CCNA Security 210-260
With the CCNA Security certification updated to 210-260 we are left asking ourselves, why CCNA Security? What changes have been made and what can you expect with earning this certification?
I am fortunate to do a Q&A with Omar Santos and John Stuppi, authors of the CCNA Security Official Cert Guide.
The questions focus on how they got their start in security to what kind of equipment you should have in your lab. We’ll also talk about what kind of experience is expected when taking the CCNA Security exam.
So let’s just dive into the Q&A:
How did you get your start in security?
John Stuppi (John): I joined Time Inc. (publishing division of Time Warner) in 1998 as a Network Engineer and we had a staff of three (including my manager) so we had to wear a lot of hats: network design, network engineering, network operations, and network security.
We started out managing Check Point firewalls and then became involved with various VPN and Security products from Cisco. Since I’ve been with Cisco (starting in September 2000) I have been 100% focused on network security.
Omar Santos (Omar): I started in security when I joined the U.S. Marines in 1994 and then provided support for the U.S. Department of Defense (DoD) until 1999. I joined Cisco shortly after, and just like John, I have been fully focused on network security.
I started in Cisco’s Technical Assistance Center (TAC) supporting all security products. After a 4-year tour in the TAC, I joined the World Wide Security Practice leading several security engagements (i.e., security architecture reviews, security implementations, design guidelines, etc.) for Forture 100/500 customers and government organizations.
In 2007, I joined Cisco’s Product Security Incident Response Team (PSIRT) in the Security Research and Organization group. In PSIRT, I investigate and drive-to-resolution security vulnerabilities in all Cisco products and services, evangelizing security automation, and also assisting customers that are under attack or have been breached.
What is a recommended lab environment for CCNA Sec that will be useful moving into CCNP?
John: I will defer to Omar on this one but, for starters, I would suggest a couple of small routers (running the latest version of IOS/IOS-XE), an ASA, IPS devices (both legacy Cisco and NextGen FirePower (Sourcefire)), and a server(s) to support the management applications (e.g. CCP, ACS, etc.).
Omar: Several of the topics of CCNA Security serve as a foundation for CCNP Security. Even though the exam does not require the same level of hands-on practice, as the CCNP security exam, in preparation for the CCNA Security you may have already purchased some equipment.
These may include a Cisco ASA, a Cisco IOS or Cisco IOS-XE device, a Next-Gen IPS, and other. These are extremely useful when preparing for your CCNP Security exams. For instance, for the Implementing Cisco Secure Mobility Solutions (SIMOS) exam, you need hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.
It will be great if you already have access to those devices. Having a small Cisco ASA 5506 or 5505 and Cisco IOS routers will also help you get prepared for the Implementing Cisco Edge Network Security Solutions (SENSS), Implementing Cisco Threat Control Solutions (SITCS), and Implementing Cisco Edge Network Security Solutions (SENSS) exams.
For the Implementing Cisco Secure Access Solutions (SISAS) you need to have hands-on experience with the Cisco’s Identity Services Engine and 802.1X secure network access (switches, wireless LAN, etc.).
Looking at the objectives, I don’t see any references to CCP. Is this removed?
John: There are several examples using CCP in the book. Please reference Chapter 3 (AAA), Chapter 6 (IPsec), Chapter 7 (IPsec Site-to-Site VPNs), Chapter 11 (Securing the Management Plane), and Chapter 15 (IOS Zone-Based Firewalls).
Omar: Even we have included configuration examples using Cisco Configuration Professional (CCP) because the legacy exam topics uses CCP for nearly all router configuration elements. We also provide very detailed step-by-step CLI configuration guidance because the new exam topics focus on CLI-based configuration for Cisco IOS router and switch configuration.
What are your top 3 tips for studying this certification?
John: Read, practice on actual devices, and don’t try to learn it all at once (pace yourself).
Omar: I think that John summarized it very well. Do not try to learn it all at once, focus on specific technologies and products first. Practice, practice, practice with hands-on experience, as well!
Participate in study groups and take advantage of the practice questions included in the book!
What kind of experience should a candidate have for this certification?
John: I feel that a candidate with a good level network knowledge should be sufficiently prepared to take on the CCNA Security certification.
Omar: The candidate must have a good level of basic networking and security knowledge. But don’t worry, we start from the ground up in our book, providing an overview of the threat landscape and network security fundamentals.
How much does hands on experience play a role in this certification?
John: At the CCNA level hands on is not as important but any hands on experience is always invaluable.
Omar: The level of hands-on experience required for the CCNA Security is not as high as for the CCNP or CCIE exams. However, definitely hands-on experience is priceless.
For more information about what changed in the new exam you can visit:
In regards to ASA, do you recommend having one and can the virtual ASA help?
John:Yes, I’d recommend using either an ASA appliance or virtual ASA to help prepare for the certification exam.
Omar: Yes. Both flavors (physical appliance or virtual) will help to prepare for the exam.
What are your top 3 tips during exam time?
John: Be mindful of time, if you get stuck on a certain question skip it and come back to it, and don’t stress out when you struggle on questions.
Omar: Definitely be mindful of the time, as John mentioned. However, do not rush in the exam – take your time – and don’t get intimated by the questions. Be confident and read the questions in detail!
What are the career considerations for someone with a CCNA Security certification?
John: I think having a CCNA Security certification is a great stepping stone to a career in network/cyber security.
Omar: There is a huge shortage of network security professional nowadays, even at entry or mid-level. Having a CCNA Security certification not only increases your visibility and can help you get a great job, but also provides you with the foundation needed in order to succeed in your network security profession.
What are your final words of encouragement for those pursuing certification?
John: Don’t ever expect to know everything, don’t trust others who claim to know everything, and continue in the field of network/cyber security for as long as you enjoy it!
Omar: This is an amazing time to start a career in cybersecurity! According to many sources including the CIO Magazine, Burning Glass Technologies, and others, experts in cybersecurity are definitely some the most sought-after professionals in the tech sector, even outpacing other IT jobs by a wide margin. Prepare yourself, focus in your career, and help others!
I have 5 copies of the CCNA Security Official Cert Guide 210-260 authored by Omar Santos and John Stuppi. The guys who were part of this Q&A!
Five lucky people will receive a free copy, thanks to Cisco Press.
The deadline to enter is October 31st, 2015.
How To Enter
Enter your contact details in the form below and leave a comment below describing why you have chosen to pursue CCNA Security.