I sat the CCIE Security lab yesterday and did not pass. There are a number of reasons I did not pass, and these were down to me. But I do not feel bad about it, instead of getting upset it offers a chance to reflect, change the game-plan and prepare better. In this post, I will list some of the mistakes I made in this attempt, and hopefully, it will help others.
Please note that I will not break any NDA, and this includes my score report.
My original plan was to sit the exam in December, but as Cisco announced that the exam would be changing in January, I thought I would try and sit it earlier, and maybe re-sit in December if needed.
Mistake #1 – I let others push me when I was not ready.
I should have kept to my original plan of sitting the lab in December. Moving it earlier meant that I had to push myself harder, and missed vital topics. My understanding of IPv6 security sucked big time. I did complete any of those questions.
Resolution: Schedule the exam when you feel 100% ready!
Mistake #2 – I forgot my own game-plan.
Having a plan for tackling the CCIE is essential. There will be “issues” in the lab, and these are the little faults injected to keep you on your toes. This may change with the new version, but I should have kept with the “VIRA” approach:
I did not start the lab exam by checking the topology diagrams, confirming that the setup is correct (and fixing where faults found). I started by listing all the topics and tasks, looking at the interrelation, then wading in. Completely forgetting VIRA. I got some things set up and then spent ages trying to figure out why things were not working. This resulted in two issues; I spent too long trying to fix things, and also that my confidence in my own abilities started to drop.
Resolution: Keep to the game-plan!
Mistake #3 – My lab preparation method was faulty.
The great thing about the Routing and Switching CCIE is that it can all be done quite easily using UNetLab, VIRL, or GNS3. The same is true for the Service Provider track. The Security CCIE is a bit more demanding (not as much as the Datacenter though). There are a number of different components that need setting up (WSA, ISE and so on). Whilst these do run fine in UNetLab, every time I set up a new lab I had to set these up again from scratch, losing valuable hours in the process. If I had all of these running under ESXi (like I did with the ACS), I think things would have run more smoothly.
Resolution: Spend time thinking about how best to prepare, minimize the time taken to create new practice labs.
I will not be disheartened
So there are three quite major reasons that I did not pass. I don’t want to use the word “failed” because the only failure is where you don’t try something. Trying something is never a failure, it’s an attempt and can be successful or not. I was not successful, but I don’t consider this a failure. It was an expensive learning experience!
If you look at my previous post on the breakdown of the CCIEs, then only about 10% have the CCIE Security. That’s not many, and I can see why after sitting the exam.
Moving forward with the CCIE Security
Where to now? I can’t find any open seats in Feltham for December, but also I need to ask myself the question “Will I be ready by December?” I could try and remember everything on the lab I got and replicate, but the chances of getting the same lab again are slim (not impossible, but definitely slim).
My options, as I see them are to keep as I have been going but to include FirePower as this is what’s in the Security v5 lab. I could start from the beginning and do the CCNA, then CCNP. This would give me a better “foundation”, and that is what I think was a key to success when I passed the CCIE Routing and Switching last year. The other option is to switch to the Service Provider track. That would be easier to lab at home, but then it would be a shame to have potentially wasted the last year of learning (though learning anything is never a waste of time).
I will take this weekend to figure out my next move. But I won’t let it get me down. I spent two and a half hours driving home and found dinner ready and my wife and children pleased to see me. That’s more important than an exam regardless of passing or not.