+ Reply to Thread
Results 1 to 22 of 22
  1. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #1

    Default CCNP: Security before CCNP R/S?

    Hi all, quick question for you: Would I be doing things bass ackwards if I obtained a CCNP Security prior to covering CCNP R/S topics? Shortly I will be starting a position in security with emphasis on the network security devices. I would like to pursue the CCNP: Sec credential this year but I'm not sure if I would be better off studying NP R/S topics first.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #2
    My opinion is that they are different tracks and have little dependency on each other. As an example, I am an enterprise sysadmin and CCNP:S is right up my alley. OTOH, I have no plans to do CCNP:R/S, as the routing part of it is not relevant to my daily job.
    Reply With Quote Quote  

  4. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #3
    Thanks ChooseLife. That's sort of what I was hoping for. CCNA Sec did not dive as deep as I was hoping, and I am eager to get into CCNP: Sec material in the next few months.
    Reply With Quote Quote  

  5. Senior Member Ivanjam's Avatar
    Join Date
    Feb 2012
    Location
    NYC
    Posts
    967

    Certifications
    CCNA, CCENT, Project+, Security+, Network+, A+
    #4
    Quote Originally Posted by YFZblu View Post
    CCNA Sec did not dive as deep as I was hoping
    I'd love to be able to say that - good luck @YFZblu with the CCNP:Sec!
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Dec 2012
    Location
    Lewiston, Idaho
    Posts
    2

    Certifications
    Net+,Security +, CCNA, CCNA Security
    #5
    I just recently got my CCNA Security, and i feel the same way in a sense that the use of it is giveing you a general foundation of what Cisco Security is to help with better understanding of the indept topics of the CCNP Sec. Thats what i am doing as well is CCNP security. I figure the R:S stuff can be learned though trial and error or just picking up some books if you need the information but i really dont think you would need to go as far as certifying in CCNP R:S to be a good security admin.
    Reply With Quote Quote  

  7. Senior Member Kreken's Avatar
    Join Date
    Sep 2012
    Location
    NYC
    Posts
    280

    Certifications
    CCNP R&S, CCDP, CCNP:S
    #6
    Quote Originally Posted by DiZz
    I figure the R:S stuff can be learned though trial and error or just picking up some books if you need the information but i really dont think you would need to go as far as certifying in CCNP R:S to be a good security admin.
    Can't you say the same thing about CCNP:S track? A lot of things can be learned just by picking up a book.

    Quote Originally Posted by ChooseLife
    My opinion is that they are different tracks and have little dependency on each other.
    For being different tracks, they have a lot of overlap. SWITCH exam has more in-depth coverage of switch security than SECURE exam. You do need to have a solid understanding of routing for FIREWALL and VPN exams. CCNP:S is not just about creating rules on a firewall and IPS.
    Reply With Quote Quote  

  8. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,583

    Certifications
    SpecterOps: Powershell Adversary Tactics, SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #7
    Quote Originally Posted by ChooseLife View Post
    My opinion is that they are different tracks and have little dependency on each other. As an example, I am an enterprise sysadmin and CCNP:S is right up my alley. OTOH, I have no plans to do CCNP:R/S, as the routing part of it is not relevant to my daily job.
    All tracks depend on routing and switching.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), SpecterOps: PowerShell Adversary Tactics (completed), eCPPT (2nd attempt), LFCS (4th attempt )
    2018 Goals: eCPPT, OSCP
    Reply With Quote Quote  

  9. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #8
    Quote Originally Posted by Kreken View Post
    For being different tracks, they have a lot of overlap. SWITCH exam has more in-depth coverage of switch security than SECURE exam. You do need to have a solid understanding of routing for FIREWALL and VPN exams. CCNP:S is not just about creating rules on a firewall and IPS.
    Quote Originally Posted by chrisone View Post
    All tracks depend on routing and switching.
    I am under impression that dynamic routing in explored much deeper in CCNP:R&S track than it is in CCNP:S.
    Indeed, understanding of routing is a pre-requisite for CCNP:S, but what is the level required?

    As mentioned earlier, I am enterprise sysadmin, and in the decade of the career never touched a dynamic routing protocol in a production network - it has always lived on the other side of the demarc point. At the same time, I have done my share of designing and supporting VPN, enterprise firewalls, ASAs, IDS/IPS, and even with my limited knowledge of BGP, OSPF and IS-IS I still feel comfortable with the knowledge domain CCNP:S covers. Should I not be? Based on your knowledge of the two tracks, do you feel I need to dive into CCNP:R&S -level BGP studies in order to be a successful CCNP:S candidate?
    Reply With Quote Quote  

  10. Senior Member SteveO86's Avatar
    Join Date
    Oct 2010
    Location
    FL
    Posts
    1,405

    Certifications
    CCNP, CCIP, CCDP, CCNP: Security/Data Center, CCNA Wireless, CWNA, WCNA
    #9
    From what I can see as far as CCNP:S goes into routing protocols, involves authenticating peers (Also covered in CCNP:R/S) and setting up the protocols on the Cisco ASA's.

    CCNP:S doesn't go into how the routing protocols work, or Layer 2 technologies or how to troubleshoot the protocols. Other then the initial configuration. That doesn't go to say you'll never have to troubleshoot a routing protocol in the real work but you know
    Reply With Quote Quote  

  11. Matrix(Config)# Roguetadhg's Avatar
    Join Date
    Jan 2012
    Location
    SC
    Posts
    2,380

    Certifications
    #Cisco: NA #CompTIA: A.N.S
    #10
    Darn good posts here, and good thread.

    I like the insight from those that have gone both certs. So far it seems like it's a CCNP before CCNP:Security.
    Reply With Quote Quote  

  12. Senior Member SteveO86's Avatar
    Join Date
    Oct 2010
    Location
    FL
    Posts
    1,405

    Certifications
    CCNP, CCIP, CCDP, CCNP: Security/Data Center, CCNA Wireless, CWNA, WCNA
    #11
    Depends on your situation, I've known a few success security people who were CCNP:S and didn't know a lick of routing/switching. (granted they had their CISSP as well with a few other security certs so routing/switching were not really their concern)
    Reply With Quote Quote  

  13. M&C: Far Side of the Net vinbuck's Avatar
    Join Date
    Jul 2008
    Location
    Jackson, MS
    Posts
    774

    Certifications
    CSA (Certified Sandwich Artist - Retired), MCP, CCNP, CCNA, MTCNA, MTCRE, MTCTCE, HE IPv6 Enthusiast
    #12
    Routing and Switching is the biggest weak point I see in Security only types.

    The problem IMHO is that they see VPNs, ports and protocols and not the network architecture as a whole. This is extremely limiting when it comes to defending against complex attacks or trying to secure the network. As an example, it's difficult to discuss VRFs or MPLS as a security measure for isolation if you don't understand how either is implemented or what they bring to the table.

    I'm not saying that every security engineer should strive for CCIE R&S, but I think if most had a CCNP R&S foundation, they would be much more effective.

    Just my 2 pesos as a large scale route/switch guy
    Reply With Quote Quote  

  14. Senior Member bryguy's Avatar
    Join Date
    Dec 2011
    Location
    Northeast
    Posts
    189

    Certifications
    CCNP, CCNA-Security, CISCO IPS Specialist, BCNE, CISSP, GSNA, CEH, CHFI, Security+, Network+, ITILv3, HDA
    #13
    Don't think CCNP-RS is necessarily required... The last re-vision of the CCNP required ISCW (Implementing Secure Converged Wide Area Networks) which covered a number of security related topics including frame mode MPLS, CBAC IOS firewalls, and hardening the IOS... but that was before the CCNA Security track was available. If I'm not mistaken, CCNA-RS is a prerequisite of the CCNA-Security track. So at one time, prior to the CCNA security track, I think the CCNP would have been helpful, prior to the CCSP, in the same way that the CCNP would have been helpful prior to taking the CCVP, because ONT covered QOS so much. I think, in a security focused environment, the Associate level of RS is enough.
    Reply With Quote Quote  

  15. Connection Overlord f0rgiv3n's Avatar
    Join Date
    May 2008
    Posts
    578

    Certifications
    A+, N+, S+, MCSA(2k3), CCNA, CCNA Security, CCNP, JNCIA+JNCIS-Sec(expired), CISSP
    #14
    Another thing to take into account is what people will expect you to know when they see those credentials on your resume. They see a CCNP Security on there, will they know that even though it's a CCNP level certification, it doesn't cover much about dynamic routing?

    CCNP R&S gives you a great understanding of the big picture. Sure the CCNP Sec by itself (w/o R&S) is success all on its own but if you have the foundation of CCNP R&S before Security it will really make you a lot more valuable because you can see the big picture instead of only the isolated firewall/security domain.

    I highly disagree with being able to learn routing by the school of hard knocks. Sure you can learn it by trial and error but the whole point of certifications is to learn best practice. With dynamic routing protocols it is extremely important to know why it does what it does. By knowing the best practices with these things (which you learn through CCNP R&S) you are able to make better educated decisions that are more scalable and reliable in the long run.

    There's my two cents
    Reply With Quote Quote  

  16. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #15
    Great responses all, thank you. I'm focusing on the GSEC at the moment, so I have time. I may simmer for a while in this position before making any more decisions.
    Reply With Quote Quote  

  17. ...loading... gorebrush's Avatar
    Join Date
    Apr 2005
    Location
    UK
    Posts
    2,728

    Certifications
    CCIE:R&S, CCNP:R&S, CCNA:S, MCSE, MCSA:M, MCTSx2
    #16
    I found the CCNA Security was a very nice introduction into Security, but as I did the ISCW exam as part of my CCNP - a lot of it was review from that. I mean, you could probably just walk out of the ISCW exam, go and do the CCNA:S in the same day, they are quite similar.

    Though, of course, ISCW was 3 years ago
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Aug 2009
    Posts
    250

    Certifications
    CCNP R/S, CCNA Wireless, BCNP, BCNE, SCP, A+, N+
    #17
    You don't need to know R&S for security, but you do need to understand the routing part. I've seen many cases where all the security work gets done to allow new traffic through the firewalls, get nat and everything else implemented, yet there is no route for the traffic in the other network to get back =D.
    Reply With Quote Quote  

  19. Senior Member wintermute000's Avatar
    Join Date
    Jan 2013
    Location
    Melbourne, Australia
    Posts
    170

    Certifications
    CCNP R&S, CCNP Voice, CCNP Security, CCDP
    #18
    Quote Originally Posted by pert View Post
    You don't need to know R&S for security, but you do need to understand the routing part. I've seen many cases where all the security work gets done to allow new traffic through the firewalls, get nat and everything else implemented, yet there is no route for the traffic in the other network to get back =D.
    +111111

    A firewall guy who doesn't understand R&S is one of the most frustrating obstacles a networker will face in their life, especially when it comes to routing through VPN topologies. I've seen it go so far as the FW work getting taken off the security team (who then get laid off) and put back onto network ops, who google/improv their way through it.

    Someone with good R&S will be able to pick up firewalls, but the reverse is rarely true in my experience.

    But you have a CCNA already so you theoretically should know ENOUGH. If your job is security then logically CCNP Sec is the best choice.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Aug 2011
    Location
    Little Rock, AR
    Posts
    818

    Certifications
    CISSP, CCNA (R&S, Sec), WGU BS:IT Sec, MCTS: Win 7 Config, Sec+, Project+, Storage+, Net+, A+
    #19
    From what I have seen, security pros are not expected to know networking. I was talking to a network manager about my aspirations to get into security. I asked him if getting into security without learning networking is anything like learning to run before learning to crawl. He said that it is more like learning to fly before learning to swim. Generally, whenever someone in security has a question about networking, they just hand the problem off to networking before it gets passed back to security.

    That being said, I like knowing how things work and think that R&S should go before Security. Standing on someone else's shoulders means that it is much harder to take a step forward.
    Reply With Quote Quote  

  21. Senior Member wintermute000's Avatar
    Join Date
    Jan 2013
    Location
    Melbourne, Australia
    Posts
    170

    Certifications
    CCNP R&S, CCNP Voice, CCNP Security, CCDP
    #20
    "Generally, whenever someone in security has a question about networking, they just hand the problem off to networking before it gets passed back to security."

    Sorry, thats the kind of attitude that I find appalling.

    I don't expect a security guy to know the syntax to configure XYZ on a router or understand routing protocols, but I do expect them to understand the basics of subnetting, switching and routing. How the ---- are they expected to evaluate security if they don't even understand the basic path the traffic is flowing through. The network is the #1 technical foundation of security.

    Its pathetic and I've seen a lot of very pathetic security guys, all they do is forward vendor advisories and ask you 'is system X patched yet'. I don't even think most of them can code or sysadmin either so WTF are they there for. Can't understand how an exploit works, can't understand how an exploit spreads or an attack vector is created, sheesh lets tick some boxes and get paid LOL.

    Pathetic.... btw I've known plenty of security guys who 'gets' networking. Much easier working with those people, they actually understand the implications of the R&S overall structure on security. If you treat the network as someone else's black box you're not going to do a very good job.... how the ---- are you going to do a good job on a firewall or IDS if you don't even understand the traffic flow through it. Note I'm talking about security engineers not general security guys i.e. if you have to deal with firewalls then you better understand R&S basics. The good guys also get systems, because they have to. (are you qualified to tell the DB admins what to do if you don't understand why SQL input parsing is important, and the consequences of running processes with extra privileges?).

    I'm a R&S guy but I sure as heck understand the basics of vmware/ESX, because of all the jobs I have to do whereby we have to get connectivity into an vmware environment. What do you think would happen if I just threw up my hands and said 'its not a router or a switch I dunno'?
    Last edited by wintermute000; 01-28-2013 at 02:40 AM.
    Reply With Quote Quote  

  22. Junior Member Registered Member
    Join Date
    Oct 2015
    Posts
    1
    #21
    Great stuff here guys!
    Reply With Quote Quote  

  23. /threadkiller ande0255's Avatar
    Join Date
    Sep 2013
    Location
    Around
    Posts
    1,160

    Certifications
    CCNA R&S, Voice, Security
    #22
    To add my 2 cents, I am currently (right now) working a ticket that started out as a possible ASA VPN Licensing issue, but it turns out the customers edge device is a router and not an ASA - and it is running OSPF and BGP.

    I am the Voice / Security / Network team, so now I have to untangle this mess, and CCNP R/S level knowledge would come in handy right at the moment cause I am pretty much lost here.

    Time for me to start on CCNP R/S pretty quick here
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks