I sat the CCIE Security lab yesterday and did not pass. There are a number of reasons I did not pass, and these were down to me. But I do not feel bad about it, instead of getting upset it offers a chance to reflect, change the game-plan and prepare better. In this post, I will list some of the mistakes I made in this attempt, and hopefully, it will help others.
Please note that I will not break any NDA, and this includes my score report.
My original plan was to sit the exam in December, but as Cisco announced that the exam would be changing in January, I thought I would try and sit it earlier, and maybe re-sit in December if needed.
Mistake #1 – I let others push me when I was not ready.
I should have kept to my original plan of sitting the lab in December. Moving it earlier meant that I had to push myself harder, and missed vital topics. My understanding of IPv6 security sucked big time. I did complete any of those questions.
Resolution: Schedule the exam when you feel 100% ready!
Mistake #2 – I forgot my own game-plan.
Having a plan for tackling the CCIE is essential. There will be “issues” in the lab, and these are the little faults injected to keep you on your toes. This may change with the new version, but I should have kept with the “VIRA” approach:
- VLANs
- Interfaces
- Routes
- Access-lists
I did not start the lab exam by checking the topology diagrams, confirming that the setup is correct (and fixing where faults found). I started by listing all the topics and tasks, looking at the interrelation, then wading in. Completely forgetting VIRA. I got some things set up and then spent ages trying to figure out why things were not working. This resulted in two issues; I spent too long trying to fix things, and also that my confidence in my own abilities started to drop.
Resolution: Keep to the game-plan!
Mistake #3 – My lab preparation method was faulty.
The great thing about the Routing and Switching CCIE is that it can all be done quite easily using UNetLab, VIRL, or GNS3. The same is true for the Service Provider track. The Security CCIE is a bit more demanding (not as much as the Datacenter though). There are a number of different components that need setting up (WSA, ISE and so on). Whilst these do run fine in UNetLab, every time I set up a new lab I had to set these up again from scratch, losing valuable hours in the process. If I had all of these running under ESXi (like I did with the ACS), I think things would have run more smoothly.
Resolution: Spend time thinking about how best to prepare, minimize the time taken to create new practice labs.
I will not be disheartened
So there are three quite major reasons that I did not pass. I don’t want to use the word “failed” because the only failure is where you don’t try something. Trying something is never a failure, it’s an attempt and can be successful or not. I was not successful, but I don’t consider this a failure. It was an expensive learning experience!
If you look at my previous post on the breakdown of the CCIEs, then only about 10% have the CCIE Security. That’s not many, and I can see why after sitting the exam.
Moving forward with the CCIE Security
Where to now? I can’t find any open seats in Feltham for December, but also I need to ask myself the question “Will I be ready by December?” I could try and remember everything on the lab I got and replicate, but the chances of getting the same lab again are slim (not impossible, but definitely slim).
My options, as I see them are to keep as I have been going but to include FirePower as this is what’s in the Security v5 lab. I could start from the beginning and do the CCNA, then CCNP. This would give me a better “foundation”, and that is what I think was a key to success when I passed the CCIE Routing and Switching last year. The other option is to switch to the Service Provider track. That would be easier to lab at home, but then it would be a shame to have potentially wasted the last year of learning (though learning anything is never a waste of time).
I will take this weekend to figure out my next move. But I won’t let it get me down. I spent two and a half hours driving home and found dinner ready and my wife and children pleased to see me. That’s more important than an exam regardless of passing or not.
animo, como lo dices todo aprendizaje vale la pena. La seguridad no es facil, pero puede llegar a ser apasionante.
Yo voy en 2 semanas a presentar y tengo que hacer 12 horas de vuelo para llegar a RTP Carolina del Norte.
En verdad espero también poder pasar en la versión 4 y he hecho todo el esfuerzo.
Cheer up, as you say everything worth learning. Security is not easy, but it can be exciting.
I will in two weeks to present and have to do 12 hours of flying to get to North Carolina RTP.
I really hope also to pass in version 4 and I have made every effort.
I’m sure you will get it sooner or later
hopefully not be so bad my English
Learning is never a waste of time.
Dear Stuart Fordham
try again and as you said not be disheartened, best wishes for you
Sad to hear, but this shouldn’t drag you down! Although failing, you still learned a lot!!
I guess I would go on with studying, as you might be in a flow and everything is still on your mind. If there will be a seat available until December just give it another shot. If not, well… let’s see what 2017 brings. V5 got some interessting topics, but as I read on the other post, the costs are pretty high… SP? I’d prefer it to read about SP stuff anyway 😉
You were right about wasting time trying to rebuild lab components each time. That’s a bit distracting.