Which CCIE next: SP or Security?

Now I have a choice to make: Which CCIE track do I do next? I could just sit back and rest for a bit, but I think the CCIE is a bit like getting a tattoo, it’s a bit addictive, also I will need to recertify within 2 years, so I need to do another one.

I passed my final CCNP on July 10th 2013, and passed my CCIE R&S on July 10th 2015. I have only just seen this, but it certainly was not intentional that I chose the lab date I did. So, we can figure that the next CCIE will take up to two years to complete. Hopefully it won’t take that long, but 2 years should be ample time. At any rate, it pretty much means that I cannot afford to sit back for too long.

So far all of my certifications have been in the Routing and Switching domain, I started with CCNA, the did CCNP, and finally reached my goal of CCIE. But Which CCIE track should I do next?

It will either be Security or Service Provider. I don’t have much interest in, or need for, Wireless, Voice or Collaboration. Data Center would be very useful, but getting regular access to the necessary hardware (for me) is not easy. I certainly cannot afford the $1m (list price) for the equipment either. So this leaves SP and Security.

Which CCIE to do next?

I am not going to start again from the CCNA for these, thankfully there are no prerequisites, so I can jump straight to the CCIE level. I think I can do this.

But which to choose?

CCIE Service Provider

Pros: The Service Provider track seems like a logical step on from the Routing and Switching. It centers heavily around BGP and MPLS, with either OSPF or ISIS as the IGP. I think I am pretty strong on these topics already, so it feels like a very logical continuation from Routing and Switching.

All of the SP topology can be run pretty easily within UNL (UNetLab), as it is 4 XRv routers and 10 CSR1000v routers, within a 32GB server. I could follow the INE workbooks with no problem.

Cons: SP track is not entirely relevant to my role, barring things like QinQ, whereas the Security track is.

CCIE Security

Pros: I spend most of my working day in our ASA firewalls, so it would make sense to do this track next. It will help me in my job more than the SP track.

Whilst it can all run within UNetLab, I will probably need more memory. This is not a show stopper, but I might have to repurpose my existing ESXi server and build a new, more powerful one.

Cons: It does not look like so much of a quick win as the SP does. I think I could do the SP quicker than the Security.

Both are equally attractive subjects, so I really don’t know what way to lean. Do I choose what seems (at the moment) to be the quicker option, or do the longer one which is more relevant to my current role?

So, kind people… Which CCIE do you think I should do? Comment below (with reasons). I might even throw in a prize as I am in a good mood!


  1. Bernd July 12, 2015
  2. Anonymous July 13, 2015
  3. Stuart Fordham July 13, 2015
  4. Anonymous July 13, 2015
  5. Bernd July 15, 2015
  6. Stuart Fordham July 15, 2015
  7. Jon Major June 5, 2016
  8. Stuart Fordham June 5, 2016