CCIE Security Sunrise

My journey to achieving the CCIE in Security. Strap in kids… it’s a long one.

Ok so, it’s only right that I set the stage for this. Most of you who know me on a personal level, know that I’ve said quite a bit that “I’m not a security guy”. I even bought the domain to just prove the point. Seriously, I own See? Did you click the link, or did you hover first? I actually migrated most of that site’s content (which never actually made it out of testing) onto this blog which will encompass all of my previous writings. Anyway, it’s kind of tough to defend the fact that I’m not a security guy when one of my CCIEs is in Security and I’m responsible for a boat-load of Network Security related items at my current place of employment. Ok let’s nip that tangent there.

This certification track’s journey “officially” started in May of 2018. I always say “officially” started on all of my certifications since they all really built on my original CCNA in R&S in 2005 and war wounds that I had collected along the years.

I went through a few articles from the internet, reviewed my past experiences and watched INE‘s CCNA Security course. On June 15th of 2018, I went to my favorite testing facility in NYC and was able to pass the CCNA Security Written Exam and get the cert. I was happy there, however there was a growing demand at my job to do more security. WAIT, let me rephrase that, network security. To get to my CCNP there were 4 exams I needed to take. My study efforts really kicked into gear while I was recovering from surgery while on long term medical leave late in 2018. Because most people would turn to growing their network security skill-set when they can’t stand up by themselves. Right? The video courses and books I went through definitely helped pass the time as both my body and mind were healing. The formula was basically the same. Studying for a while, labbing with EVE and reading a bit. Following these steps, I was able to pass all four exams between September of 2018 and February 9th of 2019. So now I was officially a CCNP in the Security track. Then came the “candid” talk with my manager about getting a CCIE in the Security track. We had a training budget set aside so I picked up the two bootcamp courses that INE offered for both the CCIE Security Written and Lab. I was now clamping down on the fact that I would have to face the Written and Lab exams again by the end of the year (I was up for a re-certification on December 18th of 2019). I sat for the Written exam a couple of days after I finished the INE bootcamp in March of 2019 and ended up passing it on my first attempt. Passing that exam also re-certified by Routing and Switching CCIE another 2 years, which was cool. And come April, it was more reading and supplementing the reading with labbing and labbing and reading… and more reading of blogs and Cisco Press books…

Even my study buddy was asking for help.

So, like most of my long term plans, they come to me when I am not thinking about them, and usual when I have nothing within arms reach to write these plans on. So, here is where I hatched my actual plan and rough strategy for the CCIE Security track…

Security Plan
I know… Super in depth plan right? Let’s see how I actually pulled this off.

My initial goal was to take a pass the Lab by September 27th of 2019, building in at least 2 retake dates before the end of the year. This was so I could begin “officially” studying for my CCDE at the beginning of 2020. I’m not gonna lie to you… I did not pass the exam on September 27th. To boot, I took the lab on October 9th and failed it. So that was quite a blow to my confidence level. I got the dreaded results email with a link to my grade. Pass / Pass / Fail was what it said on my iPhone’s screen while it was still dark out the morning after my first attempt. If you’ve never seen one of those screens before, here it is:


I took “a full week off” from studying and trolled ebay to buy some gear to supplement the Labs I had built myself in EVE-NG.

(Note: Let me just throw out there in my own experience... There is no substitute for real gear for labbing and learning from physical equipment. Don't get me wrong, I use EVE-NG constantly for full scale labs and to help keep ConEd at bay, but for this type of exam, just like I did for R&S and DataCenter, I bought some gear secondhand from eBay and wired it up {and added interfaces to EVE-NG as passthroughs} to hit the technologies that I just felt uncomfortable with during the lab exam.)

Here is the physical gear that extended from my Virtual EVE Labs:

  • 4 – ASA 5512X Firewalls
  • 1 – Catalyst 3850 PoE Switch
  • 1 – Catalyst 3750e – Non PoE Switch
  • 1 – WAP for the Virtual WLC (bridged through EVE)
  • 1 – IP Phone (not pictured here) to register to the Virtual call manager in EVE. This came from work with a busted lcd screen, but it worked like a charm.

After I got my equipment, lab dates were extremely scarce since the official end of V5 of Security was slated for March of 2020. (Ah yes, life pre-covid). I checked every morning on the train going into work. I checked 2x a day at work and then twice per night while labbing at night. You know, when you hit that wall. And everything should be right… Yet it’s not working? FINALLY I was able to secure a date of December 10th, 2019. And that date was only about 65 days away. So after trimming my nights and weekends down like a cell phone plan in the 90s, I started racking up serious hours getting faster and faster building ASAs from scratch and building configs in a modular fashion, so they could be cloned and reused with minimal effort. Configuring Tunnel-groups and IKEv2 became second nature. Until I pasted the configs in, and then the parser threw errors… There was some frustration. Ok; there was a lot of frustration. Many nights I would look up at 10pm, and say ‘OK just 20 more minutes’. I’d lab a bit, and I’d look up again, but it would be 3am. This also explained why I was so tired in December… The morning before my exam I caught an uber to the airport at about 5am. So as luck would have it, on my way to the airport, I got an email from work saying that we had just purchased another company. Which was a blessing in disguise. It put my mind to thinking about how the heck I was going to start establishing connectivity and how many offices they had, who were their internet providers, etc. More VPNs! Just what I want! So that helped on the plane ride down…

It’s always a toss-up for me the night before a CCIE Lab attempt. I’m usually tired, so I try to lay down and relax; but then my brain kicks in begging me for “just one more lab”. Just one more flashcard read-through. I stayed at a different hotel the second time in Richardson for this attempt. My hotel was about 8 minutes from the testing center. Since I had been there a couple of months before, I knew the route. Also, I had also scouted it the afternoon before, to make sure that there was no road work or detours.

So the lab environment was the same as last time I was in Texas (I still liked the RTP setup better, but that site had closed since I got my R&S in 2015). So head in, leave everything in the back of the room and park yourself in front of your best friend (the computer) for the next 8 hours. The proctor gave us the green light to start and I was able to complete the troubleshooting with 90 minutes after verifying everything 2 times. The second round of verification is very important, to make sure you haven’t broken any of the rules by solving any of the other tickets. <Just my 2 cents…> The Diagnostic section was a long one. I’m a very kinesthetic engineer, so pointing and clicking through horribly formatted diagrams, text files and crap screenshots is a challenge for me. And to boot, it’s a fixed time to get it all done. I was able to get that done in about 55 of the allotted 60 minutes. Then, came my old arch nemesis… “Retep”. I mean, the Configuration section. The topology loaded and I froze for a second. Internally saying “how the **** am I going to get this all done?” Then the other side of my brain took over and said “Hey, you… It’s just another lab. Do what we do best. Read and analyze the requirements, and break it down into smaller problems. Then, reverse engineer where necessary.” And that’s exactly what I did. I read the requirements PDF twice, and started fleshing out configs in notepad. By lunch, I felt a lot better than my previous attempt. Most of my core functionality and connectivity was there, and I was setting up the overlay VPNs right before our lunch arrived.

Shortly after lunch, something odd happened. I got to the bottom of my task sheet that I had built for myself. The requirements had all been configured. I blinked a bit. Looked at the clock and saw that I had a lot of time left. I took a short 5 minute break, grabbed some water and then checked the configs one more time. My VPN clients looked good, NGFW rules seemed to be working, and core routing seemed solid. So I did what every engineer does when they think they’re done; I checked it again. I made a few minor changes to the Multi-context firewalls, cleared my ISE authentications (to prove they worked after a port bounce) and then started to save all of my configs (for the 200th time). I called the proctor over and submitted the config section for grading. Driving back to the hotel I over-analyzed everything (as per usual) and just hung out outside for a little bit while talking on the phone with pops. “How’d you do this time” he asked me. “Well, I guess we’ll see. I got through the config this time”. He said “Well, that’s new… I thought you said you weren’t a security guy…” Love that guy.

I passed out early at like 7pm that evening watching Burn Notice and woke up around 11:30pm, craving yogurt (Burn Notice reference). The email had come in just after 11:00pm. I logged into the CCIE portal, and it dragged its’ feet. (For some unknown reason, hotel wifi is ridiculously slow whenever you’re checking your CCIE Lab results, I feel like that’s on purpose. This was also the case in RTP. Just saying…) The page loaded, and it said “Congratulations on passing the CCIE Security Lab Exam!” I feel like as I’ve told several of you before, passing the Security Lab was a relief. It felt like a huge weight was taken off of my shoulders. My brain actually relaxed. I can’t prove the feeling to you, but it literally felt like my mind expanded, after being full. Like it exhaled. I started spreading the word and promptly passed back out…

Here’s the screenshot that helped me fall back asleep:

So there we have it. A not so abridged version and high level overview of how I got my (second) CCIE in Security.

You may also like