New CCNP Security path

brombulecbrombulec Member Posts: 186 ■■■□□□□□□□
Cisco just annouced new CCNP Sec path and exams.

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/syllabus

--
Regards
Piotr
«13

Comments

  • IristheangelIristheangel Mod Posts: 4,133 Mod
    I have some mixed feelings on it. I originally meant to take the CCNP Security this year but my plans changed. I'm disappointed that my books are now irrelevant and even if I was studying for the test, Cisco only gave until April to finish the current track so there would be no way I could finish it. On the other hand, a whole exam on ISE? Another whole exam on next generation firewalls? Well... That's definitely more relevant and fun. I guess bring it on....
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JustFredJustFred Member Posts: 678 ■■■□□□□□□□
    Cisco is on the role lately.
    [h=2]"After a time, you may find that having is not so pleasing a thing, after all, as wanting. It is not logical, but it is often true." Spock[/h]
  • SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    I like the new exams.
    Fresh materials, new products.
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    I guess that means no more specialist (IOS Security Specialist, Firewall Security Specialist, VPN Security Specialist) certs for passing one or two exams??? Will they let you mix (SECURE, FIREWALL, VPN, IPS) and match (new exams)??? I would like to at least take a run at "Cisco Firewall Security Specialist" (SECURE + FIREWALL) before they change the exams.

    I'm thinking: SECURE (IOS Security Specialist) --> FIREWALL (Firewall Security Specialist) --> SIMOS --> SITCS (CCNP: Security)
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Well this is certainly interesting. Thank you for sharing that as I had no idea. Taking into account I am earning it at the moment, this is pretty relevant to me. I will be aiming to complete it by April. However, as Iris said, the new ones look pretty interesting. I will get my CCNP Security before the changes(I'm taking IPS in a few days and will push for SECURE before the deadline) but I will definitely get the new materials and study them too.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    What I find interesting is the lack of focus on ASAs. I'm curious where Cisco is going with this. I'm also wondering how soon they will have books out for the next version.
  • SharkDiverSharkDiver Member Posts: 844
    Wow! What a blow!

    I have really been on a roll of working on the certification that Cisco is about to change or retire.

    After I finished CCNP, I started working on CCIP. I got about 3/4 of the way through the MPLS book when they announced they were retiring the CCIP.

    So, I bought the 642-617 book and practice questions (CCNP FIREWALL) to start working on the CCNP Security. About a month later, they released the 642-618 exam and I had to buy the new book and start over.

    Now, I'm finishing up my studying and getting ready to schedule the exam, and they are changing it again.

    So, if I pass the CCNP FIREWALL exam before April 21st, what does that get me? (other than recertifying all my other certs)
    If I pass FIREWALL, I can still continue towards the CCNP Security, I just don't have to take the Mobility Solutions exam?

    It's been over 2 years since my last Cisco exam and it's because they keep changing them.
  • SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    SharkDiver wrote: »
    If I pass FIREWALL, I can still continue towards the CCNP Security, I just don't have to take the Mobility Solutions exam?
    http://www.cisco.com/web/learning/certifications/professional/ccnp_security/docs/migration.pdf
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    So I guess that makes my FIREWALL irrelevant then..... Oh well.
  • SharkDiverSharkDiver Member Posts: 844

    Thanks SecurityThroughObscurity, that makes much more sense the way that lines up. The syllabus in the top post has the old and new exams lined up differently. Hopefully, they'll fix it.
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    Wow, I didn't know this was coming, must be based on the recent CCIE Security update. For those of you looking to complete your Security this looks good to me and seems more "real" world.

    I would recommend keep reading your current OCG's and labbing as normal then perhaps buy the new one and scan through it? That's probably what I would do. If you are 2/4 into your security it could be possible to finish before April..depends on your exposure to what you have left.

    Good luck MoP on your IPS exam.

    How far are you into your Iris? Just now starting or?

    I love the idea of the 300-208 SISAS exam topics because while SECURE covered dot1x, it went into other topics like GETVPN, DMVPN...this seems really focused and that is a good thing. ISE is not something you learn via certification, it's always been a beast of it's own. Understanding the underlying functionality dot1x and identity services is great but to understand ISE inside/out is something alltogether different.

    BYOD is covered as well..i'm impressed by the topics. I feel cheated. lol
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Nope. Not starting at all. I decided it made more sense in my short-term goals to start on the DC track first so I suppose by the time I get around to the CCNP:Security, there will be material and books out for it. The only thing that makes me a little sad is that my parents got me all the CCNP:Security books for Christmas 2012. I guess they'll just become desk reference material now but it's not a big deal.

    I'm fairly sure after the next month or two of work, I'll be able to take the ISE exam with ease if I want to but I won't visit the rest of the CCNP:Security track until I'm done with the CCNA/CCNP DC
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • SharkDiverSharkDiver Member Posts: 844
    Here's a question:

    Are the new exams going to count towards recertification of your CCNP?
    I would think they would, but if you take Cisco literally, they say:
    "To recertify, pass ONE of the following before the certification expiration date: Pass any current 642-XXX Professional level exam"

    The new exams are not 642-XXX exams.

    Is it just too early for them to have made the appropriate changes, or are they changing everything?
  • JustFredJustFred Member Posts: 678 ■■■□□□□□□□
    I'm hoping Cisco doesn't pull a fast one on CCNP R&S until maybe next year.
    [h=2]"After a time, you may find that having is not so pleasing a thing, after all, as wanting. It is not logical, but it is often true." Spock[/h]
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    Nope. Not starting at all. I decided it made more sense in my short-term goals to start on the DC track first so I suppose by the time I get around to the CCNP:Security, there will be material and books out for it. The only thing that makes me a little sad is that my parents got me all the CCNP:Security books for Christmas 2012. I guess they'll just become desk reference material now but it's not a big deal.

    I'm fairly sure after the next month or two of work, I'll be able to take the ISE exam with ease if I want to but I won't visit the rest of the CCNP:Security track until I'm done with the CCNA/CCNP DC


    Are you actively working with Nexus gear? I think I will head down that path eventually, I've been working with more Nexus over the last year. The big saying is

    "Once you go Nexus, you don't go back"
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    @RouteMyPacket - I will be by the third quarter of this year. My company also is paying for as many rack rental hours as I want so there's that as well. Since we're doing a whole data center redesign and rebuild this year, I really want to get a jump on Nexus before deployment
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    I just noticed the names and exams don't seem to match up on the Syllabus. They have the wrong names for SITCS (Transposed with SENSS), SENSS (Transposed with SIMOS), and SIMOS (Transposed with SITCS).

    SECURE = SISAS (Secure Access Solutions)
    FIREWALL = SENSS (Edge Network Security Solutions)
    VPN = SIMOS (Secure Mobility Solutions)
    IPS = SITCS (Threat Control Solutions)

    I like the new exams, but wish they weren't retiring the Specialist Certs.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    The old exams cover a small part of the security products.
  • ande0255ande0255 Banned Posts: 1,178
    JustFred wrote: »
    I'm hoping Cisco doesn't pull a fast one on CCNP R&S until maybe next year.

    I was just thinking this same thing. I was going to start on CCNA Sec after voice, but starting to think tackling NP R&S might be a better idea before they pull the rug on that exam. I'm surprised at how small of a time window they provide for current candidates to complete their studies, I assume most NP level exams take about 3-4 months a piece to study for.
  • Vask3nVask3n Member Posts: 517
    Hey everyone,

    I apologize for not having done a more thorough read through of these changes but wanted to ask for clarification directly:

    I just passed FIREWALL and am taking VPN this coming friday. Will both of these be irrelevant starting April or will I be able to use them until December 2014 in conjunction with the two new counterparts to IPS and SECURE like I think was mentioned in that flow diagram posted above?
    Working on MS-ISA at Western Governor's University
  • SharkDiverSharkDiver Member Posts: 844
    It looks like FIREWALL and VPN will count as if you passed the 300-206 and 300-209 exams.
    You will need to take the 300-208 and 300-207 within three years from when you passed your first one (FIREWALL).

    The December 2014 date only applies to the very bottom row of exams in the document above - http://www.cisco.com/web/learning/certifications/professional/ccnp_security/docs/migration.pdf

    Not for the 642-617, 618, 647 or 648.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Given the recent Sourcefire acquisition, I wonder if this will influence the IPS area...
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • shodownshodown Member Posts: 2,271
    The security track seems to have the most changes. For those of us who work in VAR environments we see that cisco is loosing ground in security day by day. As Juniper VPN's, Palo Alto firewalls and other security appliances come forward cisco has to keep adapting to keep up. I honestly feel they are in a loosing battle in security.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • Vask3nVask3n Member Posts: 517
    Thanks for the clarification everyone. It looks like for those of us who are already in the middle of NP Security will need to either scramble to finish all four before April which would be stressful or finish the current exam/exams we are working on and then switch over to the new version of the remaining ones. I'm interested in seeing some new OCG material come out for these new tests.
    Working on MS-ISA at Western Governor's University
  • geek4godgeek4god Member Posts: 187
    docrice wrote: »
    Given the recent Sourcefire acquisition, I wonder if this will influence the IPS area...

    Yea, I have been wondering since they announced the Sourcefire deal how that would impact the Security certs in general. Will be interesting to see.
  • aaron0011aaron0011 Member Posts: 330
    shodown wrote: »
    The security track seems to have the most changes. For those of us who work in VAR environments we see that cisco is loosing ground in security day by day. As Juniper VPN's, Palo Alto firewalls and other security appliances come forward cisco has to keep adapting to keep up. I honestly feel they are in a loosing battle in security.

    Agreed. Cisco's best security products are the Iron Port devices. The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO. As far as Cisco IPS, I've never seen one so that's not a good sign they lead in that area either.
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    aaron0011 wrote: »
    Agreed. Cisco's best security products are the Iron Port devices. The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO. As far as Cisco IPS, I've never seen one so that's not a good sign they lead in that area either.


    Please explain why the ASA is not a good enterprise firewall? There are differences between 5505, 5510, 5520, 5585 and now the X series.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • JobeneJobene Member Posts: 63 ■■■□□□□□□□
    The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO
    

    This is something i cant understand...
    Cisco isnt easy: TRUE! Cisco isnt cheap: TRUE! BUT CISCO IS EFFECTIV! You will never get the speed that Asa is providing!
  • aaron0011aaron0011 Member Posts: 330
    Jobene wrote: »
    The ASA is a great VPN concentrator but enterprise firewall? Not so much. Checkpoint and Palo Alto make real firewalls IMO
    

    This is something i cant understand...
    Cisco isnt easy: TRUE! Cisco isnt cheap: TRUE! BUT CISCO IS EFFECTIV! You will never get the speed that Asa is providing!

    But the management sucks. Sure ASDM has made strides but it's not great by no means.
Sign In or Register to comment.