Improving my security and firewall skills is definitely an opportunity for me before beginning CCNP. By the way, think opportunity; never think weakness! My decision to cover this before CCNP is one made out of practicality. What I have heard from veterans and found to be true is that studies (mostly certification studies) does not necessarily correlate with all of your job requirements.
Take myself for example. My current studies mostly revolve around Routing & Switching. CCNA and CCNP Routing & Switching are not going to prepare me for that firewall that sits on the edge of our corporate network just like neither will prepare you for load balancers or WAN accelerators.
I have heard that people put too much focus into certification as opposed to practical training and that is a very true statement. I have read articles that referred to people aspiring for certifications as 'zombies' and one guru that I worked with even described some CCNPs and CCIEs that he has met as "Paper Tigers". Basically, this person appears much more intimidating, skills-wise, on paper than when asked to actually configure a "box" (router, server, etc.).
I must admit that I aspire for certifications but most certainly do not feel that I am a 'zombie.' The most important thing about certification to me is the journey; not the test and not the piece of paper. I have no intention (at the moment) of getting certified in security but my CCNA security training has provided a lot of valuable information to me about securing networks that is assisting me with my security and risk management at work as well as helping me understand the nature of a firewall. As of late, I have been learning about:
- VPNs (Site-to-Site)
- AAA (Triple-A)
- Zone Based Firewalls
- ASA
- Layered Security and attacks at each layer of the network
- Deep packet inspection
- ACLs
Keith Barker moves a little fast but he is a smart guy and a great teacher and I highly recommend any one looking for some security briefing take a look at his CBT Nuggets series on CCNA Security and Kali-Backtrack Linux.
The second most important thing about certification testing to me is also not to get too caught up in vendor specific content. Cisco is great, but I find it wise to pay closer attention to more open protocols and standards during my studies. The usual strategy seems to be "OK, we're going to teach you the building blocks, theories and concepts, and after that we're going to teach you how to do them the Cisco way." What if your company decides that Cisco is too expensive and it wants to move to Alactel-Lucent or Juniper? Yesterday you were the infallible king of EIGRP and now you're getting drop-kicked by OSPF.
I like Cisco but realize that they are not always the end-all solution to networking or getting your job done and neither is certification.
Just a few words of advice.
No comments:
Post a Comment