A little late start to the thread but here we go into 2020.
For me it is steady as she goes. I'm commited to my current role until at least the end of 2021.
February is dedicated to re-cert of my CCNP so I don't have to mess with it for 3 more years (Moved my test date to this month to give me some more time to study for TSHOOT). I didn't realize how much stuff I forgot until I started looking into it again. I'm glad I didn't go with my gut instinct of going in blind to "see how I do"
Palo Alto. CISSP.
My third or fourth year I have said I will get the CISSP. Going to have to do it this year, or get a new job. Of course the jobs I want all require CISSP anyway. Other than that just watching what happens with the Cisco stuff.
-Otanx
Is 2020 "The Year of CISSP"?
https://www.youtube.com/watch?v=NVGuFdX5guE
I'm more than happy to help out in forming a study/discussion group here. I might wind up getting it.
Meanwhile, I have already renewed my FCSE and will work on FSDE, which is vendor-specific, as the first two initials indicate. I'll probably also help write the test for FSDE, so passing it should be that much easier. :smug:
Azure AZ-103 booked in
Enough CE credits to renew Cisco stripes (already got 40-50 or so....)
Then that'll just about do me until the next re-certification cycle, ugh.
You'll be emeritus one day! You can do it!
Ha ha thanks
To be honest I might maintain active status, at least as long as I'm still in the channel, thanks to continuing education + the new rules which will let me re-cert via a CCNP specialisation. But googling it now its been bumped up to 120 credits (it was 100 last time round). Meh. At least I have almost 2 years before I need to worry about it.
I've spent 70% of my study time on AWS/Azure over the last 12-18 months
Just got my AARP credentials yesterday. :smug:
Quote from: ristau5741 on February 20, 2020, 06:25:07 AM
Just got my AARP credentials yesterday. :smug:
I'll get mine in a few years, lol.
Passed the CISSP exam Friday. Took 90 minutes from parking to leaving. Now waiting on ISC2 to get back to me so I can do the rest of the paperwork.
That exam is exhausting. I was just drained till Saturday afternoon.
-Otanx
big congrats!
Quote from: Otanx on February 24, 2020, 09:38:03 AM
Passed the CISSP exam Friday. Took 90 minutes from parking to leaving. Now waiting on ISC2 to get back to me so I can do the rest of the paperwork.
That exam is exhausting. I was just drained till Saturday afternoon.
-Otanx
:applause:
Congrats on the pass.
My plans are already blown. I passed TSHOOT and got the recert under the wire - Now it came to light they are paying for CCNP Security so here I am taking the self-paced course for Security Core.
I'm a little sore about the unnecessary exam but I won't complain about the free CCNP courses and exam vouchers.
Thanks everyone. Got my confirmation from ISC2. Submitted all my supporting documents, and had my wife be my CISSP sponsor. Now four to six weeks for them to review before they grant me the official certification.
Now to figure out what to do for the rest of the year. I peaked too early. I am not really interested in any of the other Cisco exams. Maybe Splunk as we are getting into that pretty heavily. Maybe Arista because we moved to them from Cisco. Maybe Azure as I hear that is coming soon. Maybe I just sit back and be happy I got one this year.
-Otanx
Get your MCP for Windows 10. :problem?:
Azure. There isn't any arista certifications worth a damn. Or bone up on your ansible and EVPN assuming that's what you use your Aristas for
I agree with you on the Arista certs. I looked at them after I posted, and not really seeing the benefit. We don't do EVPN yet, but maybe in the next few years. We are still migrating our DC over from IOS/NX-OS, and I am trying to keep it simple for the junior guys. I am probably going to do Palo Alto which I didn't even mention. We have a few, and are probably moving that way. ASA is EOLing, and I don't like FTD.
-Otanx
One of our Arista regulars will kill me but imma saying it anyway: a colleague of mine worked on an Arista network for 18 months (as in built it out, not just ops), went for the exam and got stumped by questions like what is the colour on component X of model Y. He bombed, and he's an amazing engineer, he said that it was just trivial pursuit and barely asked any 'real' questions on MLAG, VXLAN, EVPN etc.
That was a while back though maybe its different now to be fair. But still the return you'll get isn't great as most recruiters/companies aren't looking for it.
EVPN is amazing but complex to learn, good thing there are PLENTY of reference guides out there. Its actually beneficial (like MPLS) reading the same thing again from Cisco and then Juniper and then Arista or whoever, to drill the protocol concepts in. You can thankfully lab at least the control plane these days with vEOS / NXOSv images, when I started messing around with it in ~2016 it was a bit bleeding edge on virtual images. I am out of date though as I did a giant project 2017-2018 then I haven't touched it since so a lot of the details are fading into the background LOL
But if you're going Arista soon and you aren't buying Cloudvision then yeah get ready to Ansible.
PAN is definitely worth doing if you're buying it, its now more recognised, and like all FW platforms there is a LOT to take in. But esp. as its really a layer-7 firewall that can also do packet filters (rather than a packet filter with L7 profiles bolted on like, I dunno, the entire competition). They're not as mind blowing as say 4-5 years ago but still pretty rad, if painful (in the same way that ALL firewalls are painful lol). I recall working on them for the first time in 2015 and being amazed at things like app-id, user-id, and the ability to restrict on a pure application basis (that is actually reliable and updated daily) and cross reference on an identity basis from AD groups (e.g. allow only netadmin group SSH). The App recognition is smart enough to detect non-standard ports, tunnelling (e.g. try running openVPN against a HTTPS rule, or tunnelling over SSH when the rule only allows vanilla SSH. denied), you can even block say facebook messenger but still allow facebook website. And of all the on-prem FWs the SSL decryption is best in class (though not as painless as ZScaler I'd say). THe standard partner playbook back in the day was to simply loan the customer a unit and hook up a span port to it BEHIND their existing FW and watch their faces as all the stuff it catches scrolls past - that flew right past their existing ASA/SRX etc
Microsoft Azure Administrator Associate (AZ-103) done, just in time before it updates to AZ-104 FTW
Congrats. Do you have to do the AZ exams in order (103 then 104), or is that just how you are doing it?
-Otanx
CCNA- Dev
hopefully CCNP dev
Dlots you'd pass that on your sleep congratulations
Otanx straight to AZ103, AZ104 is the replacement so I just snuck in. You get the same cert
PCNSE renewed. Onto more Azure
300-415 ENSDWI down
Congrats. I see someone is using this shutdown to their advantage.
-Otanx
^ That, or he's now in a 100% certification hound FTE role so his VAR can maintain Gold status for all its vendors. :problem?:
I am pushing forward with SCOR and Azure certs. Honestly the Azure certs are an effort to leverage my contacts within an organization that rhymes with Icrosoft to see if my clearance can get me a job in the organization. Would I be happy there? Hell I don't know. From what I have seen of the cleared PFE community just showing up, caring and doing your job makes you a rockstar. I suppose I would do well.
Otherwise I think SCOR and VPN perhaps would make me look sexy. Same with the Palo Alto I have been harping on for months now.
Clearance + Vendor = yay you can do all the military contracts
Azure Solutions Architect Expert down
Disclaimer: I am not an Azure expert. Don't ask me about databases, I drive routers FFS!!!!!
Quote from: wintermute000 on July 09, 2020, 06:44:37 PM
Azure Solutions Architect Expert down
Disclaimer: I am not an Azure expert. Don't ask me about databases, I drive routers FFS!!!!!
Can I move all my on-prem network infrastructure to the cloud? :problem?:
Yes, for the price of a burrito
Congrats. That is pretty cool.
Dean: Just go 100% work from home, and make your employees supply their own internet. Boom. No network. Also no prem for the network to even be on. I will send you my address for that burrito.
-Otanx
You joke but that's the zero-trust push, and it works (we have deployed several zero-trust solutions since COVID and users happily @ home remoting into work resources and its not a traditional client VPN to a DC head-end, even though some solutions do have similar components).
For forward thinking companies where remote bodies make sense for the workflow, it could seriously, seriously reduce the need for real estate. And in-turn the traditional campus and WAN market. We're seeing slowdown even for SD-WAN (though how much of that is general depression, who knows).
Akamai reckon their entire workforce operates off zero-trust (their solution, naturally, which is basically the same as ZScalers), their offices are literally internet hotspots and the workflow is the same whether in the office or at home.
If I was the CIO this would be my future direction. Zero-trust, full BYOD, buy meraki / commodity internet and happy days. Everyone gets Azure AD and everyone 2FAs into everything.
^Truth.
Even PCI and HIPAA environments can be created and secured in the cloud. Even if you're working in the office, you can basically do it all in the cloud. The pushes are all to the endpoint or the cloud, very little push to expand switches or things like that in the middle. Manufacturing would be one place that still requires on-prem gear, but that is already a different space than the normal Cisco office.
The larger point is that zero-trust doesn't care where your workloads are, if they're in the cloud or on-prem its all gravy. The key is that identity is brokered, and part of the connection mechanism, and available over the internet since everything is assumed to be untrusted until it authenticates and authorises.
Zero Trust is going to be the way to do most stuff it the future. Intercept of TLS traffic is going away, and with work from home, cloud, etc. nobody has a traditional perimeter to secure anymore. Agents on all end points. Authenticate and encrypt all traffic. Then you don't really care about the transport.
-Otanx