top of page
Search

My CCIE Security journey


There are a number of different CCIE tracks (Routing and Switching, Security,Wireless, Collaboration, etc.). I should mention here this article will be dedicated to the Security track. A lot of this information can be applied to all tracks, but I will be focusing on the Security track.

CCIE

I know there were many times when I was beginning to lose hope and didn’t know how to proceed. I searched the Internet for other people’s experiences and success stories to try and find motivation to go on. I think of this as an opportunity for me to give back to the community, and possibly casting a different light on things because of my background as a programmer.

So when I had decided I wanted to go for the CCIE I started looking up study materials. I checked the recommended reading lists and workbook vendors. I bought a few of the recommended books as hard copies, and I actually even made an attempt at the CCIE written at Cisco Live before I started studying since you get one free attempt at any test at their mobile test center (needless to say, I didn’t pass ). I had a talk with my previous boss about pursuing CCIE, and he was supportive and said the company might be able to help with some of the costs. BUT eventually, when the new manager came I paid circa 2,300 Euros out of my pocket for EACH Lab attempt (Hotel cost,lab and flight etc.)

I ended up buying these materials to get my studies started:

  • Routing TCP/IPs___, Volume 1, Second Edition

  • Safari Books___Online subscription

  • Internetworking with TCP/IPs___ by Douglas Comer

  • INE.com___ All Access Pass (Videos and workbooks)

“Internetworking with TCP/IP,” is very general about networking, it’s a nice introduction which goes through a lot of the protocols and applications in a non-vendor specific way. It talks about things like TCP congestion management and DHCP in a general way. It’s a good read, but as I’ve learned it’s not really what is going to be tested at the CCIE exams. Routing TCP/IP is focused around Cisco-implementation and has a lot of details around the IGPs mainly.

The Safari Books Online subscription was really great to find information on specific topics, I found myself jumping around between many different books rather than reading one specific volume from cover to cover. They also have an app for your smartphone so you can download books for offline reading when you are traveling which I used a lot.

The most important part of my studies however was the INE materials. The videos give a great introduction into each topic. The workbooks from INE also goes through all the topics covered in the blueprint and I’m guessing technology labs is where you will spend most of your time during your studies.

I also used a lot of free materials available, for example:

Towards the end of my studies I realized that even though INE does have “Mock labs” they are very far from what you will see at the actual exam, so I decided to buy some labs from Cisco 360 Expert-Level Training for the basic Routing and Switch part of it (Basic connectivity)

Connectivity first and then securing it!

Let's take a look at some of the training materials that can run up your training budget:

Books Anyone who has bought IT certification/technical tomes knows that these weighty suckers can cost anywhere from $30 to upwards (and occasionally over) $160. Here I listed some of them for you:

Recommended books

(I read this books for preparation)

Todd Lammle's CCNA IOS Commands Survival Guide

Cisco ASA: All-in-one Next-Generation Firewall, IPS and VPN Services

Wireless LAN Security

Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security

Security Operations Center: Building, Operating, and Maintaining your SOC

Email Security with Cisco IronPort

Cisco Firewalls

CCNP Security: SISAS

Securing Cisco IP Telephony Networks

PKI Uncovered

Practical Deployment of Cisco Identity Services Engine (ISE)

IPv6 Security

Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

AAA Identity Management Security

Implementing Cisco IOS Network Security

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System

IPv6 Fundamentals

I also tried these labs:

°°°Definitely do these before the real exam!°°°

  • LAB-CA10 and CA11. Good, but not much of a challenge again.

  • LAB-CA12 through CA15. These labs are the most challenging ones at least for me!!! These labs were really hard and much like the real exam.

  • LAB-TA01 and LAB-CA01, I got these free since I attended a Techtorial on CCIE at Cisco Live. They were very easy, not much of a challenge

  • LAB-TA09 through 11. Good, but not much of a challenge compared (Way easier than the lab) to the real exam.

  • Large, complex topologies and the time felt limited like the real exam.

Useful videos

Khawar Butt Bootcamp videos on Youtube (This man is a HERO!!!!🙂)

INE's ASA with FirePOWER Services Basics

Udemy's Learn Cisco Sourcefire IPS and Prepare for SSFIPS Exam

Narbik's Security Videos

Firepower Labminutes Video

Labminutes FTD 6.1 Video Bundle

INE's ASA with FirePOWER Advanced Services

INE's CCIE Security v4 Bootcamp Videos

StealthWatch Administrators

StealthWatch for Security Operations

StealthWatch for Network Operations

ISE Labminutes Videos

INE's CCIE Security v4 Troubleshooting Videos

INE's CCIE Security Advanced Technology Course v4

INE's CCIE Security WSA Primer

TrustSec Labminutes Videos

VPN Labminutes Videos

NAT Labminutes Videos

I started with Video trainings, bootcamp and then build the labs on UNL and EVE-ng, it helped me to have full hands-on and free hands-on with real experience of Security Appliances. I booked the lab and time came for the attempt.When I get to the lab I was not expecting the hardness of SECURITY but yes it is really tough and really tricky exam ever I saw in all CCIE journeys, I finished the lab in circa 5,5 hours and start verification which helped me to fix lots of issues.

This is the track that I am pursuing so it's the track that I am most familiar with. This week we'll look at the costs involved with tackling the CCIE certification.

°°°NEVER EVER START A TASK WITHOUT FINISHING IT°°°

I'll split these cost into a few major categories: Exam Costs This category can be considered your fixed costs. All of the rest of the costs are technically optional and certainly subjective. But you will be required to shell out at least $1,715 in testing costs. The written exam will set you back $315 and the lab exam will cost you $1,400(all values in US dollars) 1,600 Euros approximately in Vienna. Unless you work for Cisco or have some type of certification discount with Vue or Cisco, then this is the bare minimum that you'll be able to get away with paying if you want a CCIE. Of course, these costs are per attempt, so each time you fail a lab or written exam, the cost rises. As I mentioned in my first post, there are only ten locations worldwide which host the CCIE lab (less for some tracks) so there's a very good chance that you'll need to add travel costs to your total. I recently took the lab exam in San Jose and my travel costs were about $550 (flight from Minneapolis, one night hotel stay, and a rental car).

Basically, each lab attempt costs me $2,000. Training/Study Materials Most candidates spend a large portion of their CCIE budget on training costs. Whereas the exam costs are fixed (plus travel if needed) the training costs will vary greatly from candidate to candidate. In my case, I've spent well over $6,500 on training. A large portion of this has been (thankfully) reimbursed by my employer.

l would have shelled out about $6,500 for training. Believe it or not, there are a lot of candidates (Like me) who drop five-figures on CCIE training (some of them do it completely out of their own pockets).

True, most candidates do not read all or these books or even read the ones that they do from cover to cover, but I would guess that most candidates do read a good chunk of at least seven books.

TRADEMARK LEGAL NOTICE All product names, logos, and brands are property of their respective owners in the Austria or other countries.All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.Use of these names, logos, and brands does not imply endorsement.The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other company. Pheniix runs as an independent blog.

#CCIE #CCIELab #MikeGhahremani #InfoSec #Cybersecurity #ASASecurityDeviceManagerASDM #LAB #Cisco #CiscoFIREPOWER #CiscoPartners #CiscoSecurity #CiscoIdentityServicesEngine

bottom of page