk to IT manager or security manager using a common 'CISSP like' language when configuring firewalls, email-filters, AD/Exchange audit solutions etc. As you progress through your career you will realize that communication play's a major role as you climb up the ranks.

Congrats and this actually does make sense from a communication standpoint.

MitM

mackenzae wrote: »

If you are applying for a technical role and they ask you about the CISSP then well you better either set them straight or get out of there because they don't know what they want.

I work in a purely Network Security Technical role - i deploy firewalls, vpns and everything else - i don't have a CISSP and i probably won't get one.. but if i ever look for another technical job and they ask me about CISSP well lets just say I probably won't work there..

Just came across this. Do other technical network security folks on here feel the same way? I'm currently studying for CISSP, and struggling a little, because the material doesn't relate to where I see myself. I'm trying to push through it, but at times feel like I'd be better off studying for CCNP Security or CCIE

Techand$$

Hey MitM, I was planning to do the CCNP Security, but I since didn’t come across much Cisco Network security devices in my line of work I eventually dropped the idea of getting that cert.

Anyways coming to your question, you need to decide where you want to work 5 years from now, if it’s in network security i.e. routers, firewall, IPS, NAC etc then do it the cisco or juniper or checkpoint or paloAlto way. If you want to work in a position that deals with an all round security in information technology then CISSP is your ticket (not the only ticket) to it.

kevinc.

From talking with Cisco Academy Instructors and other people in the field, I am really sorry to say, but Cisco certifications are not as useful as people make them out to be. Like Mike has said, no one asks about them on interviews and that is my experience as well. If you take Cisco certifications, you will understand that they ask you questions that are way off topic and about small details that you just don't pay attention.

They outsource their test making to a third vendor. So they don't even create their own tests and that is why when you study for it and then take it, you will notice they are very different. This is specifically true for the CCNA Security exam.

I would focus on management and concepts. Cisco firewalls are not even best rated out there so you will mostly likely be working be Palo Alto firewalls, especially in the financial sector.

Furthermore, if anyone who knows Cisco internally would ever be honest with you. They will tell you that these exams are a lot of fo money grabbing. They make way too much money from their academy and tests.

You can learn the technical skills on the job. What the Cisco certs don't teach you is how to logically and rationally think about networks and security, which is way more valuable than remembering configuration commands.