Cisco CCNP Security Certification

Cisco has recently revamped the CCNP Security certification and thus the old 642- exams can only be sat up to the 21st April 2014. Links to the four new courses will be found in the Training Courses section further down this page.

CCNP Security certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments. CCNP Security is intended for those with a significant amount of experience with security in relation to Cisco products. This high level certification has CCNA Security as a prerequisite, whilst it forms a step to any further certification and enhancing the employability of those who achieve it.

The Certification Process

In order to obtain CCNP Security certification candidates are required to pass four exams, these exams are arranged separately from any training courses offered, further information on these exams can be seen by clicking on the titles. Candidates must hold CCNA Security or any CCIE in order to earn CCNP Security certification.

Below are the older style exams:

This certification path is valid only until the 21st April 2014. For further details on the changes to this certification take a look at the Exams Migration Path.

Note that this certification requires re-certification every three years; this can be done by performing any of the following:

Preparing for the Exams

The SECURE exam lasts 90 minutes, containing somewhere between 60 to 70 questions. The questions are drawn mainly from design and support operation areas. The FIREWALL exam lasts 90 minutes with between 60 and 70 questions. The VPN exam lasts 90 minutes with between 65 and 75 questions. The IPS exam lasts 90 minutes with between 60 and 70 questions, again with focus on design and support operations.

The new style of exams all last 90 minutes with between 65 and 75 questions each. The SISAS exam focuses on identity management, SENSS on threat defence and security device GUIs, SIMOS is split evenly between its topics and SITCS focuses on content security and additional threat defence.

Further details can be seen on the individual exam pages. We would recommend erring on the side of over preparation so as to ensure a mark high enough to provide a pass.

For more information on Cisco exam policies in general, take a look at this page.

Training Courses

GBdirect offer the Cisco approved courses aimed to provide the skills and knowledge required to earn this certification. The current courses offered are:

Below are the older courses:

While these courses will help prepare you for the exams they may not provide you with everything you need to pass them. To ensure this we would recommend hands on experience with the products concerned, along with additional reading from Cisco certification texts. It is advisable to look up the content of the exam, while performing practice labs and taking advantage of the practice exams available on the Cisco website should also prove beneficial. We welcome any reviews of your Cisco Certification experience, if you feel that you know of an improved learning method then please don't hesitate to get in touch.

Official Cisco Materials

Cisco provides a large amount of online materials, some of which is available through the certification pages themselves. An excellent starting point is to look at the exam content available on the exam page as well as a PDF that provides the exam guidelines.

The CCNP Security syllabus can be found in its entirety here.

While CCIE Security is a higher level of certification Cisco has made a document available that details the equipment and software required to create a practice lab, this is also applicable to the CCNP level of certification and may therefore prove useful.

Cisco also hosts forums in the form of Study Groups, allowing for the discussion of any areas within CCNP Security certification. This is naturally very useful for finding information on specific areas, but also for finding overviews of certification as a whole. One particular discussion of interest can be found here, containing a selection of tips from someone who has fairly recently passed CCNP Security.

An entire list of learning materials can be found on the Study/Learn tab under each exam heading on the Cisco Learning Network. At this point there is a wide range of materials available for both sets of exams, if you are looking to take the current exams then some of the older material is still relevant due to the overlap between the two variants of certification. Further to this there are a few practice questions available on each exam page, under the "practice" tab.


Official texts for the new certification exams are expected to be released in January 2015 and this page will be updated shortly afterwards. In the meantime the older certification guides and quick references can still be of some value to those undertaking this certification. There is a significant degree of overlap between the certifications and as such may be of some value to those studying the new certification.

A range of texts are available for those studying for the previous iteration of this certification:

The official cert guides for VPN, FIREWALL and IPS all receive excellent reviews, being praised for a variety of reasons. This is due mainly to the clear style of these three books combined with the usual exam focus. These books also include practice tests as well as practical guides to certain elements. As such these books are regarded as very valuable as preparation for the certification exams in addition to having some use as a practical reference for labs and in real world applications.

The official cert guide for SECURE however receives much lower reviews, with reviewers reporting a large number of typos as well as a number of technical errors. Whilst some reviewers do still praise the quantity of material contained within this book it would seem not to be the best learning material available.

A series of quick reference guides is also available for the four exams, which generally receive positive reviews and is suggested as a revision tool for use at a time closer to the exam, or for those who may be recertifying or approaching the certification with a very high level of experience and knowledge beforehand. These are available for all four FIREWALL, VPN, IPS and SECURE exams.

Note that this list is by no means comprehensive, but a combination of Cisco's online materials along with an official cert guide will provide a significant amount of preparation material. We welcome reviews and views of any text you have personal experience with, likewise if you feel we have missed off a more valuable study aid please do get in touch.

Additional Resources

The forum is one of the most active covering Cisco and other certifications, there is a great deal of detailed information related to either specific technical details or the certification as a whole.

CBT Nuggets offer a series of instructional materials that cover all four exams in the CCNP Security certification path. These come highly recommended, although they are fairly costly.

Someone has made their FIREWALL notes available for download here, these may prove useful for those who find this particular section difficult or are looking to compare their own notes with someone else's.

David's networking blog features a lab setup for the CCNP Security VPN that may prove useful for those looking for more practical learning.

CCIE4all has a CCIE Security lab setup, which while aimed at a higher level of certification can still be useful for some elements of CCNP Security.

CCNP Study Material is not totally focused on CCNP Security but does in fact contain some materials applicable to CCNP certification in general and some posts only concerning CCNP Security.

Boson also provides some practice exams for exams within this certification, except for the VPN exam.

What if I fail?

Don't panic. You will be able to see and your test result and the areas you felt weakest in, focus on content areas where your performance was weakest and areas with a high percentage of questions. Once you feel ready you can reschedule your exam. Cisco's exam retake policy is listed below:

The policies for retaking exams are as follows:

Excellent, you've passed

Upon passing you will receive a score report complete with your photo; this can be used to share with employers or other third parties. This will also grant you access to the Cisco Certifications Tracking System, allowing you to see certification progress, access logos for valid certifications, allow third parties/employers to see your certifications and to sign any necessary agreements.

Next Steps

CCNP tends to be the highest level of certification achieved by those pursuing Cisco certifications; however a higher level, CCIE, does exist. This is an extremely highly regarded certification that demonstrates the highest level of technical proficiency with Cisco technologies; due to the difficulty and specialised nature of this qualification we do not offer training courses. Further information can be found on Cisco's site.

CCNP, Salary and Contract Rates

A recent survey of IT jobs offered across the UK reported the following statistics on the average earning of salaried and contract workers holding CCNP certification. The UK average salary for a CCNP is £45,000, with the average salary for London being £47,500. A breakdown of this shows 90% are offered a salary of more than £35,000 while 10% are offered more than £63,500.

Contractor daily rates were also surveyed and the UK average was found to be £360 per day and £375 per day for the city of London. The further breakdown of these figures shows that 90% are offered a daily rate in excess of £250 while 10% are offered more than £450. Further details can be found on the IT Jobs Watch site.