I can’t really say they are good changes or bad changes. I guess things are never really black and white.
The part of the big project my team was working in will be over soon, for various reasons. That in itself is not good or bad, it had to end sometime I guess, it was just rather unexpected. One of the good things is that because my background in network security, I’ve been able to switch to another project (unlike my team mates so far). The project is for the same customer which is good because I know the place, the people, etc. Which leads to the next good thing, the Rheinbach days are over!
The bad thing is, the project is in München and still not somewhere closer. But I guess it could’ve been worse and I think things could change for the better soon. Good things come to those who wait, eh ? Or so they say.
At least there will be new challenges which is a good thing. I am involved now in firewall administration and deployment which is refreshing, it’s kinda what I was doing before I joined this company but this is on a whole different level. I am working with all the good things I learned while I was doing my Cisco CCSP certification: ASA firewalls, IDS/IPS Sensors, MARS (the monitoring and analysis tool from Cisco), etc. So, we’ll see how it goes.
In my previous post I said I will share some info about how I prepared for CCSP, so here it is. First of all, the CCSP certification has CCNA Security as a prerequisite, so you can’t start without that one. Then you need to take 4 more exams, 3 of them are fixed and the last one you can choose out of a list of elective exams.
- CCNA Security – pre-requisite; Exam 642-553. This one is the entry-level certificate in the security train and introduces you to basic concepts about firewalls, securing the network, VPNs, ACS, network attacks and so on.
I used the official certification guide book from Cisco Press. I was already familiar with most of the technologies discussed in the book so this was an easy exam but I would say the book is good and you can use it to pass even if you are new to the security field. You do need to have CCNA passed though.
- IPS (Implementing Cisco Intrusion Prevention System) – mandatory; Exam 642-533. For this one you need to be familiar with the IPS sensors.
I didn’t have access to something like that to practice so I took the official Cisco class for this exam. It was a 5-day class at Experteach and I would say it did a decent job at preparing me for the exam. It was not exactly cheap though (none of the Cisco classes are).
- SNRS (Securing Networks with Cisco Routers and Switches) – mandatory; Exam 642-504. This exam builds upon CCNA Security and further introduces you to a bit more advanced concepts like Layer 2 security, network thread mitigation, DMVPN, GETVPN and so on.
I took the official Cisco class for this one as well but after I finished it, I realized I went there for nothing. Almost everything could’ve been practiced at home in dynamips/gns3. You can easily practice for this one at home based on the exam blueprint.
- SNAF (Securing Networks with ASA Fundamentals) – mandatory; Exam 642-524.This exam introduces you to the administration, management and troubleshooting of the ASA security appliance.
For this exam I decided to prepare myself at home and I rented for a week the CCIE Security rack from InternetworkExpert, a 6-hour slot each day. The rack is meant for CCIE practice but it did have all I needed for my exam (2 ASAs, ACS server, IPS sensors). It was really not expensive at all ($15 per day or so) and you get remote access to the rack equipment.
Having that, based on the exam blueprint, I designed my own practice scenarios and I just used them to practice the various technologies. It was not that bad, you have complete access to the equipment and you can familiarize with them in peace and configure them the way you want.
- SNAA (Securing Networks with ASA Advanced) – elective; Exam 642-515. This exam builds upon SNAF and introduces you to more advanced ASA topics such as dynamic routing, SSL VPNs, AIP and CSC modules and so on.
I wanted to study at home for this one as well but I looked around for a while and I ended up buying a one-week SNAA remote lab from NIL. The difference this time was that the lab is specifically tailored to the SNAA exam and they also give you a set of scenarios and exercises you can do, which cover the exam blueprint. Another plus is that once you log into the remote lab, all equipment are already pre-configured and you can start immediately to do your exercises, without wasting time to prepare them.
And I forgot to mention that for both SNAF and SNAA exams I used the Cisco Press book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Good book.
And that’s pretty much it. What’s next ? CCIP, which is geared towards service providers and it’s much more related to what I do at work these days.
And after quite some time, I have finally finished my Cisco CCSP certification, just got out of the testing center 10 minutes ago ;-) When I get home tonightI will put together a post with some information about the whole process, what exams I took, what study materials I used and so on. Who knows, it might help someone out there.
This week I stayed home and I studied. I am going to take my last exam of the Cisco CCSP certification soon so I needed to do some practice.
The exam is all about the ASA Firewall and since I don’t have one at home and none available to me at work, I decided to get a one-week of SNAA remote lab from , a slovenian Cisco training partner. I guess I could’ve also taken a course for this exam but I think the remote lab is a better deal if the subject is not a complete mistery to you. It’s not sky-high expensive, you get exercises to practice all the items from the exam blueprint and you get to do this at your own pace, on real equipment. Which worked perfectly, all from a browser. I was quite impressed.
Anyway, at least I get to stay home this week. Next one it’s Munich again which is gonna be real “fun” since it’s the last week of the . 6 million visitors come to … get drunk :-? Yeah, really great. But I guess each with his own.