Calling CCNP's ...

examseeker · April 2008

Hello guys:

I just made a similar post to this in the CCSP forum. After I pass the CCNA (wish me luck), I plan to take either a CCNP or CCSP track. I have heard from this forum that CCNP's build the network while CCSP's secure the network. Is there any more information that anyone has? Has anyone regretted taking the CCNP rather than the CCSP? I am pretty sure that the lab setups are different as well.

So, any useful information would be great!

Thanks,
es

mikej412 · April 2008

examseeker wrote:

I have heard from this forum that CCNP's build the network while CCSP's secure the network.

Would you trust someone to Secure a network that they don't have the knowledge or skills to build?

examseeker · April 2008

Great point, mike.. I think you helped reinforce my decision for CCNP. We are getting CBT Nuggets at work, so I wanted to get more info about both tracks.

Thanks man,
es

redwarrior · April 2008

This brings up an interesting situation at work that I've been wondering what you guys would think of, particularly those with multiple certs.

I work for a Medium-sized business and, except for consultants that come in on an hourly basis to help out with projects, I'm the network person. We recently moved the person working on the network before me into a security position. He even says he views his job as telling us that we can't do what we want to do, but not to offer solutions because "I'm not a network engineer." To me, this seems an overly rigid and simplistic view of how network and security teams or just the people within them should work together. He says that it is basically my job to want to open up the network and make it as easy to use and efficient as possible and it's his job to lock it down and make it harder to use, but more secure.

The way I see it, network engineers should know at least the basics of security and security people should know at least the basics of network engineering so that both can work together to find solutions that help satisfy both requirements or at least come up with a decent compromise between security and usability.

What's you guys' take on this? Does there need to be such a strict division?

mikej412 · April 2008

redwarrior wrote:

He says that it is basically my job to want to open up the network and make it as easy to use and efficient as possible and it's his job to lock it down and make it harder to use, but more secure.

Hum.... a more polite way of saying what's true

A CCNP given a Firewall and a traffic issue usually seems to fix it by allowing all traffic, in and out.

A CCSP with a mandate to secure the network may do it by denying traffic and breaking the network

That's why you want someone who knows both and is responsible for both, or Network and Security teams that like, or at least respect, each other

dynamik · April 2008

Mike, to follow-up, would you recommend doing R&S before security at the expert level as well?

A CCIE in security is my long-term goal. I was planning on going straight through the security path, but it seems like that would be a decision that would ultimately be somewhat limiting. It would appear that the NP is a necessary evil in this case. My question is, would a CCNP be a solid enough R&S foundation to go for a security CCIE, or would you recommend getting an R&S CCIE first?

Also, would any other professional-level certifications complement a security focus? I'm not sure about voice and design, but the service provider seems like it might be beneficial as well.

mikej412 · April 2008

dynamik wrote:

Mike, to follow-up, would you recommend doing R&S before security at the expert level as well?.

With the last update to the Security Lab, you don't need to (or it doesn't help as much as it used to). You'll still read Doyle in the Security Recommended Reading List, and having the CCNP or studying for the BSCI exam will still help.

mikej412 · May 2008

Cross-linking with the Calling CCSP's ... thread.

mikearama · May 2008

IMO, learning security before the basics is backwards. I can't put it any better than Mike did:

mikej412 wrote:

Would you trust someone to Secure a network that they don't have the knowledge or skills to build?

Case in point, we have a Security Specialist here who has a CCSP and a CISSP. He knows theory inside out, and can handle himself proficiently in any security conversation.

However, last sunday (cause he was going to be here anyway) I asked him to add a new vlan to a stack of 3750's, and add it to the cores... plus a spanning-tree priority of 0 on the primary, and a spanning-tree priority of 4096 on the secondary. He got the stack part right, but couldn't figure out the pseudo-hsrp part on the cores. Ended up erasing the whole line of vlans of one of the cores.

Security aspirations are awesome... I have them... but to not know the basics will bite you in the ass.

Mike

yukky · May 2008

mikej412 wrote:

A CCNP given a Firewall and a traffic issue usually seems to fix it by allowing all traffic, in and out.

oh.. is there something wrong with that solution??

Calling CCNP's ...

Comments