My CCIE Security Progress

In August 2012 I was just getting back to work after a long vacation. Before going to see The Dark Knight Rises myself and a colleague were at a nice steakhouse talking about the future. Having just passed CCIE Service provider, his third CCIE, Emanuel (#9697) asked me what my plans were and told me he thought it was really time I gave CCIE Security a try. We talked about what the best way to archive the numbers were and I decided to give it ago.

I’ve thought about CCIE Security for some years. I think it was when the version 2 blueprint was out that I wanted to wait until they got rid of the VPN 3000 appliance (did anyone like that thing?). But something came in the way, perhaps life, and I never really started my studies.

After the Batman movie I contacted INE and purchased their CCIE Security Ultimate Bundle. I didn’t dive straight in though. First I knew that my CCSP was expiring in May, mainly as I see it because Cisco renamed it to CCNP Security. So I got a study guide for VPN 2.0 and went through that material. As I almost only work with the CLI, the most challenge for me with that one was using ASDM.

I passed the 642-648 in September and “upgraded” my CCSP to CCNP Security. My company went to Prague for a kickoff and I spoke to the other CCIEs in my team. Simon (#22655) kept saying that the Written exam is just a roadblock with more or less the same level as the CCNP stuff.

The real challenge was the labb. This didn’t really fit with the picture I had of the Written test. I asked Emanuel what books he thought I should read before writing the test. He said something along the lines of.

“Don’t study for the test. I think you know most of the material already. Just write the test now and see how it goes.”

I didn’t really like the thought of that and ended up studying for about two months and passed the Written exam on November 1 2012.

I’d worked with most of the topics covered and found the test to be easier than what I had expected of a CCIE Written exam.

However having passed the test I realized two things. The first one being that my timing for perusing CCIE Security was a bit off. The version 4.0 blueprint was just about to be released and INE’s material, as well as IPExpert’s, covered only the 3.0 blueprint.

The second thing I realized was that I got a few routing related questions on the exam covering topics I hadn’t really worked with. I figured it would be a good idea to brush up on my routing skills as that would help me a lot during the CCIE lab and also in work. I decided to put CCIE on hold for awhile and go through CCNP R&S first.

I passed the SWITCH exam on 22 January 2013 and began rereading the book I had and watched the INE videos for ROUTE.

Also I contacted INE, IPExpert and CCBootcamp to ask about their CCIE Security Bootcamps. I ended up booking a seat for the IPExpert Bootcamp in San Jose April 29 to May 3. Until then I will keep reading for the ROUTE exam, I don’t know if I will write the test or not before the CCIE lab.

Also I will start to blog about some of the blueprint topics where I need to learn more. As I needed to setup Zone Based Firewall that seemed like a good place to start.