- CCNA Security: The Necessary Preamble
- Cisco Security Specialist Certs: Devices, VPN, Firewall and IOS
- CCNP Security: The Next Rung Up the Ladder </h2>for Cisco Security Specialists
Cisco Security Specialist Certs: Devices, VPN, Firewall and IOS
The items in yellow on the lower row of Figure 1 list the Cisco Security Specialist credentials that can lead to the CCNP Security professional. The item in gray (NAC) is the Cisco Network Admission Control Specialist credential, which is tied to the older CCSP (Cisco Certified Security Professional) certification. While this credential remains valid and interesting to various business niches, especially in government and consulting circles, it’s on a par with CCNP Security in range and grade. That’s why we don’t discuss CCSP any further in this article, which looks instead at Cisco’s newest mid-range security certifications: the new Security Specialist credentials (in yellow) and the CCNP Security certification toward which those new Security Specialist certifications lead (the yellow entry on top, in the “Cisco Career Certifications” area) .
Here’s a description of the various current Cisco Security Specialist Certifications (in yellow) in their order of appearance in Figure 1, from left to right:
- Cisco IPS Specialist (IPS): This niche covers Cisco Intrusion Prevention Systems (IPS) and Cisco IOS Software technologies. Qualified professionals have the skills and knowledge needed to understand, prevent, and respond to network intrusion attempts and attacks.
- Cisco Adaptive Security Appliance Specialist (ASA): This niche addresses Cisco’s primary platform for implementing complete security solutions, and the cert recognizes professionals with the skills and knowledge needed to implement security technologies using ASA, with special emphasis on its firewall and VPN capabilities. Other important topics are: ACL, AAA, advanced protocol handling, remote access VPN, SSL VPN, site-to-site VPN, failover, and security appliance device management.
- Cisco VPN Specialist (VPN): This cert recognizes security professionals with the skills and knowledge to configure, maintain, troubleshoot and support various VPN solutions, using Cisco IOS Software and the robust Cisco ASA adaptive security appliance. This niche will undoubtedly address the many types of VPNs that work with Cisco appliances, routers, and switches, including site-to-site VPN, SSL VPN, remote access VPN, etc., and will seek to identify individuals who can plan, design, implement, manage, and troubleshoot such VPN services.
- Cisco Firewall Specialist (FIREWALL): A credential of this same name existed until 2008, when Cisco retired this PIX-related credential. This new specialization recognizes security professionals with the skills to design, implement, and maintain Cisco security appliance solutions, using the Cisco ASA adaptive security appliance and zone-based firewall solutions.
- IOS Security Specialist (IOS Security): Security professionals who demonstrate the hands-on knowledge and skills that are required to secure networks, using Cisco IOS Security features embedded in the latest Cisco routers and switches as well as the widely deployed Cisco security appliances.
Careful attention to these descriptions shows some overlap among these credentials: some knowledge of the security features and functions in IOS is mandatory, and some familiarity with ASA is likewise needed for all security specialist certs. We’re told that any exam that counts toward one of these specialist credentials will also count toward CCNP Security cert, so it is interesting to look at the exams for that more senior CCNP Security credential in this light:
- Exam 642-637 Secure v1.0 clearly plays to the IOS requirement, and also deals with Cisco switches and routers.
- Exam 642-617 Firewall (Deploying Cisco ASA Firewall Solutions/Firewall v1.0) obviously goes to the Firewall specialist arena.
- Exam 642-647 VPN v1.0 (Deploying Cisco ASA VPN Solutions) leads to the VPN specialist domain.
- Exam 642-627 IPS v7.0 (Implementing Cisco Intrusion Prevention System v.70/IPS v7.0) picks up the IPS entry.
The only obvious match that’s apparently missing is ASA per se, and it’s addressed on its own credentials program page with two different exams: 642-524 SNAF (Securing Networks with ASA Foundation) and 642-515 SNAA (Securing Networks with ASA Advanced). It’s not unreasonable to speculate that the CCNP Security might therefore be expanded to include these exams, or to grant some kind of single-exam credit from the current CCNP Security line-up for the ASA Specialist credential for those who earn it, and seek to earn CCNP Security after that.