Cracking CCIE Security Lab
By Himawan Nugroho, CCIE #8171 (R&S, Security)
Two weeks ago I passed my CCIE Security lab. It was my 2nd attempt in Brussels. I passed my CCIE Routing & Switching lab 5 years ago in Tokyo on 2nd attempt too. I become double CCIE in R&S and Security without taking any trainings or bootcamp. Only with self-study, countless hours in my home lab, and lots of Starbucks Mocca Frappucino.
Based on my experience taking 4 lab attempts, I try to write down the summary how I did it. This how-to is specific to CCIE Security lab, but the general idea can be applied to any CCIE tracks.
Scott Morris (http://smorris.uber-geek.net), Quad CCIE, wrote the article 'So You Want To Be a CCIE?' (http://certcities.com/editorial/features/story.asp?EditorialsID=89) and it's really worth reading. Yusuf Bhaiji, CCIE Security lab program manager and the author of CCIE Security Practice Labs wrote 'Insider's Tips on Earning Your CCIE in Security' in Packet Magazine August 2004 page 18 (http://www.cisco.com/web/about/ac123/ac114/downloads/packet/packet/aug04/pdfs/aug04.pdf)
I'm not trying to compete with them. They are the masters. I'm just another guy who has just passed CCIE lab recently and willing to share his way.
Read the complete how-to here:
http://brokenpipes.blogspot.com/2006/02/how-to-become-ccie.html
1. Start with the self-assessment
Are you sure you want to do CCIE? As you may already heard: yes, CCIE is difficult, very rare people can pass in 1st attempt. Yes, CCIE is expensive, only the exam fee is $1250 and you still need to spend money to build home lab, buy books and workbooks and other resources. And yes, you certainly will not have your social life during the journey.
2. Use other certification as steeping stone
This is optional if you think you need some help for your study. Cisco has created certification career from basic, medium to expert level, which is CCIE.
3. Build your home lab
I believe having a home lab is compulsory. You can always rent a rack but you will have a fix schedule with them. With home lab you are the one who controls the schedule. And you can always try in your home lab directly every time you read something interesting or you just want to test the option in some IOS commands.
4. Passing written exam doesn't mean anything
Based on my experience so far, I found out that studying written exam can't help you much in the lab. Most of the time the material covered in written exam is completely different with the lab.
5. Read a lot
No single source can make you pass CCIE lab. You really need to read a lot from different resources: Cisco website, RFCs, Networkers, Ciscopress books, study forum, CCIE workbooks and any related links on the Internet.
6. Build your speed
Okay, now it's time to practice and try all the technology listed in CCIE blueprint in your lab. Start slowly. Learn single topic at a time. Try to really understand all possibilities in one technology before move to different topic.
7. Join the community
You can't win this battle by fighting alone. Join the community to meet other CCIE candidates and study together.
8. Learn how to ask
Make sure you know how to ask questions, to the study forum and during the real lab. Before you send something to the forum, please make sure to check the archive. Try to test it by yourself in your lab, and when you get stuck, copy the related configuration with show and debug output and send it to forum.
9. Understand the Lab questions
Speed is critical, but you need to know how to answer too. So when you think you already have the speed, you need to dig each topic in more detail. There is no other way other than try any possible scenarios and read more to understand all technology in-depth.
10. Trust no one, trust no solution
You should not trust any of your resources until you prove it by yourself.
This is the only attitude that can make you pass.
11. It's all in your mind
CCIE is completely a mind game. I failed 4 years ago in my 1st CCIE R&S attempt in Brussels because no one told me at that time how difficult CCIE lab was. Everyone I know always told me that the CCIE lab is so difficult that only few selected people who can pass it.
12. The journey must be fun
In the end, CCIE lab is only an exam. Even it's Goddamn hard to pass but this journey must be fun. Turn all the pressure as a power.
From point no.5 in that how-to, following is the list of resources I used during my CCIE Security study:
1. Cisco configuration example and TechNotes
2. Cisco technology support
3. Cisco documentation CD (univercd), which is basically the same with product configuration guide
4. Networkers Online presentation (http://www.networkersonline.net), it costs me 200 bucks but it provides complete Networkers 2005 presentation in Las Vegas with sound and slide
5. IETF RFCs (http://www.ietf.org/rfc.html)
6. CCIE Security Practice Labs (CCIE Self-Study) (Practical Studies)
7. Network Security Principles and Practices (CCIE Professional Development)
8. Cisco ASA and PIX Firewall Handbook
9. Cisco Router Firewall Security (Networking Technology)
10. CCIE Security Exam Certification Guide (CCIE Self-Study) (2nd Edition) (for written)
11. CCIE Security Workbook from Trinetnt (http://www.trinetnt.com)
12. CCIE Lab forum: SecurityIE and trinet forum
Just FYI, I have already passed CCIE R&S Lab, CCSP, CCIP and I have more than 5 years experience with various Cisco security products before I started my CCIE Security journey.
So if you have less experience and need to clarify some security topic from CCIE Security lab blueprint, you may want to read the following books:
1. Cisco(R) PIX (TM) Firewalls
2. The Complete Cisco VPN Configuration Guide (Networking Technology)
3. IPSec VPN Design (Networking Technology)
4. Cisco Network Security Troubleshooting Handbook (Networking Technology)
5. CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS) (2nd Edition) (Self-Study Guide)
6. Cisco Certification: Bridges, Routers and Switches for CCIEs (2nd Edition) (Cisco Technology Series)
|
Share with Friends
