It's always a good idea to have a structured study plan. I did this with my Routing and Switching CCIE, managing to stick to it (roughly). So it makes sense to do one for this as well.
My plan in it's most general sense is to:
Build up a fully working lab, bit by bit.
Use the INE videos to build up this knowledge as I go.
Read the books for the various sections.
The lab will be based around UNL, and the topology will be based around the same one used by INE. So that when I come to do their full labs, it will all be set up and all the kinks will be worked out. The topology is in my first post about the CCIE Security, but I will re-post it here to make life easier:
Sounds very broad, doesn't it. So let's break it down to a proper study plan, starting with the things that are new to me. Where I mention ATC, this is the INE Advanced Technology Class (http://streaming.ine.com/c/ccie-security-advanced-technologies-class)
1: Set up TestPC-B, Switch 2 and Switch 6. This will give me access to WSA1
2: WSA :-
- Watch: INE video course http://streaming.ine.com/c/ccie-sc-wsa-primer. Applicable videos from the ATC.
- Read: http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa7-1/user_guide/Cisco_IronPort_AsyncOS_7-1-0_User_Guide_for_Web_Security_Appliances.pdf
- Do: Set up WSA in UNetLab.
- Covering: Section 3: Intrusion Detection and Content Security (second half)
4: ISE :-
- Watch: INE video course http://streaming.ine.com/c/ccie-sc-ise--primer, and videos from ATC.
- Read: Cisco ISE for BYOD and Secure Unified Access: BYOD Network Security with ISE
- Do: Set up ISE(s) in UNetLab/ESXi - I don't think they will run natively in UNL.
- Covering: Section 4: Identity Management
6: ACS :-
- Watch: INE ATC videos
- Read: Cisco Access Control Security: AAA Administration Services
- Do: Setup ACS
- Covering: Section 4: Identity Management
- Watch: INE ATC
- Read: Cisco ASA: All-in-one Next-generation Firewall, IPS, and VPN Services
- Do: Set up ASAs, for VLANs, failover/HA, transparent mode, routed mode and anything else I can think of.
- Covering: Section 5: Perimeter Security and Services
- Watch: INE ATC
- Read: VPN books - refer to CCIE security topics and reading list.
- Do: Majority of Section 6.
- Covering: Section 6: Confidentiality and Secure Access
- Watch: INE ATC
- Read: Cisco ASA: All-in-one Next-generation Firewall, IPS, and VPN Services
- Do: Set up IPS
- Covering: Section 3: Intrusion Detection and Content Security (first half)
- Watch: INE ATC
- Read: Designing Network Security
- Do: Set up hardened services on routers
- Covering: Section 1: System Hardening and Availability
- Watch: INE ATC
- Read: Cisco Wireless LAN Security
- Do: Set up Wireless components - vWLC, an AP, a wi-fi client
- Covering: Section 6: Confidentiality and Secure Access
- Watch: Not sure yet.
- Read: Implementing Cisco IOS Network Security
- Do: General protection
- Covering: Section 2: Threat Identification and Mitigation
- Do: Implement IGPs and set up authentication.
14: Do written exam
15: Practice - do INE Security workbooks and full scale labs.
16: Lab - take the lab exam.
17: Profit? Re-take lab exam? Who knows!
I am not attaching any timelines to this at the moment though. I'll start doing that closer to the end.
What do you reckon? A workable plan? Missing anything?