Security is an ever-evolving technology that is necessary in every organization. That’s why Cisco Certified Internetwork Expert (CCIE) Security-certified individuals are in high demand. 

This year, we celebrate the CCIE program’s 30th anniversary. As the second-most sought-after CCIE certification, I’m here to offer tips to achieve the CCIE Security certificate by sharing my own certification journey as well as preparation for success. 

My CCIE Security journey 

I started my professional career at the Cisco Technical Assistance Center (TAC) as a support engineer. In this role, it was essential to be at the top of my game to resolve critical and time-sensitive network incidents promptly. 

One of the ways to achieve that was to earn the CCIE Security certification, which demonstrated hands-on experience in a lab environment. 

Though I initially sought this certification to be proficient in my job role, it also paved the way for me to grow in my organization. 

After achieving my CCIE Security certification, I became the team tech lead of access-control technologies at the Cisco TAC, instructor of security bootcamp for the onboarding of engineers at Cisco, and network consulting engineer for the Cisco Advanced Services Organization for AT&T and BT-Infonet customer accounts. I also administered and delivered CCIE labs across the globe, authored technical documents on Cisco Connection Online (CCO), contributed as a subject matter expert (SME) for the CCIE Routing and Switching (RS) and Security tracks, and am currently the program manager of the CCIE Security exam. 

I strongly believe being CCIE certified hugely contributed towards my professional achievements and is key to anyone’s professional growth and success in this industry. 

Prep for success  

The CCIE Security exam has numerous security appliances and solutions with additional dependencies that require the highest level of expertise. The exam tests your design, deployment, optimization, and troubleshooting skills. For the past 30 years, we have ensured that the exam blueprint is relevant to both industry security solutions and aligned with the Cisco Security portfolio. The tasks in the blueprint are based on security technology and solutions that serve as the knowledge base you need to be successful in the lab exam. 

When I had my first CCIE exam 22 years ago, there was no concept of Network Function Virtualization (NFV) of Cisco devices, so I had to work with physical devices in a shared setup to practice for the lab exam, which was not an ideal scenario.  

I used the blueprint as my guide to build scenarios for each task, stitched multiple scenarios for a viable security solution, and then practiced deployment, optimization, and troubleshooting of those security solutions.

The exam blueprint should be the starting point of your journey. Identify the tasks from the blueprint that you are not an expert at. Then, build the lab modules for those tasks to test deployment, optimization, and troubleshooting skills. 

When practicing your lab modules, time it. This will develop time management skills for your lab attempt. Most of the candidates who are well prepared fail because of poor time management. Time management is the key to a successful lab attempt. 

You should also review exam guidelines, which have important information about exam dos and don’ts. If the guidelines are not carefully followed, then you will lose critical marks that may cause you to fail the exam. 

It is difficult to pass lab exam in the first attempt. That said, learn from your mistakes, identify your shortcomings and weaknesses and devise plans to rectify them. This approach will give you a great chance to pass in the subsequent attempts.  

The CCIE Security Practice Labs, CCIE Security Learning Matrix, and CCIE Security Equipment and Software List are some of the resources provided by Cisco to help you prepare for the lab. 

Finally, lab exam preparation is about motivation and momentum. If you are missing any one of those, then it will be extremely difficult to get to the finish line. 

Cisco certification updates to the CCIE Security exam  

The major update to the current blueprint of the exam is cloud adoption tasks. This includes Umbrella and Umbrella VA tasks. However, this revision affects less than 20% of the exam and will not cause disruption for the candidates already preparing for the lab exam. 

The security appliances, such as Identity Services Engine (ISE), are now heavily exposed for Application Programming Interfaces (APIs). Therefore, we expect you to understand the construction of secure API call using POSTMAN and be able to execute them. We also expect you to understand Python at the basic level so that you can program the API calls.  

Most of the exam98%is focused on virtual machines (VMs) of security appliances and core devices running in the ESXi environment while the remaining 2% of the exam is focused on the physical devices, including the Adaptive Security Appliance (ASAs), to test you on Active/Active Failover and Clustering that requires context and is not supported on the virtual ASA (ASAv).  

The exam format is the sameThe first three hours are focused on the Design module and the remaining five hours are focused on the Deploy, Operate, and Optimize module. 

We use automation to perform the exam grading. That being said, if any task is marked incorrect by the script, it is cross checked manually as an additional step to preserve grading fairness. 

There could be multiple exam forms in production, and each may have different passing scores. The passing score is based on the exam difficulty level, which is determined using a specific procedure. 

We do hardware and software updates only when we revise the blueprint. However, if for any unforeseen reason we need to perform an update, we will notify the certificate community six months in advance on the Cisco Learning Network so that you have enough time to prepare accordingly. 

The CCIE Security journey 

As technology has changed, so has the CCIE Security program. From its humble beginnings slowly being introduced to the CCIE program as network security took off to now becoming its own unique skillset, the CCIE Security certificate enhances your knowledge to propel your career.  

With the right preparation and perseverance, you too can earn this certification and use it to grow and find success in the industry. 


Sign up for Cisco U. | Join the Cisco Learning Network.

Follow Cisco Learning & Certifications

Twitter | Facebook | LinkedIn | Instagram | YouTube

Use #CiscoCert to join the conversation.


Zia Hussain

Network Security Architect

Cisco Learning and Certifications