Friday, March 9, 2012

Technical Certifications

I just took and passed the CCNA Security (IINS 640-553) exam. Well, I think I passed. There's apparently a validation period where they make sure you didn't cheat, so it's "preliminary" mode. The process of preparing for this exam and the ultimate exam experience made me want jot down some thoughts about certification in general, and Cisco certs specifically.

I'm going to list two perceptions about certification: one is that the only value to certifications is that they look good on your resume, and the other is that certifications are a good indicator of your skillset. Now I'm going to list two groups of people: IT Professionals and employers. Which group do you think matches which perception? I'll give you a moment...


I have yet to meet an IT pro who thinks certs are important. The general reaction to certification is something along the lines of "I've been setting up mail servers since Microsoft Mail. I don't need a piece of paper to show that I've got skills." That kind of thing. On the flip side, for some employers those certifications are the difference between forwarding your resume on to the hiring manager and sending it straight to Deleted Items (maybe even Shift+Del if they're really unimpressed).

Why the disconnect? Why are certifications, ostensibly developed to separate Those Who Can from those Who Can't, not worthy of respect and admiration from your peers? Well, I believe there are two factors: brain dumps and experience.

I have never implemented an IBNS network, NAC, or had to configure IPS on a Cisco device, but I now have a piece of paper that says that I theoretically could. Somewhere out there is a Network Engineer responsible for an environment consisting completely of Cisco devices, and they've turned on/implemented a host of the features and capabilities that the Cisco Security exam tests on, and they don't have a CCNA Security certification. They could configure circles around me. That's just truth.

Then there are the brain dumps, the bane of certification authorities everywhere. Some certs are more vulnerable to this than others. I believe Microsoft certifications have taken the biggest hit on this. You show up to a party bragging about your MCSA and not only do people not want to talk to you because you're apparently super-boring, but people aren't even impressed. You can do nothing more than study brain dumps, reviewing those questions over and over again, and pass a Microsoft exam, at least one of the entry level ones. CCNA is a bit different simply because dumps are less available and the tests are more complex (simlets, testlets, actual CLI entry), but there's still vulnerability there. Essentially your colleagues don't know whether or not you actually earned that cert or if you're just good at memorizing stuff, so they err on the side of caution.

So why did I take the CCNA Security certification? Well, my primary reason was because my CCNA was due to expire this month, and I needed to take something to get 3 more years. That was honestly the impetus. The IINS 640-553 is heavily Cisco-centric in that it deals mostly with proprietary Cisco software (SDM, IOS, ACS) and Cisco theory (self-defending network, IBNS). I have never, nor do I currently, work in an environment that is pure end-to-end Cisco, which is what it necessary to really take advantage of a lot of the stuff that this exam covered. There was some generic security information that was valuable, such as encryption protocols and reviewing common network attacks, but not a ton; I'm sure the Security+ exam is more inclusive and real-world useful. That's actually not so different from the basic CCNA exam either, which focuses heavily on Cisco whereas the Network+ exam is much broader. Why then spend $250 on an exam testing skills I won't be using any time soon?

For me, these certifications are learning tools. I've felt that since I got my first two certs, Network+ and A+. I came into IT with a rudimentary understanding of computers and technology as a whole. I was able to make my way around, but I wanted a more solid foundation. I essentially wanted coursework to walk me through the subject, cover things that I might not have even known needed to be covered, and just A-Z my way through the subject matter. That's why I liked studying for those two exams, and why I like studying for exams now. There's certainly a degree of accomplishment that comes with passing an exam, and I've never been prouder of a technical accomplishment than when I got my CCENT as part of my CCNA track. I started on that path because I wanted to learn networking, I mean really learn networking. I was fairly Layer 2-proficient before that, but reading through the official CCENT study guide was like, whoa! Terms and tech and concepts that I had never heard of before came at me, and I ate it up. It was great.

Same thing with my Microsoft certs, for all the flack I give them. I got my MCSA in part because it wold look good on my resume, but also because even though I could RDP to a Windows Server and add users to ADUC, or edit a GPO, or get information about the environment via various MMCs, I didn't understand the underlying concepts and technology of an AD environment, and I wanted to. It frustrates me not to understand the nuts and bolts of something, and it comes back to haunt me when I'm studying. I find it difficult to move beyond a topic if I don't fully understand it. This drove me nuts when trying to understand the IPSec VPN process. Yeah, yeah, I get that there's a Phase 1 and a Phase 2, and that Phase 1 creates a tunnel for Phase 2, but seriously how does that DH key exchange work? What's a nonce? I need details!

My certification preparation ritual follows this need for understanding. I first read through an official exam guide if there is one; sometimes two if time permits. I read a chapter, digest it, and then go back through it and take notes. Then I watch a video series on the subject; Train Signal and CBTNuggets are my go-to guys. I used to have a VTC account back when I thought I would have time to watch endless videos on all kinds of random topics, but it was wasteful to pay money each month for a service I wasn't actively using. After that I review test questions, take practice tests, and buckle down on any specific topics I'm not clear on. The exam guides often cover a lot of extraneous stuff that isn't on the test itself, but can be interesting or useful in general. Of course, the IINS exam guide spent like an entire chapter on SDLC in the beginning, which I struggled to understand and still don't get, but it's not even one of the core objectives of the exam. :\ I found that out after re-reading it a dozen times.

I want to get something off my chest about Cisco's certifications though, now that I've gone through the testing process thrice: CCENT, CCNA, and CCNA Security. I get that Cisco is protective of their technology and their brand. I get that they want to avoid what's happened with Microsoft certs. They don't want people to be able to brain dump and take and pass exams without doing the due diligence, etc. I get it. However, it's my opinion that they've made it almost prohibitively difficult for people interested in becoming either network or Cisco proficient to do so. Let me lay out my points here:

1. The Cisco Security exam costs $250. The MCSA cost $150 when I took it. So yeah, an average person isn't going to cough up $250 to be able to take the exam for the sole purpose of being able to dump it, or even just to the experience of the exam as part of prep. MS offers second chance vouchers sometimes. Haven't seen such a thing with Cisco. They clearly want you to mean it when you take it, but that's a pretty sum of cash for a "piece of paper", especially if you don't get reimbursed by an employer for it (sigh. I miss that).

2. Despite focusing heavily on their proprietary software, Cisco doesn't want you to be able to get it! This right here is probably my biggest gripe about their certification process. I have a CCNA. Why can't I download an IOS image or the SDM without having a service contract? Especially since the SDM was actually discontinued! They've moved on to some other GUI-based configuration tool, but the exam is still based on the SDM. I have Cisco equipment in my home, used stuff I bought online or borrowed. I can't upgrade their IOS images, so I can't implement all of the commands demonstrated in the study materials. My 851 router is running SDM version 2.2. The test uses version 2.5, and they are very different. I wasn't able to get any hands-on experience with the SDM and had to rely on screenshots and videos to get a sense of where my configuration tasks were. I even tried using the service contract from my job to download it, and I couldn't because it didn't match our registered device type. I mean, I can install a trial version of Windows Server and run it for a little bit without a key to use it for MS studying; why can't Cisco provide something similar? $250 for an exam, and then renting a rack for $x an hour, or buying simulation software? Maybe I should trash all my old hardware and buy newer stuff so I have a chance of having newer software installed. It's like you have to have a lot of disposable income to study for a Cisco exam.

3. Right now I can remember crypto isakmp enable with no problem. I was up all night reviewing commands and notes and questions. Next week? Probably not. But IOS has this neat feature, this tab completion thing, and this context help where you enter "?" after a command and it helps you fill in the options. Why does the router simulation not allow for that? That's a real part of network configuration work. No one has every single command and possible option memorized. Why do you expect that to be the case for the exam?

/end rant

Maybe that's why the Cisco certs still have some clout (they do, right?). You have to jump through hoops to prepare for them. At least I have another 3 years now before I have to deal with it again. Next area of study? Back to Linux. It's time I got a RH cert.

No comments:

Post a Comment