What are the new requirements and what technologies will you master? Find out in this post. Cisco has given us a big makeover for one of their premier Professional Level Certifications – the Cisco Certified Network Professional Security (CCNP Security) Certification. The 2014 updates retire some devices and technologies from coverage, and replace these with some of the latest and greatest in Cisco’s security portfolio. It does seem that in the area of security, Cisco makes the most sweeping changes, retiring products with no warning. The ever-changing network security landscape certainly helps to make this a reality. As we examine this updated certification, the first thing to consider is the prerequisite requirements. Prerequisites The most common method of meeting the prerequisites is to simply possess the CCNA Security certification. The simplest path to CCNA Security is to possess the CCENT Certification and then pass 640-554 IINS. A less common method of meeting the prerequisites is to possess any valid CCIE Certification from Cisco Systems. This is actually how I can move right to this new CCNP Security as I possess the CCIE R&S cert. What about if you passed the older CCNA Security exams? As usual, Cisco is very fair about this. Candidates who have a valid CCNA Routing and Switching certification and have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid through December 31, 2014. CCNP Security Requirements Four new exams are required for this premier Certification: 300-206 SENSS – the Implementing Cisco Edge Network Security (SENSS) (300-206) focuses on Cisco network perimeter edge devices such as Cisco switches, Cisco routers, and Cisco ASA firewalls. The exam is 90 total minutes and consists of 65-75 questions. The main sections and content you need to be ready for are: Threat Defense – 25% of your exam is this area. It covers ASA firewalls, Layer 2 security, and the hardening of Cisco devices like routers and switches. Cisco Security Devices GUIs and Secured CLI Management – 25% of your exam is in this area. Topics in this area are SSHv2, HTTPS, SNMPv3, RBAC in ASA and IOS, Cisco Prime, Cisco Security Manager, and the ASA’s ASDM GUI. Management Services on Cisco Devices – 12% of your exam is in this area. Topics are the NetFlow exporter, logging best practices, NTP, CDP, DNS, SCP, SFTP, and DHCP. Troubleshooting, Monitoring and Reporting Tools – 10% of your exam is in this area. Topics are monitoring firewalls using analysis of packet tracer, packet capture, and syslog data. Threat Defense Architectures – 16% of your exam is in this area. Topics are the design of firewall solutions as well as additional Layer 2 security mechanisms. Security Components and Considerations – 12% of your exam is in this area. Topics are security operations management architectures, Data Center security components and considerations, collaboration security components and considerations, and common IPv6 security considerations. 300-208 SISAS – the Implementing Cisco Secure Access Solutions (SISAS) (300-208) exam challenges your knowledge of the components and architecture of secure access utilizing 802.1X and Cisco TrustSec. This exam is 90 minutes and consists of 65-75 questions. The main sections you need to be ready for are: Identity Management and Secure Access – 33% of your exam is in this area. Topics are TACACS+, RADIUS, Native AD, LDAP, identity management, 802.1X, MAB, network authorization enforcement, Central Web Authentication, profiling, guest services, posture services, and BYOD access. Threat Defense – 10% of your exam is in this area. The topic is the TrustSec architecture. Troubleshooting, Monitoring and Reporting Tools – 7% of your exam is in this area. The topic is troubleshooting the ISE and AAA solutions. Threat Defense Architectures – 17% of your exam is in this area. The topic is designing a highly secure wireless solution with ISE. Design Identity Management Architectures – 33% of your exam is in this area. Topics are device administration, identity management, profiling, guest services, posturing services, and BYOD access. 300-209 SIMOS – the Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam challenges you on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. The exam is 90 minutes and consists of 65-75 questions. The topics are: Secure Communications – 32% of your exam is in this area. The topics are site-to-site VPNs and remote access VPNs. Troubleshooting, Monitoring and Reporting Tools – 38% of your exam is in this area. The topic is the troubleshooting of all of the VPN variants. Secure Communications Architectures – 30% of your exam is in this area. The topics are designing site-to-site and remote access VPN solutions, and encryption, hashing, and Next Generation Encryption (NGE). 300-207 SITCS – the Implementing Cisco Threat Control Solutions (SITCS) (300-207) exam seeks to challenge you on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. The exam is 90 minutes and consists of 65-75 questions. Topics include: Content Security – 22% of your exam is in this area. The topics are the Cisco ASA 5500-X NGFW Security Services, Cisco Cloud Web Security, Cisco WSA, and Cisco ESA. Threat Defense – 23% of your exam is in this area. The topic is the configuration of Cisco IPS. Devices GUIs and Secured CLI – 16% of your exam is in this area. The topic is content security. Troubleshooting, Monitoring and Reporting Tools – 19% of your exam is in this area. Topics are IME and IP logging for IPS, content security, and Cisco Security IntelliShield. Threat Defense Architectures – 8% of your exam is in this area. The topic is the design of an IPS solution. Content Security Architectures – 12% of your exam is in this area. Topics are the design of Web, email, and application security solutions. As you can clearly see, this revamp of the Certification ensures candidates are well armed with the latest Cisco Security technologies and helps to prove their value to medium-to-large enterprise organizations. I hope you are as excited as I am and look for more posts in this critical area of Cisco Certification. Remember, study with passion! Related content news analysis What other Windows 10 updates can we expect this year? The Anniversary Update was a major update in 2016 to Windows 10. But what else can we expect this year? By Anthony Sequeira Sep 29, 2016 2 mins Microsoft Computers opinion Simulations you can expect in Cisco's ICND1 exam Hands-on practice is key for success in Cisco's ICND1 (CCENT) exam. But what should you practice? By Anthony Sequeira Aug 24, 2016 1 min Cisco Systems IT Skills Careers opinion OK — What is this Nano Server in Windows Server 2016? A lot of people are talking about Nano Server inside Windows Server 2016. But what is it really? And why should we care? By Anthony Sequeira Jul 25, 2016 2 mins Small and Medium Business Microsoft Servers opinion Cisco VIRL heads to the cloud Explaining the power of Cisco VIRL used in a bare metal cloud environment. By Anthony Sequeira Mar 02, 2016 2 mins Routers Cisco Systems Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe