CCIE Chapter Two - Security

gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
OK, OK. So I know I dithered about picking what to do initially. After thinking about each of the tracks - Security does actually make the most sense for where I am in the grand scheme of things.

So Security is where I am going - I have a feeling the lab will be changing in the next twelve months (or at least an announcement) but regardless of that, I need to do a written exam anyway - so taking the Security written exam is not a waste of time as we do a lot with ASA's at work. I'm still in the same position I was in when I passed the R&S Lab in Feb - but I have many good personal reasons why that is the case. Whilst I would love a job move, I am not 100% in the position to move... yet.

In the meantime therefore, it is time to get #2 done whilst I've still got the good hours at night to get stuff done (or at least try). Work is a lot busier nowadays but hopefully I can still pursue this.

So DC = I felt this would be too much of a pain to get the rack time, for now.
SP = There's no need to be an SP in my company, and I don't even think there are many SP's in Wales where I am.

So, here we go!
«13

Comments

  • Dieg0MDieg0M Member Posts: 861
    Good luck man! I was thinking on going for this one too. What is your plan for material/equipment?
    Follow my CCDE journey at www.routingnull0.com
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Good luck gorebrush! I find the Cisco security track intriguing and if you did a journal of your studies I will definitely follow it.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • fredrikjjfredrikjj Member Posts: 879
    cool stuff. I'm looking forward to reading about your progress.
  • atorvenatorven Member Posts: 319
    Good luck dude. Out of interest, with your R&S knowledge still fresh, wouldn't SP be much easier (in terms of man hours and how much you have to learn) than Security?
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Thanks all! I will be documenting along the way yes. As for SP - it's pretty pointless because there are no real SP opportunities for me in this country. However, having said that, if I get through Security and I'm still looking for something to do then SP would probably be it.

    :D
  • davenulldavenull Member Posts: 173 ■■■□□□□□□□
    Chapter Two?

    *Looks at the R/S thread*

    More like Volume Two! icon_lol.gif

    Good luck man!
  • silver145silver145 Member Posts: 265 ■■□□□□□□□□
    Mwhahaha - think i remember saying security, glad to see you joined the race :p
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Well yeah, Volume two is more like it!

    How far along are you Silver?

    :D
  • silver145silver145 Member Posts: 265 ■■□□□□□□□□
    not massively as i started new job - Getting my head together with the ASA's and checkpoint. will be hitting the books for specific Exam stuff shortly though
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Great stuff - similar position to me, however I probably have a bit of a head start: -

    I did CCNA Security and one of the CCNP Sec exams in 2013...
  • silver145silver145 Member Posts: 265 ■■□□□□□□□□
    I did the CCNA sec a while ago also but work never really touched ASA's - thankfully the new job involves alot of playing with them!!! (on a side note i am looking at the CCSA also)

    Where are you starting with the SEC path?
  • Alex90Alex90 Member Posts: 289
    Good luck mate... you need to get yourself down to London, plenty of SP jobs knocking about down here!
  • lrblrb Member Posts: 526
    Good luck mate! Glad to see you are back on the bandwagon :)
  • Network_EngineerNetwork_Engineer Member Posts: 142 ■■■□□□□□□□
    When will the next exam version be released?
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Nothing has been announced yet so it remains v4 for the foreseeable. Seeing as the CCNP Security has been refreshed and the CCNA also - it'll only be a matter of time before it does.

    In the meantime - as with any version change, the bulk of the content will remain the same regardless so I'm safe to go take the written exam. Aiming to take that around November/December and if the lab is the same then I am considering May '16 in London to take the practical assuming all is well.
  • fredrikjjfredrikjj Member Posts: 879
    What books will you be reading?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    How will you be prepping for the written? I see that unlike it's R&S IE counterpart, the Security does not have books specifically for the written. I do see there is a long list of recommended books that cover various topics from the written, however it's not exactly ideal to read a bunch of 900 page tomes. I was wondering if one were to go through all of the INE advanced technologies course and are familiar with how to actually do the stuff it covers, if in the course of that you would also be able to answer questions on the written pertaining to those topics.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    I have access to video training through work so will use that, but books I think.

    May well have to get some workbooks too.
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    So I need to get on with this. I aim to pass the written by the end of 2015, with a view to taking a lab September '16. There's possibly some very interesting moves that could be made mid '16 at work so I need to get my head down.
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Have you seen the new Zero to Hero Security course by Narbik? It's 14 weeks long and a Cisco AS guy is teaching it. It's $3,500 and is supposed to include current technologies beyond what's on the exam to accommodate potential future changes coming to the CCIE Security. Here's the course information:

    Course Outline


    Week 1

    Class Introduction
    LAB Topology
    Class Agenda
    Basic Student Assessment
    Security Certification
    Cisco Security Architecture
    Network Security - ASA
    Basic ASA Configuration
    ASA Management
    ASA Deployment Scenarios
    ASA Traffic Flow


    Week 2

    Network Security - ASA
    Dynamic Routing (RIP, OSPF, EIGRP, BGP)
    NAT
    Modular Policy Framework (Inspection Policy)
    Virtual Firewall
    Active/Active Failover
    Transparent Firewall
    Threat Detection & Botnet Traffic Filtering
    QoS
    ID Firewall
    Firewall Clustering
    PBR on ASA


    Week 3
    Network Security - Next Generation Firewall (NGFW)
    Introduction to FirePOWER
    FirePOWER on ASA
    FirePOWER Traffic Flow
    Device Management
    Object Management
    Access Control Policy
    AD Integration


    Week 4
    Network Security - Next Generation Firewall (NGFW)
    FireSIGHT Technology
    File Detection and FireAMP
    IPS Policy and Preprocessors
    SSL Decryption
    Correlation Policies
    Event Analysis and Reporting


    Week 5
    Network Security - VPN
    IPSec theory
    PKI
    VPN types and modes
    Configuring Site-to-Site VPNs


    Week 6
    Network Security - VPN
    EasyVPN for S2S VPN
    DMVPN


    Week 7
    Network Security - VPN
    GET VPN
    IKEv2 theory
    FlexVPN


    Week 8
    Network Security - Remote Access VPN
    EasyVPN (DVTI)
    SSL VPN theory
    Clientless VPN


    Week 9
    Network Security - Remote Access VPN
    Introduction to AnyConnect
    Mobile User Security
    VPN Load Balancing and HA


    Week 10
    Content Security - Web Security
    Web proxy deployment modes
    L4TM
    User Identity & Authentication
    Web Security Policies
    URL Filtering
    Bandwidth Control
    Application Visibility & Control (AVC)
    Content Security - Web Security
    SSL Decryption
    Outbound Data Security


    Week 11
    Content Security - Email Security
    How SMTP works
    SMTP Relay deployment
    ESA Packet Flow
    Reputation Filters
    Message Filters
    Anti-Spam & Anti-Virus
    Content Security - Email Security
    Content Filters
    Outbreak Filters
    Data Loss Prevention (DLP)
    Email Encryption (CRES)


    Week 12
    Secure Access - AAA
    Introducing to AAA
    Setup AAA Clients
    Using TACACS+ for Administrators
    Using RADIUS for Network Access (802.1x)
    Introducing to Cisco ISE
    AD Integration
    Configuring MAB


    Week 13
    Secure Access - AAA
    Configuring Wired 802.1x
    Configuring Wireless 802.1x
    Guest Access
    Device Profiling
    BYOD & MDM
    L2 Security


    Week 14
    Network Security - Routers
    Router ACL
    Configuring Zone-Based Firewall on Router
    Router Hardening
    Configuring NAT on Routers
    NetFlow and Traffic Monitoring


    Week 15
    All-in-one LAB #1


    Week 16
    All-in-one LAB #2
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Cool! I hadn't seen this, but tomorrow I start in earnest. I need to get on with it now, properly. I've had way too long a break now, but work and other life pressures have meant I've needed a break for a while. Aiming for written in Feb, lab Sept '16, or Dec '16.

    Here's to it. I've got books ready and videos.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Can you list out your study material?
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    gorebrush wrote: »
    Cool! I hadn't seen this, but tomorrow I start in earnest. I need to get on with it now, properly. I've had way too long a break now, but work and other life pressures have meant I've needed a break for a while. Aiming for written in Feb, lab Sept '16, or Dec '16.

    Here's to it. I've got books ready and videos.


    Yep. I already signed up. It's more for fun for me than certification tho
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • lrblrb Member Posts: 526
    IPX also has some sale on for the rest of October with 40% of bundles and 2-4-1 rack rental tokens. I picked up the pre-order for the CCIE-SP bundle plus an extra 200 hours (so an 400 hundred hours in total) for just around 750 USD.

    I have no idea what the quality of their SP or SEC tracks are like, but I have heard great things about their DC track :)
  • Network_EngineerNetwork_Engineer Member Posts: 142 ■■■□□□□□□□
    Has anyone noticed the low amount of CCIE Security success stories and posts on INE forums? Why is there a such a low interest? Do you know of anyone passing the Security lab recently with a success story write up? Do you think the Security lab will be easier or harder than R/S?
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    I think we all know that R/S is the most popular of the tracks. It's also true that you don't see many success stories in Security. I'm not sure why that is. Maybe it's because Security engineers are secretive.. :D
  • Network_EngineerNetwork_Engineer Member Posts: 142 ■■■□□□□□□□
    How soon until you take the written?
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    Shooting for Late Feb '16
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    This target is a bit of a moving one dependent on how much I get done... Still Late Feb.. for now. Started this week by looking at some videos, PKI and stuff I've not done with an IOS device before.
  • gorebrushgorebrush Member Posts: 2,743 ■■■■■■■□□□
    So there are now dates for September 2016 in London for CCIE Security. That is my goal now, unless the version changes between now and then. I figure if I pass the written exam very early '16 and book a slot for then I should be able to beat any cut off, assuming of course any new version change is announced after March of course.
Sign In or Register to comment.