Intro
In December 2021, I passed the CCIE Security v6 lab exam, marking three years of preparation. The response I received on social media was overwhelming, not only from friends, customers, and colleagues but also from people I do not know personally asking for advice. As I’m writing this, only a handful of people are known to have passed the v6 revision of the exam, so I’m very much aware there’s very little information available on how to tackle the exam.
Early into my studies, I read Steven McNutts blog post CCIE Security – Why and How, and I followed Henrik Meyers progress on his Blog. I kept coming back to these two blogs for motivation and inspiration throughout my studies. This is my attempt to do the same for others who are in the same place I was 2-3 years ago.
This is also my very first blog post. I plan to cover a range of CCIE related topics in the future, so if there is any topic, in particular, you would like covered, drop me a message on the blog or reach out to me on LinkedIn
How much experience do i need?
It’s hard to say. However, Cisco recommends a minimum of 5 years of experience before attempting a CCIE exam. My experience says it varies a lot from person to person. In most cases, it comes down to how much experience you have with each product from the blueprint as you begin your journey.
I felt somewhat comfortable with ASA, Firepower, and most “easy” VPN technologies. I had some experience with ISE, but not all aspects. I had minimal experience with content security (ESA/WSA) and no experience with AMP and Stealthwatch, so the learning curve was steep. I can only imagine it would have been a lot easier if I had practical experience with all involved products before pursuing the certification. Therefore, my best advice is; Make sure you get hands-on experience with as many products and technologies as possible. The more knowledge you have to obtain from scratch, the more you will have forgotten again by the time you get through the blueprint and start over again.
While studying in my spare time, I also managed to get involved in many exciting projects. I managed to do multiple AMP installations, do a sizeable Stealthwatch project, and do various installations of ISE and 802.1X rollouts; Don’t underestimate the value of practical experience. The theoretical knowledge you can obtain from books is worthless if it isn’t backed up by practical experience.
Motivation
Only 1% of all certified engineers become CCIE’s. So how bad do you want it, and what is your motivation? If money is your only motivation, I guarantee you will get disappointed. No matter how big of a salary increase you are looking at in the other end, it’s not near enough compared to the time and effort put into it. On the other side, if money is your only motivation, you are never going to make it anyway.
My primary motivation was to do something for myself. Although I did graduate with an IT-related education, it did not feel like an achievement. The quality of the material was poor, and for the most part, you just had to be physically present in class. I have no college degree, and looking back at my grades from primary school. They weren’t good. I specifically remember a time back in 8th grade when one of my classmates asked if I had any ambitions in life at all. It must have made some impression on me cause it has stuck with me since then, and obtaining a CCIE was my way of showing that I could set a long-term goal that many others would give up on and succeed.
Study Group
Now that you set the goal, it’s time to find like-minded people to help you on the way. Having a study group to discuss lab issues, technologies, blueprint items, study resources, etc., has been vital for me.
There are both communities as well as public and private study groups. I’m not a fan of the larger public groups with couple hundred participants. No one wants to expose the problems they are dealing with in front of hundreds of people.
I had a small private study group on Slack along with five other Danish engineers. Two (Or actually three) from Wingmen and another two from Conscia. When we created the space, one of them worked as an independent contractor but managed to get a job at Wingmen. That goes to show the power of networking. 
I can’t stress how useful having a small group of dedicated people is. Whenever I was stuck with an issue in my lab, not knowing if it was a configuration error, software error, or virtualization issue, they were always there to give a second opinion, even if it was 8 pm on a Friday night.
I also recommend joining RouterGods. Although they do have a channel dedicated to CCIE Security, the community spans all networking areas, and many of the known content creators also participate in the channels there. RouterGods uses Discord, and you can join by clicking Here
In terms of public study groups, the only one I would recommend is the WebEx Teams space CCIE Security WebEx Teams Study Group. It is created and moderated by Kelvin Charles, who has an awesome Youtube Channel with a lot of CCIE related content.
Commitment
There’s no way around it; It’s going to be tough. It’s going to feel like running a marathon, but the finish line is never within reach. You will feel like giving up, and it will be tempting to do anything but study, especially during some of the critical complex topics. It’s going to be hard finding the motivation to study after a long workday or get up early in the morning to get a few hours in before work. Embrace the suck, and don’t get yourself thrown off. Keep reminding yourself that there are more exciting topics ahead, and you have to finish this one for it to get better again.
Make sure you get the necessary support from home. It’s not a solo mission; your family is very much in on it as well. Some people go full speed ahead and have no social life until they finish. The only requirements my girlfriend had if I was to go for the CCIE, was that it would have no impact on our weekend plans, birthday parties, family dinners, and so on. It was never without lousy conscience, though, as I always had a feeling that I should have been studying instead.
Study Routine
Find a study routine that works for you. Labbing a few hours here and there will not get you anywhere. You need to put in a consistent amount of hours every week to get enough progress if you’re ever going to finish before Cisco launches the next version of the exam.
Most people study after working hours and often late into the evening. However, this leaves very little time to care for your relationship, family, etc.
For a whole year, I was working from home (Thanks, pandemic). It allowed me to get up at 5 AM every morning, get some breakfast and get straight to my studies. I would usually manage to squeeze in 2,5 hours of intensive studying before my workday started. I then had an agreement with my girlfriend that she would have dinner ready by 5 PM, and once we had finished, I would be able to study another 2 hours from 6 PM to 8 PM. After 8 PM, we would watch TV together so that we still maintained somewhat of everyday life together, so it still felt manageable for the both of us.
On the weekends, I usually studied 7-8 hours a day when we didn’t have any other family arrangements. Some of the time wasn’t focused, though, so it was probably around 5 hours of intensive studying in reality. I also managed to get some study days reserved in my calendar from my workplace (Thanks, Wingmen). Although much of the time was spent on customer projects anyway, it was explicitly helpful leading up to the lab exam.
All in all, I was averaging at around 40 hours a week for an entire year which comes out at 2000 hours in total. I spent every bit of spare time studying, as I had a baby deadline in November and knew I would get very little time to study after that.
My recommendation is to study 4 hours a day. No less, and more if your surroundings allow it and you can maintain focus. There is no point studying if you can’t maintain focus. At some point, you are less likely to take in new information, and your work becomes unproductive.
Keep a day off on the weekend to average around 30 hours a week in total. – That should get you steady progress.
Taking notes
Taking notes is probably one of the most critical and most time-consuming disciplines. Don’t think you can pursue a CCIE without taking notes. Once you have covered a specific topic and moved on, you will likely have forgotten most of the theory shortly after. I had topics I knew in and out when I was labbing it, but a month or two later, I could barely remember anything other than the purpose of the technology or feature. Being able to get back up to date using your notes in a matter of minutes has proven much vital for me.
Learning how to structure your notes is also important. I used Evernote. However, OneNote will do just fine as well. For each topic I covered, I would write down the important theory followed by one or more configuration samples with detailed descriptions, followed by the necessary show commands or way of verification for GUI configurations.
Building a Lab
How to build a lab to practice on is out of the scope of this blog post. However, if there is enough support, I will create a separate blog post to go into detail.
Most of the products on the blueprint can be virtualized, so all you need is a high-end server and a physical switch to get started.
A couple of years ago, you would need a pair of physical ASA’s for Multi-Context and Clustering, but this can now be practiced using real ASA Images in EVE-NG.
I purchased a refurbished IBM X3690 x5 with a Xeon E7 4807 CPU, 256 GB memory, and 2 TB SSD, which had plenty of resources.
I had all management appliances deployed in VMware; this includes FMC, ISE, ESA, WSA, SMC, FC, vWLC, etc., along with AD and Windows 10 VMs. I then had EVE-NG deployed with IOU/IOL, CSR, ASA, ASAv, FTD, etc. To quickly deploy non-management appliances and build new topologies on the fly.
The Server VLAN in ESXi was Bridget into EVE-NG, meaning with a single drag-and-drop, I could connect my EVE nodes to the management appliances.
For 802.1X, I used Edimax USB-to-Ethernet and Wireless USB Adapters. These were plugged into my server and added to the client machines, making it possible to connect my Win10 VM to SSIDs broadcasted by my 2602I AP for Wireless 802.1X.
The USB-to-Ethernet adapter was connected to a Catalyst 3560CG switch, making it possible to perform Wired 802.1X, and occasionally I would borrow 2 x Catalyst 9200L from Wingmen to lab TrustSec. Specifically for inline tag propagation and enforcement.
Study Resources
I have always envied those studying R&S/Enterprise as there were so many video series, workbooks, and blogs available to support them on the journey. Unfortunately, no one has developed a proper workbook or video series for the CCIE Security track yet.
INE has a video series, but it has way too many gaps in terms of technologies and features being covered. They also promised to develop updated workbooks for v5 many years ago, but they never did.
Apart from INE I’m not aware of anyone but some Bootcamp providers that offer any material (Covered in the next section). I mostly used a combination of videos, configuration guides, and blog posts. For every new topic I started, I would go through the configuration guide first and then supply by finding videos on youtube and blog posts that covered the same topic. I would then attempt to write down tasks to complete for myself; Not an ideal way to go, and I sometimes spent more time building topologies and lab tasks than I did performing the tasks.
Bootcamps
Any CCIE I talked to about my journey always said I should attend a bootcamp leading up to my first lab date, and that would have been great if only such bootcamps existed.
Micronics was supposed to host a physical v6 Bootcamp in Poland in September 2021. I had paid for it, but shortly after, I received an email saying they had to cancel due to the lack of interest in the course, so I never managed to attend a Bootcamp.
Micronics Zero-to-Hero
In 2019, I attended Micronics Zero-to-Hero (Z2H) class after reading Katherine McNamara’s review. It was intended to kick-start my goal of achieving CCIE one day, and although it definitely wasn’t a CCIE level course, it still did an excellent job of introducing many of the technologies and products from the blueprint; The only thing I was disappointed about was the lack of focus on the topics I had no experience with at the time such as ESA, WSA, Stealthwatch, AMP, etc. all these technologies were more or less covered in a single class while we spend weeks on ASA, IOS Security, VPN, etc. which I felt a lot more confident in at that time.
KBITS
In February 2021, I attended a CCIE Security v6 course offered by KBITS. It was conducted similarly to the Z2H course in the way that classes were hosted on Saturdays and spanned across a few months. I liked the approach as it gives you time to catch up between classes and go into detail with each subject during the week before beginning on something new. Although Khawar is outstanding at breaking down topics and making them easy to understand, I did not feel like the course lived up to a CCIE level. It was very similar to Z2H. In fact, I would say Z2H covered some subjects in greater detail than KBITS, but seeing as there is a price difference of $1500, it may just be okay.
KBITS also claimed to provide v6 workbooks as the only provider on the market. I purchased the course mainly to access the workbooks but was quite disappointed about the content. It was clearly developed for v4 and then slightly changed as new blueprint versions were released. There was nowhere near enough coverage of FTD, ISE, ESA, and WSA. Only basic FlexVPN coverage, and no mention of Stealthwatch, AMP, NGIPS, PxGrid, etc. All technologies that had been added in either v5 or v6. All in all, it felt like they had taken the previous version of the workbook and performed a copy replace of the keyword v4/v5 to v6 without actually making any changes. However, I know that he has updated the workbook since then but is not aware of the content.
Book a Lab Date
When you begin studying, you’re probably imagining that you’re going to book a lab date feeling all confident and ready to crush the lab in a year. In reality, no matter how many hours you put into it, you’re never going to feel ready. There is always something you have forgotten or can improve. You don’t know the content of the exam. You don’t know which technologies they focus on or how in-depth you need to know them.
My advice is to set a milestone. Once you reach it, you book a lab a couple of months out, and you do not reschedule it regardless. Even though you don’t feel confident or ready for the lab, you learn a lot about the exam, the pressure, and the environment, so that you can come back for your second attempt with a much higher chance of passing.
My milestone was to cover the blueprint end-to-end at least twice, labbing and taking notes for everything. The first time took a lot longer as it included taking notes, screenshots, etc. However, the second time was much faster as I could use my notes to get back up to date. Once I had covered the blueprint twice, I booked my first lab attempt, two months out.
US Keyboard
Regardless of where you are attending the lab exam, they use Dell equipment and US keyboards with the characteristic small enter button. Time management is vital, so if you are not from the US and haven’t practiced using a US keyboard before the exam, you’re not going to finish in time.
With six months leading up to my first lab attempt, I purchased a Dell KB216 keyboard and started practicing using that. They did not use the exact same model at the lab, but an almost identical one. I did not need to get used to a new keyboard, which means the world when you are under time pressure already.
Use Notepad
Get used to doing your configurations in notepad. It’s perfectly fine to use the CLI, using the “?” to find the right subcommands or tab to find the correct syntax. – To increase your config speed, you should, however, get used to writing your config in notepad instead so that you can’t rely on these features. It takes a while to get used to. Keep forcing yourself to write it in notepad, and don’t mind the syntax mistakes. Once you copy/paste the content into the network device, you will identify them and then correct them in your template. If you keep going like this, it will eventually stick.
At my second lab attempt, one of the devices crashed after I had copy/pasted the configuration in that I had spent 10 minutes preparing. I notified the proctor and started working on something else. When the device came back up, I could copy/paste my config back in, and the incident ended up costing me only about two additional minutes.
Cisco Documentation
At the lab, you have no access to google or third-party websites. The only help you have available is the official Cisco Documentation. There will be an icon on your desktop that takes you to this page, and it’s then up to you to manually navigate the product support area to find the necessary configuration guides, admin guides, user guides, etc.
My advice is to start browsing it manually as you take notes and cover the blueprint instead of googling your way to the configuration guides. At the bottom of my notes, I typically wrote down the path I needed to take from the above link to find the configuration guide covering the respective technology so that I could find them in a matter of minutes at the lab.
Building Blocks
Start breaking down complex configurations into building blocks instead of memorizing every single command and all of its suboptions. For example, if you know which elements zone-based firewall consists of, it will be a lot easier to find the proper commands and configuration to support the overall solution.
E.g., when talking about ZBFW, I might not have the entire configuration memorized. Still, I know the elements required, so if someone tells me to configure ZBFW, I immediately know the configuration steps involved are
- Zone definition (Create the necessary zones)
- Traffic classification (Use Class-Maps to classify traffic)
- Action definition (Use Policy-Maps to define the action taken)
- Zone-Pair (Define the traffic direction and attach the Classification & Action)
- Zone Assignment (Assign zones to interfaces to make it active)
Lab Day
Arrive in good time
Make sure you arrive at the Lab in good time; you don’t want to add additional stress by not knowing if you’re going to make it in time, and you don’t want to be that guy who arrives too late. I was 40 minutes early for my first attempt, admittedly a bit cold in October, but it allowed me to have a good chat with the other candidates.
Don’t eat too much breakfast
Everyone knows the tiredness feeling you get if you are uncomfortably full. When you are tired, you have a hard time maintaining focus, and your brain is about to perform for eight hours straight, so even though it’s tempting to dive into the breakfast buffet at the hotel, save it for another day and eat moderate and healthy. Instead of eating white bread with butter, cheese and jam, make sure you get some protein (E.g., eggs), fruit, oats, etc. – Your brain is going to thank you five hours into the lab.
Snacks
There is coffee, tea, and water at the lab, but you can bring your own snacks and drinks. I brought two yankie bars and two diet cokes.
The soda was great throughout the day, but I completely forgot about the chocolate bars, and to be honest, there was not a point in the lab where I felt like I had time to eat them anyway. I actually ended up throwing them out as I could not bring them through security at the airport, and by the time the lab ended, it was too close to dinner time anyway.
Monitors
You have two monitors available at the lab. Make sure you take advantage of it and use the first monitor for the topology, tasks, etc., while writing configuration on the second.
I had the Topology and Tasks but resized on my left monitor, so each took up half of the monitor. This allowed me to view the topology and read the tasks simultaneously.
On my right monitor, I wrote configuration or switched between different virtual machines for GUI configurations.
Design Module
The exam is divided into two sections. First is the Design module with a fixed 3 hour time followed by 5 hours Deploy, Operate, Optimize (DOO). You will have plenty of time for the design module. In my opinion, three hours is more than enough and could probably be shortened.
Once you solve the final task in the design module, you need to click Finish to end the module. The timer for the DOO module starts only when you explicitly begin the next module, so now is the time to use the bathroom, get yourself some coffee and eat the snack you have brought. Once you start the DOO module, you will not have a minute to spare, so make sure you do not waste valuable minutes on anything else.
Notepad Prohibited in Design
On my first attempt, I was struggling with the design module. I clearly had gaps that needed to be closed, so when I came back for my second attempt much more prepared, I planned to use the remaining time of the design module to start preparing configuration templates for DOO in Geany (Notepad in Linux).
Unfortunately, the proctor specifically asked for everyone’s attention before letting anyone initiate the first module and made it very clear that the use of Geany during the Design module was prohibited. – They must have realized that people have too much time available and don’t want candidates to start preparing for DOO before the timer begins.
Lab Environment Freezes
With the update from v5 to v6 also came the release of the new lab delivery engine. Although I like the content presentation, it also has some flaws they should have warned about or fixed. For both my attempts, the entire engine kept freezing along with the timer. I had my Management PC freeze multiple times with the clock ticking down, and once the proctor had to close down the lab engine and re-open it so that I had to re-open and log back into all the devices, I was working on before the incident.
The feedback I got from the instructor was not to open too many console windows as it would freeze the environment, which in my opinion, is bullshit and should have been fixed before they released the engine.
Use your Lunch Break wisely
If you need to reload a device, download software, or similar processes that may be time-consuming and prevent you from working on the task simultaneously, make sure you plan accordingly. You have about a 20-25 minutes lunch break in which you can do these things while eating.
The Proctor announced that there would be five minutes to lunch for both my attempts, so I had plenty of time to prepare.
Save your Configurations
Make sure you save your configurations periodically throughout the lab. You don’t want to lose all your configurations from a power outage.
Lab Result
Your lab result is typically ready within 48 hours, and you will be notified by email when the result is ready. Do not keep logging in to the CCIE Portal to check if the result is there yet. If you do it too many times a day, you will be locked out.
I got the result around 3 pm the next day for my first attempt, so less than 24 hours from leaving the lab. The second time I passed, I got the result in less than an hour from when I left the lab. I have never heard of anyone getting their result that fast. I went straight to the airport, got through security, and had just sat down to have some dinner when I refreshed my inbox to check the emails I had received while being at the lab, and my heart skipped a beat when I saw the latest email in the inbox. I was definitely not expecting that.
Keep checking your Lab Result….
Once you get your result, keep checking it for updates. Don’t ask me how, but somehow my score report changed the next month. Suddenly it increased by a whopping 8% divided into three sections.
When I took the lab the first time, I had a feeling leaving the lab that some of the tasks were wrong. It’s difficult going into detail without breaking NDA and even more difficult explaining to friends and colleagues that you believe the lab had mistakes when you just failed. Regardless of how it is presented, it will sound like you are just bitter because you did not pass.
Useful Resources
The post CCIE Security Tips & Tricks appeared first on NBORC.