Is CCNP overkill for someone who is interested in a IT security career?

YuckTheFankees · July 2011

I have heard a lot of people in pentesting and security tell me to at least get my CCNA so I have a good knowledge of networks/ routers/TCP-IP. I have been looking around and CCNP have a very nice salary. So I was thinking..take 3-4 months pass the 3 exams..get the cert and move up in the network world before I move over to the security field.

Should I go for the CCNP?

MT0911 · July 2011

CCNP is a GREAT certification to have. But the basis of knowledge is difficult to grasp if you have no prior experience. One thing to note: you have to have CCNA first (prerequisite to CCNP) and in my opinion that is the best way to approach it. It will give you a sound foundation to begin. Good luck!

YuckTheFankees · July 2011

thanks for the advice, Ill hopefully get a networking job within the next couple months..and I might start CCNP later this year or early next year.

NOC-Ninja · July 2011

YuckTheFankees wrote: »

I have heard a lot of people in pentesting and security tell me to at least get my CCNA so I have a good knowledge of networks/ routers/TCP-IP. I have been looking around and CCNP have a very nice salary. So I was thinking..take 3-4 months pass the 3 exams..get the cert and move up in the network world before I move over to the security field.

Should I go for the CCNP?

The CCNP salary that you see comes with years of experience. Dont be fooled by the salary on websites.

docrice · July 2011

I would be kind of hesitant to say that the CCNA provides a "good" knowledge of networking and TCP/IP. Decent beginner foundations for basic routing and switching, perhaps, but not too much more than that. Plus, it only superficially touches TCP/IP beyond subnetting. At least that was my experience when I went through the CCNA certification process a couple of years ago, and I had already been working on Cisco equipment for some years by that point.

As someone without a CCNP, I'd say that it probably definitely helps to have that level of knowledge and experience, but it seems like infosec focuses more on protocol behavior rather than complex LAN / WAN topologies. Depending on the environment you're working in, I'd say that it's more of a "nice to have" rather than a "must."

However, the latest SANS salary survey from several years ago (if you trust those things) does rank the CCNP pretty high on the list of desired certifications, depending on various criteria.

chrisone · July 2011

Getting the CCNP and passing 3 exams with no networking experience nor a CCNA is very suspect in my opinion. Having a fulltime job would further delay your studies, i am not sure on what or how you go about taking certs but blitz reading a book per month and then obtaining some "practice" tests would not help you out in pentesting. With Pentesters you really need to understand how networks and security works, memorizing practice exams wont help you out. Pentesters arent just opening up an app and hitting scan, although it can seem this way, however you need to understand and know your protocols extremely well and how they can be exploited.

I am not calling you a cheater and forgive my tone it just seems like you are not aware of the realities of professional level exams. I mean no disrespect but look at it from our perspective, we see you with no net experience and no CCNA or network+ exam and you are ready to conquer a professional level cert in 3 months.

However to help you out, get the CCNA to get the basics, CCNP to have a good understanding of routing and switching, CCNA security to have a basics of security, perhaps the CCNP Security to have a high skill level of security, then once you understand thoroughly all of the above then you can delve into pentesting. I believe you will need some understanding of programming as well and how websites work with databases too. There is a lot of information here, it will take least more than a year to have legitimate skills to be a pen tester.

Anyways its just my two cents and some help if you want to call it that, i would just say i was giving you a little bit of reality. I am not 100% correct nor wrong. Good luck in your journey.

Bl8ckr0uter · July 2011

YuckTheFankees wrote: »

I have heard a lot of people in pentesting and security tell me to at least get my CCNA so I have a good knowledge of networks/ routers/TCP-IP. I have been looking around and CCNP have a very nice salary. So I was thinking..take 3-4 months pass the 3 exams..get the cert and move up in the network world before I move over to the security field.

Should I go for the CCNP?

Be careful with that assumption. There is so much to networking that CCNA doesn't even mention (the first thing that comes to mind is packet analysis).

I think that for a pen tester, CCNP would be overkill but not because the knowledge is required. The CCNP is sort of a specialist certification and most pentesters would need to expand there breadth of knowledge beyond one vendor's gear. I think CCNA, CCDA and CCNA:S would be about as high as a pentester would go.

VAHokie56 · July 2011

chrisone wrote: »

However to help you out, get the CCNA to get the basics

I agree here, baby steps man. Get a CCNA and try to acquire a job that will start building on the job experience then shoot for the CCNP if you are still interested. You may find you have a rather distaste for Cisco...however I doubt it because its the Bee's Knee's.

ehnde · July 2011

I think you're underestimating the level of expertise a CCNP requires. Like others have said, a CCNA is required to get the CCNP. Many people never get the CCNP after obtaining the CCNA.

To put things into perspective....I got my CCNA a few months ago. It was a lifetime achievement for me.

You can skip both if you have been an expert for a long time and either your certs expired or you never bothered with certification and go straight for CCIE. The problem with that is now we're talking about God Mode.

down77 · July 2011

A perspective by an old member on getting into security, pen testing, and the CCxA argument:

http://www.techexams.net/forums/ec-council-ceh-chfi/35544-so-you-want-take-ceh-read.html

YuckTheFankees · July 2011

Sorry I didnt clarify..I do have the CCNA, CCNA: Security, Security+, and A+. I am currently working on BS IT Security (20 credits left, then going on to WGU Info Assurance master degree)CEH and CFHI.

From what I have gathered, it seems most people have a mixed opinion about CCNP being overkill. I like the idea of adding it to my collection but now I'm thinking...if I pass the CCNP...I might just stay or be stuck in networking positions. I really dont know. I do appreciate all the help and comments.

networker050184 · July 2011

YuckTheFankees wrote: »

Sorry I didnt clarify..I do have the CCNA, CCNA: Security, Security+, and A+. I am currently working on BS IT Security (20 credits left, then going on to WGU Info Assurance master degree)CEH and CFHI.

From what I have gathered, it seems most people have a mixed opinion about CCNP being overkill. I like the idea of adding it to my collection but now I'm thinking...if I pass the CCNP...I might just stay or be stuck in networking positions. I really dont know. I do appreciate all the help and comments.

How would having a certification make you stuck in a position?

Just get certified in what you have experience with and you can't go wrong.

MT0911 · July 2011

ehnde wrote: »

I think you're underestimating the level of expertise a CCNP requires. Like others have said, a CCNA is required to get the CCNP. Many people never get the CCNP after obtaining the CCNA.

To put things into perspective....I got my CCNA a few months ago. It was a lifetime achievement for me.

You can skip both if you have been an expert for a long time and either your certs expired or you never bothered with certification and go straight for CCIE. The problem with that is now we're talking about God Mode.

To go straight to CCIE..... Yes, I would say you must be in God Mode

MT0911 · July 2011

YuckTheFankees wrote: »

Sorry I didnt clarify..I do have the CCNA, CCNA: Security, Security+, and A+. I am currently working on BS IT Security (20 credits left, then going on to WGU Info Assurance master degree)CEH and CFHI.

From what I have gathered, it seems most people have a mixed opinion about CCNP being overkill. I like the idea of adding it to my collection but now I'm thinking...if I pass the CCNP...I might just stay or be stuck in networking positions. I really dont know. I do appreciate all the help and comments.

Ok that makes a bit more sense now. If you have those certs now then CCNP would be fine to go after. Since Security is your goal it might even be worthwhile to look into CCSP since you already have your CCNA: Security. Or just get them both. The decision is on you. You can't be stuck in a position just because you get a certification. Certs can only help and refine your skills plus they give you something nice to show to employers wanting "proof" of your knowledge. Having a broad area of knowledge is never a bad thing. Learn everything you can while you have the time!

YuckTheFankees · July 2011

networker050184 wrote: »

How would having a certification make you stuck in a position?

Just get certified in what you have experience with and you can't go wrong.

The only reason I said stuck in the position...say I have the CCNP and Ive been doing networking for 4-6 years..will recruiters only see me as a "networking" guy even though I have security certs?

networker050184 · July 2011

YuckTheFankees wrote: »

The only reason I said stuck in the position...say I have the CCNP and Ive been doing networking for 4-6 years..will recruiters only see me as a "networking" guy even though I have security certs?

I don't think it really matters to be honest. If you thinks its an issue then you don't have to list the CCNP though.

Bl8ckr0uter · July 2011

YuckTheFankees wrote: »

The only reason I said stuck in the position...say I have the CCNP and Ive been doing networking for 4-6 years..will recruiters only see me as a "networking" guy even though I have security certs?

networker050184 wrote: »

I don't think it really matters to be honest. If you thinks its an issue then you don't have to list the CCNP though.

I can understand what he is saying Networker. I think it matters when you don't have any experience in the field (or sub field) you want to get into. If you are "just" a CCNP and not a CCNP:Security (or X cert) BUT you have X years of experience with ASAs and IDSs and you are a general security dynamo, then you are going to get the call back vs someone who has CCNP and CCNP:Security but with limited experience (all other things being equal including personality, education and disregarding anything else).

Now if it comes down to an inexperienced CCNP vs an inexperienced CCNP and CCNP:Security, then things might be different. Well I would hope there wouldn't be an inexperience person at the CCNP level so lets just say a CCNA vs a CCNA and CCNA:Security. The later person might get the nod or callback just because of the extra cert they have (again all other things being equal). Once you get to a certain career level, your experience pretty much will squash all of that hogwash.

I had literally the exact same thoughts like 6 months ago and now I am in a job where I am being pushed towards the CCNP:Security track. I am probably going to knock that one out first since it will be more apropos to what is expected of me. The important thing is to learn what you need to know, even if you don't get the cert. I am purchasing the Route and troubleshoot books and I already have/started to thumb through the switch book. Why? Because there is a "basic" level of knowledge that a network engineer needs. The same goes for any other part of IT.

chrisone · July 2011

YuckTheFankees wrote: »

The only reason I said stuck in the position...say I have the CCNP and Ive been doing networking for 4-6 years..will recruiters only see me as a "networking" guy even though I have security certs?

In all honesty if you were to get a networking position, chances are you will have to know, implement, troubleshoot, security in a network. At that level of CCNP routing and switching skills, any job with those skills will require you to touch on security, that is the nature of the beast in our jobs.

The reason why so many will tell you to get a CCNP before you venture off into any other specialty (wireless, security, voip, design, pentest, packet analysis) is because they all need to have a good understanding of how routing and switching work. You just have to have a good understand of R&S before you jump deep onto some other technologies.

Go for the CCNP, whether you spend 1 month or 3 months for all exams that is on you and your goals. Goodluck

networker050184 · July 2011

Bl8ckr0uter wrote: »

I can understand what he is saying Networker. I think it matters when you don't have any experience in the field (or sub field) you want to get into. If you are "just" a CCNP and not a CCNP:Security (or X cert) BUT you have X years of experience with ASAs and IDSs and you are a general security dynamo, then you are going to get the call back vs someone who has CCNP and CCNP:Security but with limited experience (all other things being equal including personality, education and disregarding anything else).

Now if it comes down to an inexperienced CCNP vs an inexperienced CCNP and CCNP:Security, then things might be different. Well I would hope there wouldn't be an inexperience person at the CCNP level so lets just say a CCNA vs a CCNA and CCNA:Security. The later person might get the nod or callback just because of the extra cert they have (again all other things being equal). Once you get to a certain career level, your experience pretty much will squash all of that hogwash.

I had literally the exact same thoughts like 6 months ago and now I am in a job where I am being pushed towards the CCNP:Security track. I am probably going to knock that one out first since it will be more apropos to what is expected of me. The important thing is to learn what you need to know, even if you don't get the cert. I am purchasing the Route and troubleshoot books and I already have/started to thumb through the switch book. Why? Because there is a "basic" level of knowledge that a network engineer needs. The same goes for any other part of IT.

I think you are way over analyzing it.

powerfool · July 2011

Look at doing the CCNA Security, first. Then, if you feel that you want to go the professional level, you have a choice between the CCNP and CCNP Security. In addition, any pentester would benefit from wireless knowledge... you could look at the CCNA Wireless, as well.

docrice · July 2011

powerfool wrote: »

In addition, any pentester would benefit from wireless knowledge... you could look at the CCNA Wireless, as well.

I can't recommend the CCNA: Wireless. It was mostly about Cisco 802.11 technologies, although there was some coverage on wireless fundamentals. You're probably better off doing the CWNA / CWSP track.

Is CCNP overkill for someone who is interested in a IT security career?

Comments