A Deeper Look at the CCSP and CCNP Security Co-existence and Transition
By wendell on Wed, 11/03/10 - 6:53am.A few weeks ago, Cisco announced their new CCNP Security certification, how it relates to the still-existent CCSP. After digging into what's on Cisco's web site, reading comments from the community, and making some interpretations about what it all means, frankly I was a little disappointed in parts of what I saw. Then I had another conversations with the folks at Learning@Cisco to try and get some clarification, and the additional info - not all of which is posted yet - and that conversation improved my opinion quite a bit. Today I'll try and help complete the CCSP and CCNP Security picture, confirming what's posted already, and adding info based on my conversations with Cisco.
If you've not already read the related blog post on CCNP Security from a few weeks ago, if might be worth reading for background.
First, a few words of comparison between the new CCNP Security and CCNP Voice. CCNP Voice adds a few products but mostly updates exams for the latest releases of software. In contrast, CCNP Security if a fundamental change in the cert. Cisco did a lot of research into the jobs in real companies, and the types of work done, and discovered that the ability to engineer network security projects using routers, switches, intrusion prevention, firewalls, and VPNs essentially defined a job role. In contrast, the older CCSP cert was more product oriented. So, the transition from CCVP to CCNP Voice was more of an upgrade, so CCVP goes away, and everyone migrates. CCNP Security is more of a new cert, so CCSP sticks around.
Currently Valid Exams and Certifications
Before I can paint the picture, first some definitions. You pass a Cisco exam, the exam is valid for the stated time, typically 3 years. For the exam to be renewed as valid, you need to pass that exam again. Basically, when you pass an exam, you have the stated time for it to be useful (2 or 3 years typically) for the purpose of qualifying for some certification.
This exam validity concept differs from the idea of a valid or active certification. To receive a certification in the first place, you must pass the listed combination of exams, and all the exams must still be valid at some point in time. For instance, you can't pass the first exam for a cert, wait 5 years, pass the other exams, and then count that first exam towards the cert, because that first exam would no longer be valid.
Existing CCSPs
So you're already a CCSP. You can remain a CCSP, recertify your CCSP, and it is useful to Cisco channel partners up through October 2014. Essentially, you can act as if CCNP Security was never announced up through 10/2014. That's all clearly stated on Cisco's web site already.
The transition plan is the part that's not so clear yet (in my opinion). To describe that, consider the following figure, which lists the "chosen" exams:
The figure shows exam slots 1, 2, 3, and 4. If you are currently a CCSP, and you have a currently valid (see description above) exam from each slot in the figure, then Cisco should automatically add a CCNP Security certification to your records. Yes, add - not transition to - CCNP Security. You would retain your CCSP and then also be CCNP Security certified. For example, if as a CCSP your SNRS, SNAF, IPS 6.0, and SNAA are still valid - ie, the 3 year timer for each hasn't yet expired - Cisco should send you some CCNP Security credentials sometime in the next month or two.
Say you don't meet the requirements of one exam from each slot in figure 1, but you are a CCSP. That means some of your exams may have expired, or you chose some other exams instead of the chosen ones in the figure. For example, you might have taken the MARS exam instead of SNAA - perfectly valid to get CCSP, but MARS isn't a chosen exam (my term, by the way). To ADD a CCNP Security to your resume', pass exams until you have one then-valid exam from each of the 4 slots in the figure. EG, if you have valid exams for the first three slots, and they are still active, but you passed MARS for the 4th slot, just pass SNAA. By the time you pass SNAA, if the other exams are still within their valid lifetime, you just attained CCNP Security.
Cisco's' CLN web site lists some related but slightly different info regarding these paths. If you look at the post by Rigo, Oct 22nd, 2010, you'll see those comments. On my call with Cisco on Nov 2nd, we discussed the rules as listed in this posting, and I was told that was not completely correct, but instead that the details in the list of chosen exams, and needing 1 valid exam for each slot, was the complete rule. The info in this posting at CLN was just one case.
(Note: it is not my intent to pick on Rigo, just to point out a case where what I heard on the phone differs from some info found at cisco.com, so you can consider both.)
However, I imagine some of you will be skeptical, since it's not listed at cisco.com yet. I'll keep watching for more info being posted, and if you see related links from cisco.com before me, please post them here. (It's ok to add the links.)
In-Process CCSPs
My CCSP post from the CCNP Security announcement day, and the Cisco web pages for CCSP, already do a nice job of spelling out what to do to get your CCSP if you don't already. Briefly, you have until October 2011 to complete the requirements per the CCSP cert tool. After October 2011, no new CCSP certs will be granted, although you can renew existing CCSP certs at that time.
What's not clear yet is the transition to CCNP Security. Remember the figure above? Once you achieve CCSP before October 2011, Cisco will then look at your currently valid exams. If you have 1 currently-valid exam from each slot in the figure, you guessed it, Cisco also grants you a CCNP Security cert. If you don't have one from each slot, Cisco does not automatically grant you a CCNP Security cert - but you can pass other exams so that you do have 1 currently valid exam for each slot, and also receive CCNP Security. Essentially, the "add CCNP Security" logic is the same as with pre-existing CCSPs.
CCNP Security Allows Some Old Exams
Finally, if you look at Cisco's current web page for CCNP Security - not CCSP - the site lists 4 exams, and 4 exams only. The page does not mention the old exams. So, one interpretation of all these facts is the following:
If you do not attain CCSP by October, 2011, the older CCSP exams - SNRS, SNAF, IPS 6.0, SNAA, and SNPA - will be of no use for getting either CCSP or CCNP Security.
However, that statement turns out to be false. I asked Cisco on this latest call, and found out that not only do those older CCSP-era exams still matter, they count towards CCNP Security. Which old exams? Remember the figure at the top of this post? Yep, the "chosen" exams, per the figure.
Recommendations and Opinions
I started out saying that I had a much improved opinion of the new Security cert changes after hearing more details from Cisco, so let me briefly mention why, and make a few recommendations. Feel free to weigh in on your opinion as well.
I didn't ask, but I believe Cisco wanted to be fair to existing CCSPs, in process CCSPs, but also to keep the distinction between product-oriented CCSP and engineering-oriented CCCNP Security.
In effect, if you passed CCSP with at least one exam not in the "chosen exams" figure, you stay CCSP; if you passed with chosen exams, you also get CCNP Security. So that's the dividing line.
Some existing CCSPs get an automatic addition of CCNP Security, but all get a path to add CCNP Security.
For in process folks, you can pursue the old exams with at least enough time to pass (April/May 2011) to pass an exam that you were already studying for. And, if you don't manage to complete the process by October 2011, those old exams - if they fit into the list of chosen ones - still have a useful lifetime of 3 years from passing each exam.
The chosen ones - the exams in the figure - are essentially the ones closest to the engineering spirit of the new CCNP Security.
For in-process CCSPs, Cisco really would prefer you consider the new exams for future exams. Why? They truly believe that the new exams assess more real-world skills, and are more valuable to you. But as you see from the migration plan, and the fact that the old exams are useful for getting CCNP Security, Cisco's using only a carrot, but no stick.
Finally, some of the information posted here today cannot currently be confirmed using information on Cisco's web site. Before staking your plan on what I have written here, please watch and listen at Cisco.com for confirmation. This post is based on what I heard, and with the human element involved, may have errors, so please do look to confirm the info independently as well.
Cisco's October Certification Announcements:
Cisco Announces Changes to CCNP Voice
Cisco Adds Another Exam to CCNA Voice
Cisco Announces Changes to CCNP Security
A Deeper Look at the New CCNP CIPT1 8.0 and CIPT2 8.0 Course/Exams
 |
||||||||
|---|---|---|---|---|---|---|---|---|
|
- About Cisco Cert Zone
Wendell Odom, CCIE No, 1624, has been a network guy for almost 30 years, working as a network engineer, SE, consultant, instructor, and author. He’s been writing and teaching about Cisco CCNA since its introduction in 1998, authoring all Cisco Press CCNA Exam Certification Guides. His primary job is to create Cisco certification content and tools. These cert tools include bestselling Cisco Press titles for CCNA, CCNP, and CCIE R/S; refer to this page for a complete list of titles. Wendell blogs here at Network World’s Cisco Subnet site, and keeps certification links and tools at his web site, www.certskills.com.
See a free preview chapter from Wendell’s CCNA ICND2 Exam Certification Guide), Chapter 17, “IP Version 6”.
Wendell Odom's Cisco Cert Zone blog is also featured on the Cisco Learning Network. See it there, along with the blogs of other Cisco Experts.
Again, check out all of Wendell Odom's books on CertSkills.com.
Most Discussed Posts
-
Network World, Inc
The Connected Enterprise