My CCIE Security journey

There are a number of different CCIE tracks (Routing and Switching, Security,Wireless, Collaboration, etc.). I should mention here this article will be dedicated to the Security track. A lot of this information can be applied to all tracks, but I will be focusing on the Security track.


I know there were many times when I was beginning to lose hope and didn’t know how to proceed. I searched the Internet for other people’s experiences and success stories to try and find motivation to go on. I think of this as an opportunity for me to give back to the community, and possibly casting a different light on things because of my background as a programmer.
So when I had decided I wanted to go for the CCIE I started looking up study materials. I checked the recommended reading lists and workbook vendors. I bought a few of the recommended books as hard copies, and I actually even made an attempt at the CCIE written at Cisco Live before I started studying since you get one free attempt at any test at their mobile test center (needless to say, I didn’t pass ). I had a talk with my previous boss about pursuing CCIE, and he was supportive and said the company might be able to help with some of the costs. BUT eventually, when the new manager came I paid circa 2,300 Euros out of my pocket for EACH Lab attempt (Hotel cost,lab and flight etc.)
I ended up buying these materials to get my studies started:
Routing TCP/IPs___, Volume 1, Second Edition
Safari Books___Online subscription
Internetworking with TCP/IPs___ by Douglas Comer
INE.com___ All Access Pass (Videos and workbooks)
“Internetworking with TCP/IP,” is very general about networking, it’s a nice introduction which goes through a lot of the protocols and applications in a non-vendor specific way. It talks about things like TCP congestion management and DHCP in a general way. It’s a good read, but as I’ve learned it’s not really what is going to be tested at the CCIE exams. Routing TCP/IP is focused around Cisco-implementation and has a lot of details around the IGPs mainly.
The Safari Books Online subscription was really great to find information on specific topics, I found myself jumping around between many different books rather than reading one specific volume from cover to cover. They also have an app for your smartphone so you can download books for offline reading when you are traveling which I used a lot.
The most important part of my studies however was the INE materials. The videos give a great introduction into each topic. The workbooks from INE also goes through all the topics covered in the blueprint and I’m guessing technology labs is where you will spend most of your time during your studies.
I also used a lot of free materials available, for example:
Cisco Live On-demand Library- recordings of sessions from Cisco live (You can even some of them on Youtube)
Youtube videos (Search for CCIE Security in Youtube 😂)
Forums and blogs : e.g blog.ine.com
Towards the end of my studies I realized that even though INE does have “Mock labs” they are very far from what you will see at the actual exam, so I decided to buy some labs from Cisco 360 Expert-Level Training for the basic Routing and Switch part of it (Basic connectivity)
Connectivity first and then securing it!
Let's take a look at some of the training materials that can run up your training budget:
Books Anyone who has bought IT certification/technical tomes knows that these weighty suckers can cost anywhere from $30 to upwards (and occasionally over) $160. Here I listed some of them for you:
Recommended books
(I read this books for preparation)
Todd Lammle's CCNA IOS Commands Survival Guide
Cisco ASA: All-in-one Next-Generation Firewall, IPS and VPN Services
Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security
Security Operations Center: Building, Operating, and Maintaining your SOC
Email Security with Cisco IronPort
Securing Cisco IP Telephony Networks
Practical Deployment of Cisco Identity Services Engine (ISE)
Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP
AAA Identity Management Security
Implementing Cisco IOS Network Security
SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System
I also tried these labs:
°°°Definitely do these before the real exam!°°°
LAB-CA10 and CA11. Good, but not much of a challenge again.
LAB-CA12 through CA15. These labs are the most challenging ones at least for me!!! These labs were really hard and much like the real exam.
LAB-TA01 and LAB-CA01, I got these free since I attended a Techtorial on CCIE at Cisco Live. They were very easy, not much of a challenge
LAB-TA09 through 11. Good, but not much of a challenge compared (Way easier than the lab) to the real exam.
Large, complex topologies and the time felt limited like the real exam.
Useful videos
Khawar Butt Bootcamp videos on Youtube (This man is a HERO!!!!🙂)
INE's ASA with FirePOWER Services Basics
Udemy's Learn Cisco Sourcefire IPS and Prepare for SSFIPS Exam
Narbik's Security Videos
Firepower Labminutes Video
Labminutes FTD 6.1 Video Bundle
INE's ASA with FirePOWER Advanced Services
INE's CCIE Security v4 Bootcamp Videos
StealthWatch Administrators
StealthWatch for Security Operations
StealthWatch for Network Operations
ISE Labminutes Videos
INE's CCIE Security v4 Troubleshooting Videos
INE's CCIE Security Advanced Technology Course v4
INE's CCIE Security WSA Primer
TrustSec Labminutes Videos
VPN Labminutes Videos
NAT Labminutes Videos
I started with Video trainings, bootcamp and then build the labs on UNL and EVE-ng, it helped me to have full hands-on and free hands-on with real experience of Security Appliances. I booked the lab and time came for the attempt.When I get to the lab I was not expecting the hardness of SECURITY but yes it is really tough and really tricky exam ever I saw in all CCIE journeys, I finished the lab in circa 5,5 hours and start verification which helped me to fix lots of issues.
This is the track that I am pursuing so it's the track that I am most familiar with. This week we'll look at the costs involved with tackling the CCIE certification.
°°°NEVER EVER START A TASK WITHOUT FINISHING IT°°°
I'll split these cost into a few major categories: Exam Costs This category can be considered your fixed costs. All of the rest of the costs are technically optional and certainly subjective. But you will be required to shell out at least $1,715 in testing costs. The written exam will set you back $315 and the lab exam will cost you $1,400(all values in US dollars) 1,600 Euros approximately in Vienna. Unless you work for Cisco or have some type of certification discount with Vue or Cisco, then this is the bare minimum that you'll be able to get away with paying if you want a CCIE. Of course, these costs are per attempt, so each time you fail a lab or written exam, the cost rises. As I mentioned in my first post, there are only ten locations worldwide which host the CCIE lab (less for some tracks) so there's a very good chance that you'll need to add travel costs to your total. I recently took the lab exam in San Jose and my travel costs were about $550 (flight from Minneapolis, one night hotel stay, and a rental car).
Basically, each lab attempt costs me $2,000. Training/Study Materials Most candidates spend a large portion of their CCIE budget on training costs. Whereas the exam costs are fixed (plus travel if needed) the training costs will vary greatly from candidate to candidate. In my case, I've spent well over $6,500 on training. A large portion of this has been (thankfully) reimbursed by my employer.
l would have shelled out about $6,500 for training. Believe it or not, there are a lot of candidates (Like me) who drop five-figures on CCIE training (some of them do it completely out of their own pockets).
True, most candidates do not read all or these books or even read the ones that they do from cover to cover, but I would guess that most candidates do read a good chunk of at least seven books.
TRADEMARK LEGAL NOTICE All product names, logos, and brands are property of their respective owners in the Austria or other countries.All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.Use of these names, logos, and brands does not imply endorsement.The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other company. Pheniix runs as an independent blog.
#CCIE #CCIELab #MikeGhahremani #InfoSec #Cybersecurity #ASASecurityDeviceManagerASDM #LAB #Cisco #CiscoFIREPOWER #CiscoPartners #CiscoSecurity #CiscoIdentityServicesEngine