First Look at the CCNP Security Refresh

Today Cisco announced a significant update in the CCNP Security program. As with other program changes, Cisco is allowing candidates time to complete their current studies. However they are aggressively moving everyone toward the new curriculum. Those having already passed exams toward their CCNP Security will receive appropriate credit as though they had taken the equivalent new exam(s).

The Changes

To get a clear picture of the program changes I have created a comparison of the previous and now current courses and exams.

CCNP Security Old vs New
As mentioned, CCNP Security candidates who have taken previous exams will not need to retake the equivalent current exam or exams. Cisco will give the appropriate credit toward the revised CCNP Security certification. Those currently preparing for an exam should realize that the previous exams will not be available after the date noted on the testing information area of the Cisco Learning Network. In at least some cases, these exams appear to have the last test date of April 21, 2014. So it is apparent that Cisco is very aggressively moving candidates to the new curriculum.

The Good

While this announcements includes significant changes, the intent of the program seems consistent with previous goals for the CCNP Security program. Those successful in fulfilling the requirements for the program have demonstrated proficiency as it relates to securing networked resources with Cisco solutions. This includes routers, switches, Firewalls, VPN, and content filtering appliances.

Based on each of the new exam blueprints, I think the new courses actually align a little closer to typical job roles found in an enterprise environment. This is in comparison to the previous courses that seem to align a little more closely with devices and products than roles. This becomes more obvious as a deeper look is taken into each of the exam blueprints.

CCNP Security Major Focus

When comparing the old and new blueprints, it is apparent that some of the topics that were migrated from SECURE to SENSS (the new FIREWALL). Others items have been migrated to SIMOS (the new VPN). This results in the filtering of transit traffic all being covered in one course, regardless of what device is being used. Likewise all VPN combinations seem to be covered in the single course called SIMOS.

This allows SISAS (the new, but quite different SECURE) to go much deeper into things like AAA, identity management and posturing. Therefore it covers many relevant issues found as enterprises adopt internal mobility and address challenging BYOD initiatives.

Another significant change is the migration from IPS to SITCS. The new course is much broader and more completely covers the solutions used to perform complex application level security. By covering ASA CX, Cloud Web Security, Ironport (ESA and WSA), and IPS, SITCS covers most forms of Cisco application layer protection and deep packet inspection.

The Bad

We’ve probably lost a few technologies in the program change. While I’ve not yet had an opportunity to compare the official course materials, I don’t immediately see anything that looks to include zone-based firewalls for IOS in the new blueprint. While it’s less relevant, I also don’t see any mention of traditional remote access VPNs (EZVPN). This is a natural progression in the evolution of technology and is only really bad if it is still found in a given environment.

One other thing I notice is that it will be more difficult to purchase a lab incrementally. Based on the blueprint, I believe that both SENSS and SIMOS will require routers, switches and firewalls at a minimum. SITCS and SISAS are even more challenging and expensive to build a lab for. So unless Cisco announces a solution with VIRL/CML or Cisco Learning Labs, I think individual preparation may require lab rentals.

The Ugly

While I believe there are some significant changes to the CCNP Security, I believe these changes are positive. While it is completely cosmetic, I find the new acronyms challenging and something that will have to be memorized by those they pertain to. Without prior knowledge, it was much easier for me to guess what was covered in FIREWALL than in the new SENSS course. So to have conversations around this program, I may need to keep a cheat sheet around so I can differentiate between SENS, SITCS, SISAS and SIMOS. In fairness, there may not be an easy way to create self explanatory short names for these. This problem likely arose when the content was aligned with function, as opposed to devices.


The CCNP Security program was starting to get a little long in the tooth. Having realized the need to more completely cover security solutions that are relevant today, Cisco revamped this program. Like the continual change in our industry, this program change is more evolutionary than revolutionary. I certainly think the changes are steps in the right direction, a commitment to the program, and should not be dreaded or feared by candidates.

More information can be found on the Cisco Learning Network

Disclaimer—I am a Cisco certified and participate as a Designated VIP on the Cisco Learning Network. I wrote this article without compensation or requirement to do so. The thoughts and opinions expressed are my own and accurately reflect my views on the CCNP Security Program.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Career. Bookmark the permalink.

10 Responses to First Look at the CCNP Security Refresh

  1. Chris Carr says:

    Unfortunately, they’re also retiring the Security Specialist certs. So, after April 21 you will no longer get a cert (assuming you started with SECURE) for each exam passed.

    • I did notice several specializations being retired. My CCSP also met that same fate. I also noticed a specialization I hadn’t seen before (Cybersecurity Specialist). I need to dig into this area and educate myself on all of those expiring certifications and specialization changes. Thanks for sharing.

  2. Hi Paul,

    I welcome the new syllabus – the topics are much more aligned with what I see in my customer’s networks.

    It would be nice to have the training resources already in place when the announcement is made. After all the technologies and products being covered are all well-established. It puts folks who are partway through the CCNP Security (like me ) in the position of either hurrying up to squeeze in the remaining exams before the April cutoff or wait until summer when new certification guides and course offerings are developed and released.

    • I agree on all accounts. I don’t see what happens on the backend, but I do think it would be nice to bring the books and courses forward when the announcements are made.

      • Richard Wager says:


        I have recently passed the Secure and Firewall exams. It is unlikely that I will have an opportunity to sit either of the remaining IPS or VPN exams before 21st April and don’t really want to sit around till the Summer waiting for Cisco to bring out the new study guides.

        I am thinking of working my way through the guides on one of the remaining old exams in readiness for the new books. From what you have seen of the new syllabus which of the IPS or VPN exams has more content included in the new SITCS or SIMOS exam? Do you have an alternative suggestion of how best to prepare for these new exams before the official books are released?

      • Richard,

        That is a very good question. In my opinion, IPS to SITCS is a major change. There would probably be quite a bit more consistency between VPN and SIMOS. Sorry for the delay in response.

        You might also reach out to @brandoncarroll on twitter. He’d likely have a valuable opinion on this change too.

  3. Richard Wager says:

    Thanks for the advice.The impression I have is that there will be a lot more new stuff bundled into the SITCS whereas the SIMOS appears to be more of an upgrade with a few new bells and whistles bolted on.

    It does seem illogical to introduce an exam months before the course notes have been written but Cisco have been doing this for years. It will be interesting to see how things pan out as far as labs are concerned, there is only so much you can achieve with simulation software and lab rental may be the next step, certainly for the SITCS.

  4. Dave Wolfendale says:

    Being something of a cynic , I consider that many people were taking the ASA related certifications and also the IPS .
    I have tried to get on a Secure course in the UK and they would not run because of not enough interest.
    If one had the specialist certifications , the CCNP criteria was met in those technologies.
    I liked the idea that I could take a course / certification that was relevant to the equipment that was being used.
    I do not know of anybody using IOS firewalls !

    On the other hand , Mr Cisco was probably bothered that nobody was paying to attend the Secure course. I wonder how much of the annual turnover is from education / certification?

    Dave Wolfy.

  5. Eric says:

    Paul, thanks for identifying the impacts of the CCNP Security Refresh.

    Of most concern to me is this:
    “…So unless Cisco announces a solution with VIRL/CML or Cisco Learning Labs, I think individual preparation may require lab rentals….”.

    I currently have a CCNP R&S, and have just passed CCNA Security. Until this time, I was able to get “lab practice” using GNS3. However, with CCNA Security, I had issues getting ASA 5505 to work reliably in GNS3 and therefore I had concluded that I would need to buy a couple of ASAs and an IPS on ebay to build a home lab. I am glad I came across your post. I now realize that even buying these ASAs and IPS will not be enough for the whole of the new CCNP Security track. I do not have the opportunity to work on any cisco gear at my work place. So lab rental remains by only option.

    I am looking for some info about rack rentals since I had not used them before. I did a google search on “ccnp security rack rental” but almost of the search results are about “ccie rack rental”. From what I’ve read on the rental websites, I gather that their hardware is wired per a particular CCIE topology and then they sell CCIE lab training exercises/manuals separately to be used on their rental rack. So I am now concerned about how easy it will be for me to use the CCIE topology for the CCNP Security studies. And more importantly, in addition to the rack rental time, will I also need to purchase the vendor’s “CCIE lab training exercise/manuals” just so that I can use the rack effectively. Is there a “CCNP Security” specific rack rental anywhere?



  6. says:

    Thanks for great post.

Comments are closed.