It was some time last year when I started to think about what I should dedicate time to certification-wise. My CCNP Enterprise expires this year, so that was my first thought: Let’s renew. I bought the book and started reading. However early on around the time I got to everyone’s favorite subject – Spanning Tree Protocol – I pumped the brakes. STP was my least favorite topic in the previous exams but that was not the cause of my change of heart.
My previous pursuit of certifications always revolved around what I was working on. In the beginning of my networking career, I obtained my CCNA. It was a great fit because I was learning networking in Cisco environments. As I continued to mature in my work, I obtained the CCNP Routing and Switching. I continued to dive deeper into networks so I renewed it. Last year, I was knee deep in a couple of years of Palo Alto projects. I first obtained the PCNSA and then shortly after that I passed the PCNSE. With all of that in mind, I started thinking about what I was currently working on when considering my next certification move. And what were most of my projects focused on? Most of my projects and tasks at work were and have been security-orientated for a while now. It seemed like over the last few years my network engineering title was slowly evolving into a security engineer position. That is when I decided I had a SCOR to settle (pun intended). It was time to jump into the world of security.
I learn a lot utilizing the hands-on approach. It’s what helped me obtain the CCNP before. If you have the tools at your disposal, especially in a lab environment, put them to use. I put the ENCOR studies aside and started looking into the 350-701 SCOR (Implementing and Operating Cisco Security Core Technologies) exam. It made sense. At work I was swimming through most of the topics from the test. I spent my days in ISE, Umbrella, Stealthwatch, DUO and the ESA among other security-related technologies.
It seemed like each passing year brought about more security solutions to be responsible for. In a way, it felt like I was being forced to wear a security hat. However, we all know that no matter what position we are in – security should be top of mind with any project we put our hands on. This is especially true today where a user can be enticed to click on a “You’ve won a free 7-day cruise” link that can cause a company to fall flat on its face. Things like that is what keeps us security professionals up at night. Security breaches continue to make the news. We are responsible to bring in solutions and think of ways to try and stay ahead of attackers.
You might have a dedicated security team at your company, but security is not just their job. It is everyone’s job, including end users. If we want to defend, we need to follow the sword with our eyes and see where it will strike. If we want to defend, we need to know how to wield a shield properly. These are some of the components within the SCOR exam. In the SCOR prep course, Implementing and Operating Cisco Security Core Technologies (SCOR), you’ll learn about different types of attacks and what tools Cisco offers to harden an enterprise from attack. The study material isn’t supposed to be sales related, but it definitely makes you want to “buy in” to doing what you can to protect your organization. If you are not interested in taking the exam, I would still recommend looking through the material. Any opportunity to learn is a great opportunity. You might also run into great ideas that can be discussed with your organization.
This is just part of my journey. I have yet to finish my studies. I am currently going through the Official Certification Guide as well as videos online. I’ve sat down with my manager and he agrees that we’re doing a boat-load of security tasks and that won’t be changing anytime soon. This conversation opened the doors to take a class as well. Sometimes the problem with many organizations is the lack of ideas. The SCOR studies are ripe with ideas that can be implemented.
Your team might not have the budget to implement an ISE deployment, but I am sure you will find some free ways to harden your existing infrastructure simply by reading the material. There is plenty of study material out there, but the problem that exists is the finite amount of time to study. Between daytime responsibilities and chasing the kids around, I am finding the study an uphill climb, but I know it is one that is going to be very beneficial to myself, my team, and my organization. In my next blog, my goal is to be sharing you some good news.
Implementing and Operating Cisco Security Core Technologies (SCOR)