Be prepared: Study is key to conquering Cisco’s CCIE Security exam
This feature first appeared in the Summer 2014 issue of Certification Magazine.
One of the most challenging networking credentials in the IT certification world is the Cisco Certified Internetworking Expert (CCIE) offered by Cisco. Now imagine combining that clout with a specialization in security. For many networking professionals, a CCIE Security stamp of approval is at or near the top of the career certification ladder.
The CCIE Security exam has no prerequisites — though candidates are “strongly encouraged” to have at least three-to-five years of network security job experience— but the exam process is intimidating, to say the least. CCIE Security candidates must pass both a two-hour written exam and an eight-hour, hands-on lab exam. Passing the lab exam, in particular, is sort of like the certification equivalent of wrestling a bear. You don’t want to climb into the ring unless you are feeling like a bit of a bear yourself. It’s the kind of confidence that you can only get from years of experience and months (yes, months) of solid pretest preparation.
One potentially vital element of that process is practice labs. If you’re looking for a bit of that iron-sharpens-iron grit, then Natalie Timms’ CCIE Security v4.0 Practice Labs, published in May by Cisco Press, is probably a wise investment. Think of Timms, a networking expert with a nearly two-decade career at Cisco, as being your Jedi Master of CCIE Security.
When she’s not consulting, teaching, or working on new training materials, Timms keeps up an interest in real estate and design. “I think that will be my sideline career at some point,” she said. She also runs every day “to keep my sanity,” and relaxes by watching the BBC’s Top Gear, as well as “most things on HGTV.” Somehow, she also found a few spare minutes to answer some questions for Certification Magazine.
CertMag: Generally speaking, what level of study and preparation should potential CCIE Security exam takers be ready to commit to?
Natalie Timms: The possible range of security solutions covered in the exam topics lists has grown quite a bit in v4.0. Notice I say security solutions, not just security products. Although study times vary, you should prepare to dedicate at least 12 months. This takes into consideration work and personal commitments. Much of this study time will involve practical work, which is sometimes hard to schedule.
You may need less time if your work experience and/or current job role involves working with Cisco security solutions and technologies on a regular basis.
CertMag: What’s the best way to manage the time demands of studying for a top-level certification?
Natalie Timms: People have busy lives and have to balance their study schedules, work, family and keeping healthy and motivated in the best way possible — for them. The main thing for CCIE is to have a study plan, allocate time each week and plan your practice topics and set goals. Treat studying for CCIE like training for a marathon. Setting too aggressive a study plan can be just as bad as not studying enough.
Keep your mind fresh, don’t burn out. Don’t set unrealistic study goals as you will become discouraged. When setting aside time for practical preparation, know you will probably spend more time on things than you planned for, so make sure you are absorbing what you are doing and not just racing through a set of configuration tasks.
CertMag: What level of knowledge and job experience is required to be successful in obtaining a CCIE credential?
Natalie Timms: There are no formal prerequsities for CCIE, however you should have several years of practical experience and know how to move around a device to configure it quickly. You should have had experience designing networks and deploying security. You should also have a sound understanding of internetworking.
Although the security exam doesn’t require you to implement routing and switching from scratch, you need to know how to secure that infrastructure. You should also have a little background knowledge in technologies like wireless and voice/collaboration. Everything needs security these days.
CertMag: When you were preparing the content for “CCIE Security v4.0 Practice Labs,” what was the process? Did you create the labs from scratch? Are they based on existing scenarios? What are the most important elements of a good lab?
Natalie Timms: I created the labs from scratch, but used the Exam Equipment List to select the hardware types and software versions. The network routing and switching to hold the topology in place were also configured from scratch. The network design tries to present a wide variety of scenarios that require security solutions taken from each of the Lab Exam Topics domains. I also split the Lab Guide into two sets of exercises. Lab 1 focuses on initial deployments, installing the building blocks of a good security design. Lab 2 then presents a more advanced series of exercises that build on Lab 1.
The lab topology is based on typical real- world scenarios, which is why this Lab Guide is also a good reference for security professionals who work with Cisco products, not just CCIE Security candidates. Elements of a good lab are variety, real-world applicability — so you can understand why you are doing a certain thing — and having a good balance between standalone solutions and those exercise that have dependencies on others. This makes it possible to practice troubleshooting skills.
CertMag: Are the labs you create intended to be more difficult than what a candidate might face in the actual CCIE exam? How much of what an exam candidate can expect to be tested on is covered in the labs?
Natalie Timms: I tried to design the lab guide topology to include as many elements from the exam equipment list as possible, while still making it feasible for a candidate to try to reproduce the setup for themselves. The labs cover topics from all of the Exam Topics domains and there is a good selection of individual exercises as well as those that have dependencies.
It’s not possible to predict what questions a candidate will be asked. This is what makes the CCIE exams so challenging — the possible options come from a large set of possibilities.
CertMag: Generally speaking, if a CCIE candidate fails the first time around, are there things to look for in making a second attempt? Do most people need more than one attempt to pass the exam?
Natalie Timms: If you fail your exam, be sure to look at your score breakdown to identify those areas in which you could have done better. If you didn’t have enough time to complete the exam, think about where you spent the most time and why. Get more hands-on practice time and actually time yourself completing certain tasks. Make sure you know how to configure and verify your work quickly, don’t rely on help screens, CLI prompts or any supplied online documentation. These are for emergencies only. Have an exam strategy in place so that you don’t spend too much time on questions that have less point values than others. In general many candidates do need more than one attempt to pass.
CertMag: What sort of job options might open up to a successful CCIE Security candidate? Is that field of possibilities evolving as the internet spreads out to encompass more and more devices and objects?
Natalie Timms: The CCIE Security exam goes beyond just configuring and troubleshooting. You need to be able to analyze outputs and design requirements and solve problems. You need to be able to see the bigger picture in terms of securing the network and understand how security is integrated in a wide array of products and use cases. One of the goals of the certification is that it covers relevant topics. It includes legacy as well as recent technologies, because customer deployments are not all the same. By keeping current and updating regularly to cover what is important in the industry today, you reaffirm the value of the certification.
The role of the security professional is changing. No longer are we talking about the “firewall administrator.” Engineers, architects, policy makers, administrators — these are all roles where the CCIE Security certification is a valuable credential. It shows that not only do you have security knowledge, but that you can put it into practice. Having a CCIE also tells employers you are dedicated and have worked hard to succeed in your career.
CertMag: What’s the best advice you were ever given about succeeding in certification? What advice do you find that you routinely pass along to others about succeeding in certification?
Natalie Timms: Best advice is always be well planned. Don’t give up if you fail. You learn more from your failures than your successes. The other thing I say is: Don’t cheat. Have respect for yourself and those who work hard for their CCIE. In the end, you will look pretty foolish when you really can’t live up to the credential.