Automatic reply: Pwned no more, #25963
Ha, I bet you thought this was another automated reply to an old message posted on March 16, 2010. But it's not. I am proud to announce that I have re-certified my R/S CCIE by passing the Security lab. I am now one of the who-knows-how-many dual-CCIEs out in the world (I wish Cisco would start posting those figures again...). If you don't like long winded stories, then stop now with the knowledge that I passed. Otherwise, let's begin:
First, I have to give thanks to my wife who gave me the time and space I needed to accomplish this goal when I first decided to re-certify my number. She did her best to keep my now 5 year old son and 1 year old daughter from distracting me too much...well, she tried. It's pretty hard to study and concentrate when the two cutest kids I know want me to play with them.
Second, I need to say a big thanks to my parents who have always been there for me and believe in me, and are always willing to help me and my family. Then there are the guys at work who inspire and continuously amaze me and make me want to strive to be a workaholic just like them...ok, I made that last part up, but they do inspire and amaze me.
My Security journey sort of started last summer when I realized I had about 8 months before I had to re-cert my R/S. I knew that I could probably pass the R/S written easily enough, so I decided I'd mix it up a little and choose a different track. I picked Security because I wanted to catch up to the guys at my job who were years ahead of me in experience and were doing things with ASA and ACS that I could only dream about (at the time). So I studied for about 8 weeks and was able to pass the written. I had told myself at that time that I would make a go at the lab at some point just before I had to re-cert again, not for any kind of job advancement, but really just so I can say I'm one of the smaller percentage of CCIEs that have multiple certs.
That is until January 15, 2012, when I happened to be reading IEOC's Success Stories postings to see how many new numbers had been handed out in the 2 years since I got mine (fyi, about 8000 numbers). I came across one by Deepak Arora who just 6 months prior had gotten his R/S, then in January, was posting about passing the Security lab. I'm not really sure what caught my attention, but I did recognize his name from posts back when I was studying for my R/S back in 2009-2010. In any case, his Security success story motivated me enough that literally 15 minutes after I read his post, I gave INE some $$ and started planning my own Security lab attempt.
Initially, I started off with the videos which were filled with useful information. Here's a critique for INE when making these videos: edit out the parts where the instructor is ho-humming his way around trying to figure out why his task isn't working like it's supposed to. Yes, I understand one can learn by watching other's mistakes, but most of the times, I just wanted to see how the configuration looked, an explanation on how/why it works and when to use it, and some verification methods we can use. Honestly, I fell asleep through just about every video I watched mostly during those parts where I was waiting for the "good" stuff to happen.
Anyways.... By the time I got finished with the videos (about 2 1/2 weeks due to being a loving father of two and only having after 9pm to study), I started reading about possible changes coming to the Security exam, all still unconfirmed as of this writing. When I did the R/S, I got caught between the ver 3 to ver 4 switch and I didn't want to do that again. So I immediately scheduled my lab for May 14 which gave me about 4 months from the time I started watching the videos to actually doing the lab. I was banking on the fact that my R/S knowledge, would let me fast track my studies a bit.
I spent the next 6 1/2 weeks doing the Volume 1 workbook. I spent about 2 weeks doing nothing but VPN configs, but that's because I was doing each task multiple times to make sure I got it right. I was fortunate to be in a job where I had plenty of ASAs to work with (although I must admit that 8.3+ NAT rules totally bite), so I didn't have to spend as much time doing the failover or multiple context mode stuff. I also was familiar with the latest version of SecureACS so I knew what I needed to do, I just need to learn how to do it on the Secure ACS for Windows version. Honestly, there were times when i thought that maybe I should just wait for the exam to go to version 4 so at least my knowledge of the material would be relevant. But then I'd think to myself, "What the hell are you thinking, man?!" After a quick punch to my esophagus, I'd get back to work.
So, around 9 weeks in, I started attempting the Volume 2 labs. That's when the pain started. I've already read plenty of complaints of how the Volume 2 labs have a ton of errors, and well, yes, they do. In fact, it got to the point where I would attempt a lab, and fail it so miserably, because I'd get hung up on a problem that had a typo or the diagram was missing a crucial link or something crazy like that. It got to the point where I was doubting myself so much that after 3 weeks, I re-thought my approach and decided to re-do all the volume 1 labs where I had known weaknesses, primarily VPN, ACS, and IPS. I also stopped trying to do Volume 2 Labs from start to finish. Rather, I would skip to the various sections, i.e. jump to the VPN section, and only attempt those pieces. In essence, I was using the Volume 2 labs' individual tasks as extensions to the Volume 1 topics, i.e. ASA initialization, VPN, IOS FW, etc. I figured that I was better off knowing the core topics as best as I could, then I would just try to "wing" it in the lab.
A month before I was to sit the lab, I started to have serious doubts as to whether I was covering everything that could be on the lab. I remember that I was supposed to go and find the Security lab checklist on the Cisco Learning Network site which is really just an expanded version of the official blueprint. Over the next 3 weeks, I would go through the checklist and make sure I understood each item, had configured it at least once or twice, and knew where to find documentation for it in Cisco's support site. I spent a lot of time making sure I totally understood all the VPN topics. If I got 20 minutes of free time during the day at work, I'd spin up a quick lab and build a 2- or 3-device VPN, and try to decrease the amount of time it took me to configure a VTI, or DMVPN, or even GETVPN. I also spent a few days reviewing relevant parts of certain videos (fast forwarding/skipping the ho-hum moments).
With one week left before the exam, I touched up on those parts of the checklist where I was relying on my R/S, i.e. control plane stuff, advanced security, IOS firewall, mostly non-ZBF stuff, and making sure I understood how to identify/mitigate attacks.
My test was on a Monday and I was flying, with my family, to San Jose the day before. So on Friday, with 3 days to go, I was stressing so badly because I wasn't 100% sure I had covered everything (even though my checklist had multiple checks in each box). I started stressing so much that I developed a severe crick in my neck which hurt so bad that I couldn't turn my head left. After a night of painkillers and muscle relaxant, I woke up on Saturday morning to do one last day of touch ups. Around 4:00pm, I decided that I had gone as far as I could go, so I stopped. The muscle relaxant had done it's job so I decided to get my mind off of the test by mowing my yard before my trip. Unbeknownst to me, I ended up getting a tiny piece of wood or grass stuck in my eye which I initially thought was just a bad case of allergies causing my eye to tear up. However, when I woke up on Sunday and had gunk in my eye and it was hurting, then I knew something bad was up, and to top it all off, the crick in my neck came back worse than ever. That, compounded by the stress of flying with two small children, one of which we carried on our laps during the 3 hour flight, was enough to fray my nerves. Oh, and I forgot to mention that my 1-year old somehow pee'd on my only pair of jeans during the flight.
I have to hand it to my wife, though, because she kept everything calm. She was able to get the thing out of my eye, kept giving me words of encouragement, and generally maintained peace amongst all of us. When we finally got to our hotel, we were all pretty tired so we all just relaxed and lounged about until we fell asleep around 9pm PST (which for us is 11pm CST). My alarm woke me up the next morning at 6am PST, and we all woke up, had breakfast at the hotel, then before I knew it, we were driving to Building C for my test.
My wife dropped me off at 8:10am promptly, and I plopped myself down in the open seat of the couch and generally kept to myself as I tried not to think about anything related to the lab. The proctor, Tong, came out about 8:20, gathered us all around, then took us back to the testing room. I was the first to get my seat, so I read the testing guidelines page while he got the rest of the group situated. Then he said we could start, and I flung open my binder, immediately removed the plastic page protectors containing all the diagrams, then spread them out around my desk area. I made sure I brought up all my terminal windows including the ACS and Test PC. Everything came up and looked good except for the Test PC, but before I could tell Tong about it, he was busy trying to fix a problem the R/S guys were having.
So, I flipped through all the tasks and skimmed each one to see if there were any gotchas. Amazingly, I was happy to see that I was familiar with everything except for a few oddly worded questions, but I figured I'd have plenty of time to get to those. So I started at the beginning, making sure to read and re-read each task requirement carefully, then started typing away. Let me just say that the first 3 1/2 hours flew by for me, and in my point tracking sheet, I was actually a few points ahead of where I needed to be at that time. I was happy that I was able to knock out a particular VPN task in under 5 minutes straight from memory...oh, I forgot to mention that for me and the other guy taking the Security lab, we kept losing connectivity to the Support page. Tong ended up having to reset the proxy server several times during the day for the both of us. Tong also fixed my Test PC issue during this time, but I wasn't really at a point where I absolutely needed it just yet.
Lunch came and went and we were back at it. I was feeling pretty good about where I was, and where I was going, until I ran into my first problem. I swore up and down I had everything configured by the book and had referenced the Cisco doc to make sure my config matched up word-for-word. I must have spent 30 minutes on this one task trying to get it to work, then I said I had to put it aside and started on the next task. This was one I was pretty confident I'd be able to do and it took me a few minutes to get it configured and it "should" have worked, but somehow it didn't. So another 30 minutes later, I'm telling myself I need to put it aside and go to the next task. The next task, I already knew I was going to have to save to last because it was one I wasn't as comfortable doing without heavy consultation from the documentation. So about an hour and 15 minutes after lunch, my high was suddenly low and I was starting to get worried. But with about 3.5 hours to go, I told myself to go through the rest of the tasks as fast as I could, then with whatever time was left, go back to these stubborn ones.
I amazed myself by finishing the remainder of the tasks leaving me with just under 2 hours to dedicate to the 3 tasks I had problems with. It only took me another 15 minutes of poring through configs before I figured out what was wrong for 1 of them, and got it working. That left me with 1 task that I felt should be working, but didn't, and another task that I was hoping I could leave alone. I checked my point sheet and saw that I had a few question marks next to several of the tasks meaning that while I think I accomplished the task requirement, I wasn't 100% sure. Basically, I just needed to be 100% confident on one of the 2 remaining problems I had and I felt I would pass the lab. So I spent 1 hour working on the one problem I thought I should be able to fix (but I never got it to work), and I spent the last 30 minutes, including down-to-the-wire, last-minute configuring for the 2nd problem, but it too, wouldn't work.
Finally, Tong called time and that was the end of that. I had already saved my configs on all the routers, switches, and ASAs, and I did one finaly save on the two devices I couldn't get to work. I put my binder back together, handed everything to Tong, then walked out feeling unsure of myself. Oddly enough, I never second-guessed any of the other problems I had marked as complete, even the ones I wasn't 100% confident about. I could only think about the 2 that got away, because I knew that I only needed one of them to be right for me to pass.
My wife and kids were waiting for me outside, and despite my long face, she and my son continued to give me words of encouragement. I remember being at the hotel and wanting to pop open my laptop and start labbing up the two tasks that I got stuck on. But I was tired, my neck was hurting, and I just didn't feel like it. Even at dinner, I couldn't stop thinking about those 2 problems. I tried not to check my email, but every hour I'd pretend I was cleaning out work emails when in truth, I was hitting refresh on my gmail account to see if anything new had popped in.
Around 10pm PST, I was pretty tired, and I had resigned myself to getting my results the next morning. As I grabbed my phone to charge it, I noticed the message light flashing. I switched to my gmail account and there was the email with subject: "CCIE Lab Score Report". I told my wife the score was in and she followed me over to my computer so I could log in and check. She was too nervous so she sat on the couch and just waited. I remember the first time I checked my score, my hands were trembling. This time, there was no trembling, just a suddenly calm, emptiness in the air as I typed in my information and clicked to see my score.
I saw the word PASS and jumped up out of my chair, fisted pump the air, and said something like "YEARGH!" (In my made for tv bio/movie, I'll make sure the writers replace this with something awesome.) My wife jumped up and said something which I can't remember, but it made me stop myself and say "Wait! Let me make sure I'm reading this right." I double-checked it and I saw a PASS from when I passed the R/S, and right above it another PASS. I clicked on the link for it which took me to the "Congratulations...." page. Then I jumped up again and said "I PASSED!" and my wife said "You PASSED!" and my son said "Yay, you're so awesome" (at least in my mind he said that). Suddenly my neck wasn't hurting as bad, probably due to the huge shot of adrenaline coursing through my veins at that moment, but I scooped up both my kids in each arm, and embraced my wife and gave them all a huge hug and bunch of kisses. It was definitely one of those family moments I hope to remember forever.
So here I am writing this story and wondering to myself: "I just spend that past 4 months suffering 5-hour a night sleep, 3-6 hours of studying, missing valuable time with my family....am I seriously considering doing this all over again for whatever my next track is going to be?"