Wendell here. I've asked Kevin Wallace to take a few posts to discuss CCNA Security. Please fire away all the questions you have on this new cert! Thanks...
Kevin Wallace, CCIE #7945, CCSI, CCSP, CCNP, CCDP, CCVP, is a full-time instructor of Cisco courses for SkillSoft Corp. and is an author of several Cisco Press titles. Kevin’s Cisco experience spans 19 years and includes positions as a Network Design Specialist for Walt Disney World and as a Network Manager for Eastern Kentucky University.
The Announcement
For months, it had been a secret. It was a brand new CCNA-level certification from Cisco. Along with one of my fellow instructors, Michael Watkins, I had co-authored the CCNA Security Official Exam Certification Guide from Cisco Press, but I couldn’t talk about it. After checking in at the Cisco Live! convention in Orlando, FL on Monday June 23rd, I hurriedly went to the Cisco Store to see if our book had been released. Instead, I saw a sign saying to check back on Tuesday after a “big announcement.”
The next morning, I was in the second row of the auditorium watching John Chambers’ (Chairman and CEO of Cisco Systems, Inc.) keynote address, and finally it was official. He announced that to meet increasing demand for networking skills, Cisco was expanding the CCNA program to include associate-level certifications for: security, voice, and wireless.
This is the first of two blogs addressing the CCNA Security certification, or to use the appropriate vernacular, the CCNA Security concentration. In this blog, we’ll explore how one achieves this certification, the motivators to go for it, and how this certification impacts Cisco Certified Security Professional (CCSP) candidates. Then, in the next blog, we’ll pop the hood on this certification and identify specific content with which you should be familiar.
How to Earn the CCNA Security Cert
An initial question that Cisco wrestled with regarding the CCNA Security certification was whether or not a candidate should first possess a traditional CCNA (Cisco Certified Network Associate) certification (which can be thought of as a route/switch CCNA). One thought that was entertained was to require a candidate to have passed the ICND1 exam, without the requirement of passing the ICND2 exam (the combination of which earns one a traditional CCNA certification). However, in the end, the decision was made to require a traditional CCNA certification to earn any additional CCNA certifications (i.e. security, voice, and/or wireless), which were to be called “concentrations.”
As a reminder, there are two paths to achieve the prerequisite traditional CCNA certification. A candidate can pass the ICND1 and ICND2 exams (i.e. exams 640-822 and 640-816 respectively). Alternately, a candidate could take a single CCNA exam (i.e. exam 640-802) to earn their initial certification.
If you have the traditional CCNA under your belt, there’s only one more exam needed to earn your CCNA Security designation, and that is exam #: 640-553. The exam is based on content found in the Implementing Cisco IOS® Network Security (IINS) course.
If you’ve already taken courses such as Implementing Secure Converged Wide Area Networks (ISCW) or Securing Cisco Network Devices (SND), the great news is that you have already been exposed to much of the material covered in the IINS course. In fact, a whopping 80 percent of the IINS topic areas come from the SND course, with only 20 percent of the content representing new topic areas.
Why Earn the CCNA Security Cert?
Now that we understand the process of earning the CCNA Security certification, let’s take a step back and ask why we might want to pursue such a certification. For starters, the demand for qualified security professions is on the rise. Forrester Research notes that 80 percent of companies surveyed (worldwide) anticipate that in the next five years they will have a position in their company dedicated to security. Contrast that with the 46 percent of worldwide companies that currently have a dedicated security position.
Compensation is another motivator. TCPmag.com recently reported that the average salary for a CCSP during 2006-2007 was $93,955.
What about CCSP Candidates?
If you’ve already started to pursue the professional-level CCSP certification, does the CCNA Security impact your certification path? Maybe. If you’ve already passed the SND exam, that will count towards your CCSP certification if you complete your CCSP certification before June 23, 2009. Also, be aware that SND reaches end-of-life (EOL) status on November 17, 2008. So, if you’re currently preparing for the SND exam and would rather not shift your focus over to IINS, be aware of the time constraints.
If, however, you haven’t yet started your CCSP track, you would probably be better off beginning with the IINS (i.e. the CCNA Security) exam, since it will count towards your CCSP certification without the expiration concerns you would have with the SND exam.
How to Prepare
Since the CCNA Security certification maps directly to the IINS course, you could take the official IINS course from a Cisco Learning Partner. If you prefer to self-study, or if you wish to supplement your classroom training, you might pick up Cisco Press’ CCNA Security Official Exam Certification Guide.
In my next blog, we’ll address the specific topic areas covered on the IINS exam and what IOS® version you’ll need for your own hands-on practice. See you then!
Odom, CCIE No, 1624, splits time between writing books for Cisco Press and teaching classes for Skyline ATS. In his 25-ish years in the networking industry, he has worked as as a pre-sale and post-sale SE for a few networking vendors, as well as a network engineer implementing network technology. Wendell has spent the majority of the last 15 years teaching, consulting, and writing about networking technologies, most of which in some way relate to Cisco products. His books include titles on QoS, CCIE R/S, as well as several titles related to CCNA certification, including the September 2007 book CCNA Official Exam Certification Library (CCNA Exam 640-802) (Read a sneak peek of chapter 7). Click for the list of current titles by Wendell.
|
|
Changes
As of the week after Networkers, Cisco changed their mind and now you can use SND+CCNA as a prerequisite for up to three years, ending in 2011. This is a good change, because otherwise they were screwing those who had recently passed the SND as their first CCSP test. Change is good, screwing people over isn't. Cisco got this one right.
CCSP Exam Dates
Great point Jason! It looks like while the SND exam is retiring in November of this year, passing the exam will count towards CCSP certification for the next three years.
Here's the link that identifies the last day to test for the various CCSP exams:
http://www.cisco.com/web/learning/le3/le2/le37/le54/learning_certification_type_home.html
Errata?
Did I just find the first errata of your new book? ;)
Not quite :-)
Nice try Jason ;-)
Fortunately, in the book we stayed away from policies like this that are (very) subject to change.
But seriously, I do appreciate your pointing out this update. This must be a fairly new decision on the part of Cisco, because I attended a presentation for Learning partners last month, and they said it was going to work the way I described in the blog.
I agree with you that this was the right decision for Cisco to make.
Why CCNA
Kevin,It was a good endeavor to launch CCNA security but I do not understand why a person will go for two certification rather than One. The Better way could be to integrate some of the few core topics in the CCNA security itself.Was that just a new Cisco way to mint more money... I am open to challenge..
Why CCNA - My Opinion
You make an interesting point Mohit, and thanks for raising it. Like you, I struggled to understand why Cisco chose to put the content they did into the CCNA Security and CCNA Voice courses. Here's my opinion as to why these "concentrations" are set up as they are.
As the role of corporate networks grow (e.g. including more video, wireless, and telecommuter solutions), the number of qualified individuals to fill the IT jobs isn't going to keep up with demand. One figure I saw says by the year 2012, there will be a over 3 million IT jobs worldwide without qualified individuals to fill those jobs.
To address this "talent gap," Cisco wanted to certify entry-level IT personnel in some of the growing technology segments like voice, wireless, and security.
However, this was not just certification for certification's sake, Cisco wanted someone that achieved one of these certifications to be able to roll out a complete solution for a business. This complete solution would focus on IOS technologies. Specifically, these solutions would be router/switch-based, instead of relying on other software or appliances such as IPS sensor or ASA appliances for security or Unified Communications Manager or Unity servers for voice.
Since 50 percent of today's network security is performed by routers and 35 percent of today's VoIP configuration is router-based (e.g. dial-peers and Unified Communications Manager Express), Cisco chose to focus this introductory-level certification just on routers and switches.
So, with these concentrations, Cisco is offering meaningful certifications (i.e. someone with such as certification should be able to roll out a fully-functioning solution), and these certifications lay the foundation for the professional-level certs (i.e. CCSP and CCVP) for candidates that want to pursue these specialized tracks even further.
It would not have been wise to just add security or voice content to the existing CCNA since it is already becoming a very difficult exam, spanning a wide range of topics. Similarly, since relatively few certification candidates would successfully complete a CCSP or CCVP track, just promoting these professional-level certifications would not have addressed the talent gap issue.
Also, since these concentrations are router and switch based, a candidate should have a solid understanding of basic router and switch operations, which the traditional CCNA cert helps validate. With the size of the new IINS course, I don’t believe it would be feasible to add some route/switch core content and expect a candidate to be competent in fundamental route/switch operations. Similarly, I don’t think Cisco should combine core content into the CCNA Security exam and not require a traditional CCNA cert, because both the route/switch and security areas are so expansive.
So, to conclude, in my opinion, Cisco made a good move in introducing relevant entry-level certifications to address the need for more qualified IT professionals to fill the growing demand. Also, since the CCNA Security certification targets IOS-based solutions, a candidate should have first proven competency in that arena.
Thanks again for your comment Mohit, and I hope my lengthy reply helps clarify some of the underlying drivers for Cisco’s approach to the CCNA Security cert.
CNNA Information
Great CCNA information! This will really help anyone in taking the course. I also recommend going to the Cisco forums for information.
https://cisco.hosted.jivesoftware.com/index.jspa?ciscoHome=true?utm_source=blog+commenting&utm_medium=media&utm_content=Google&utm_campaign=Domestic