Tag Archives: CCIE

Repetition Without Repetition

Posted on by
Reply

I just finished spending a wonderful week at Cisco Live EMEA and getting to catch up with some of the best people in the industry. I got to chat with trainers like Orhan Ergun and David Bombal and see how they’re continuing to embrace the need for people in the networking community to gain knowledge and training. It also made me think about a concept I recently heard about that turns out to be a perfect analogy to my training philosophy even though it’s almost 70 years old.

Practice Makes Perfect

Repetition without repetition. The idea seems like a tautology at first. How can I repeat something without repeating it. I’m sure that the people in 1967 that picked up the book by Soviet neurophysiologist Nikolai Aleksandrovitsch Bernstein were just as confused. Why should you do things over and over again if not to get good at performing the task or learning the skill?

The key in this research from Bernstein lay in how the practice happens. In this particular case he looked at blacksmiths to see how they used hammers to strike the pieces they were working on. The most accurate of his test subjects didn’t just perform the same movements over and over again. Instead, they had some variability in their skill that allowed them to be more accurate or efficient over time. They weren’t just going through the motions, as it were. They were adapting their motions to the need at the moment. This allowed them to adjust their aim if the piece had moved or needed a lighter touch in an area that was thinned too quickly.

Bernstein said this about the way that the blacksmiths practiced their art:

“The process of practice towards the achievement of new motor habits essentially consists in the gradual success of a search for optimal motor solutions to the appropriate problems. Because of this, practice, when properly undertaken, does not consist in repeating the means of solution of a motor problem time after time, but in the process of solving this problem again and again by techniques which we changed and perfected from repetition to repetition. It is already apparent here that, in many cases, ‘practice is a particular type of repetition without repetition’…”

The quote above illustrates a big shift in thinking for people who play sports or perform some kind of task. Instead of merely repeating the movements over and over again until perfection (the ‘means of the solution’) you should instead focus on solving the problem over and over again and adapting your skill to that end. It sounds silly and somewhat pedantic, but the key is in the shift of thinking. For basketball players, it’s not about perfecting your spin move to get around a defender. It’s about understanding the need to get around the defender and how best to accomplish that for different kinds of people defending you.

Avoiding Autopilot

Most of the content you’ll see around the concept of repetition without repetition is for sports players practicing skills. However, I think the concept extends perfectly to the IT certification space and troubleshooting skillset as well. There are a number of important things that we need to learn in order to do our jobs or earn a specialization but we need to remember that the goal is to solve problems and show mastery, not to memorize commands and perform them like a simple batch file.

Here’s a perfect example that I’m very guilty of doing. When you log into a Cisco router to do something, what do you normally do first when you get to the CLI prompt? You almost always need to be in privileged EXEC mode, right? That’s the enable command. When we want to configure something on the router we usually have to be in the router configuration mode, which is the configure terminal command. So far, so good, right? Most of you have already picked up on the fact that you can shorten those commands to save time typing out the whole name, which is an important skill to have when you’re configuring a series of devices or trying to do it in a short timeframe. So enable, configure terminal instead becomes en, conf t. It’s like muscle memory at this point.

How many times have you logged into router to check the routing table and accidentally typed in en, conf t from muscle memory only to remember that the routing table has to be displayed from EXEC mode, not configuration mode? You chide yourself for typing in conf t and back out to look at the table. But what you’ve really done is shown the power and drawbacks of repetition. If you spend hours upon hours typing in the same commands over and over again you will type them in the same way every time. So much so, in fact, that you forget that you’re doing it until you realize you put something in that you shouldn’t. You knew when you logged in that you wanted to display the routing table. You knew that was available in EXEC mode. And yet your brain and fingers automatically typed the same commends you always type when you log into the router.

The idea of repetition without repetition says that we need to consider the how of solving a problem and the skills needed above and beyond the simple skills themselves. Sure, there may only be one or two commands the achieve a desired output or effect but we should know how the both impact the performance of the device or how they can impact the outcome of a situation. This is especially important for exams that like to restrict your ability to use specific commands or are written to direct you in a specific line of thinking. Anyone who has ever taken the CCIE lab exam knows how this works. They restrict you from using common commands or give you a question with two possible answers only to limit that to one with a later requirement. The test asks you to configure something in an earlier section and then gives you a task that can undo that configuration if you’re not aware of how it interacts with everything else. If you’ve ever created a routing redistribution loop on accident you know what that feels like.

The Indictment of AI

In a way, repetition without repetition is the key of what makes a person an apt problem solver. By approaching problems with a mindset and not just a skillset you open your world to new possibilities and considerations. You know there is more than one way to skin a cat, as the old saying goes. You’re smarter than an artificial intelligence, which only works within a set of bounds with skills and apparent intelligence that repeats what it’s told or uses a very narrow focus every time to provide consistent results.

Computer programs and algorithms are dumb because they will solve the problem the same way each time they are executed. People will solve the problem and then start analyzing the results to find new, better, and faster ways to implement solutions. That’s the heart of learning. It’s not just performing the subtasks of the skill to perfection every time. It’s about learning how to implement them in a better way each time and arrive at better solutions to problems with the variables are changed. It’s why the human mind that has been adapted for centuries and millennia to look for patterns can be tricked into adapting those patterns to new concepts and made to “grow up” by learning over time to adjust to new inputs or fresh data. That, more than anything, is why repetition without repetition makes us better than the AI we’re programming to eclipse us.

Tom’s Take

When I first heard of this concept I thought it was some new idea from sports science that was borne from modern research techniques. I was shocked to learn it was discovered before I was born and has roots in some of the oldest trades we can think of. What it proves is that the human mind and body are very wonderful things that react perfectly when challenged in the right way. The brain will adapt and overcome when presented with new inputs. The way we grow and improve ourselves is not wrote memorization or continuous skill repetition. Instead, if we internalize the importance of the outcome over the means of getting there we will find ourselves smarter and more able to be flexible when new challenges come our way.

Overcoming the Wall

Posted on by
Reply

I was watching a Youtube video this week that had a great quote. The creator was talking about sanding a woodworking project and said something about how much it needed to be sanded.

Whenever you think you’re done, that’s when you’ve just started.

That statement really resonated with me. I’ve found that it’s far too easy to think you’re finished with something right about the time you really need to hunker down and put in extra effort. In running they call it “hitting the wall” and it usually marks the point when your body is out of energy. There’s often another wall you hit mentally before you get there, though, and that’s the one that needs to be overcome with some tenacity.

The Looming Rise

If your brain is like mine you don’t like belaboring something. The mind craves completion and resolution. Once you’ve solved a problem it’s done and finished. No need to continue on with it once you’ve reached a point where it’s good enough. Time to move on to something else that’s new and exciting and a source of dopamine.

However, that feeling of being done with something early on is often a false sense of completion. I learned that the hard way when I was studying for my CCIE. Every question has an answer. Some questions have a couple of different answers. However, knowing the correct answer isn’t the same as knowing all the incorrect answers. Why would I want to take the time to learn all the wrong things instead of just learning what’s right and moving on to the next topic?

The reason to keep going even after you know what’s right is to recognize what the wrong thing looks like. When studying you’re often confronted with suboptimal situations or, especially with the CCIE, put into positions where you can make mistakes that will lead to disaster if you don’t recognize the pitfalls early. Maybe it’s creating a routing loop. It could be a choice between two methods of configuration that really only has one correct answer if you know why the other one will cause problems.

Persevering through that mental wall that says “you’ve done enough” is important because the extra value you gain when you do is critical to understand the myriad ways that something can be broken. It’s not enough to know it’s not right. You have to recognize what isn’t right about it. That kind of understanding can come from practice experience, like making the mistake, or through careful study in controlled situations like learning all the wrong ways to work the problem.

The Challenging Ascent

Getting over that wall isn’t easy. Your brain doesn’t want to struggle past the right way to do things. It craves challenge and novelty. You’re going to have to work against your better nature to get to a point where you’re past the wall. Don’t be afraid to lie to yourself to get where you need to be.

When running I will trick myself when I hit my mental wall by saying “one more song” or “one more block” when I’m ready to give up. The idea that I can make it a short distance or short amount of time is comforting to my brain when it wants to stop. And by tricking it I can often push a little harder to another song or two more blocks before I get completely over the wall and have the mental toughness to continue.

Likewise, when you’re studying and you’ve found the correct answer you need to push yourself to find one incorrect way at first. Maybe a second. If it’s something that has configurable settings you should investigate a few wrong values to figure out what happens when things are outside of bounds or when they’re just a little bit off. Maybe convince yourself to figure out two or three and write down the results. If one of them ends up being really interesting it could spark you to do more investigation to find out what caused that particular outcome.

You’ll find that you can get past your mental blocks much easier with tricks like that. More importantly, you’ll also find that you can get them to pop up faster and be overcome with less effort as you understand when they happen. If you’ve ever sat down to study something and your brain immediately wants to give up you know that the wall is right in front of you. How you overcome it can mean the difference between truly understanding a topic and just knowing enough about the answer to regurgitate it later.

Tom’s Take

As always, your mileage may vary with skills like these. I’d wager that most people do hit a wall whether it’s running or doing math or studying the intricacies of how OSPF works over non-broadcast networks. Don’t settle for your brain telling you that you’re done. Seek to really put in the work and understand what’s going on. Write everything down so you know what you’ve discovered. And when that wall seems like it’s too high to climb just whisper to yourself you’re going to climb another foot. And then another. And pretty soon you’ll be over and in the clear.

The Power of Continuing Education on Certifications

Posted on by
Reply

I’m about six months away from recertifying my CCIE and even though I could just go Emeritus now I’m working on completing some continuing education at the end of the year to push it out another three years. I am once again very thankful that Cisco has this as an option instead of taking a test over and over again as the only option to renew my certifications.

As I embark on another journey to keep myself current in the networking community, I realize that the flexibility that education credits offer is more important that just passing a test or learning a new skill. Employers should also be thrilled that knowledge workers have the ability to work on other skills and be recognized for them. Because there are two different paths that this can lead to.

To Be The Best

One of the things that most professionals recognize with continuing education is that you can leverage your skills to race through things. If you’re already an expert at something like BGP or spanning tree why not take courses to improve the depth of your knowledge? This is part of the reason why there are a number of double CCIEs that have Routing and Switching and Service Provider. The skill sets have a big overlap which makes the additional study to pass the other relatively painless.

Taking pride in practicing the same skill set over and over again is something we traditionally associate with athletes and other skill positions. It is a very valid way of showing everyone that you truly are an expert at your craft. Knowing every nuance of the protocol or understanding it to a degree not possessed by anyone else is a real accomplishment. The value you gain in troubleshooting situations is unmatched. It’s easy to become the authoritative source on something because you’ve literally studied every piece of material on it and you know it inside out.

The downside of this kind of approach is that you naturally gravitate toward being an expert on exactly one or two things. Like a cake baker you are great at making one specific kind of thing. You may have more than enough work to keep you occupied for years but if the market shifts you may find yourself in trouble. The deep learning method works with technology that doesn’t get superseded quickly. IP routing is here to stay but we also said the same thing about traditional telephony and FORTRAN. Those may still exist in some form today and the experts are still needed to make them work but they aren’t nearly as big as they used to be.

Covering the Rest

The opposite of a deep expert is one that has a wide breadth of knowledge. This is the area where I feel a continuous learning program really shines. That’s because access to knowledge outside of your specific discipline can be hard to come by without help. Having a list of approved courses for a CE portal steers you in a good direction to take advantage of these offerings.

I remember telling people that I knew I was starting to gain on my knowledge and certification journey when I stopped finding the books I needed at the local book store. That’s absolutely true for those that are trying to reach the pinnacle of their specific skill set. However, those basic books are great to jump into an area you may not be familiar with.

You may think that you can spend your time studying and practicing and getting expert skill levels in a few key areas but you also need to realize that things can shift. Networking professionals today also need to understand programming and cloud and many other aspects of enterprise IT. It’s not even a case that knowing how to use those things is just easier. Instead it’s a case of requiring knowledge in those areas to understand how they interact so you can build more complete systems. You might be able to work on technology with a specific skill set but you won’t be able to work on anything new if you don’t know how all the parts work together.

You may not like the idea of studying lots of different areas of knowledge and that’s totally fine. But if you don’t at least understand that some knowledge of other areas is needed you’re going to find yourself opting out of many opportunities to work on things that are going to be important later.

Tom’s Take

You can choose to be the deep expert or the designer with breadth. The important thing is that the choice is yours thanks to the foresight of companies that embrace a model of learning over regurgitation. If you want to pick up new skills and get credit for them you can. If you’d prefer to be the best at a given discipline then the world is your oyster. No matter what you have the ability to make a choice that isn’t studying for a test every couple of years that doesn’t expand your knowledge. To me, the real value of a CE program is how it makes us all better.

Certification Comfort Food

Posted on by
Reply

I’m a big fan of comfort food. Maybe more than I should be. The idea of something simple and tasty just hits the right spot a lot of time, especially when I’m stressed or don’t have time to do something more involved. I know I really need to be better about cooking but you can’t beat a quick meal that uses something simple and gets the job done, right?

Now, before you ask yourself what I’m on about this week, I want you to think about that analogy in terms of certifications and learning. When we’re starting out in the industry or we’re learning a new skill we have to pick up basic ideas. The more advanced or radical the technology the more we need the kinds of explanations that make the concepts simple to understand. We need the equivalent of learning comfort food. Simple, digestible, and easy to prepare.

Climbing the Ladder

As our skills improve we have the choice to continue on and develop our capabilities to greater depths. Perhaps we want to learn everything there is to know about BGP and policies. We could even parlay that networking knowledge into new adjacencies that build on our skill sets. We also have the option of staying in the basic level and honing those skills. Instead of learning VXLAN we could spend a thousand hours practicing all the ways that you can configure a VLAN.

Which way is right? Is there a need to make a choice? People are going to feel more comfortable doing one thing over the other in almost every case. If you’re like me you want to get to the bottom of every mystery and explore every nuance of something. Once you figure it out you’re going to want to move on to the next hard problem to solve. You become a voracious reader and consumer of knowledge and before you know it you’ve run out of things to consume. It’s partially the reason why I’ve been such a prolific writer for the past twelve years. I’ve been creating the content that I wanted to consume so others can benefit.

The other side of the choice is being content with the skills you have. This is in no way a negative thing. Not everyone that cooks needs to be a four star chef that makes perfect risotto and Beef Wellington every time. There is a place for everyone that learns enough to accomplish their goals and decides that is enough for them. If the above option is the “pull” model where one is trying to pull in new knowledge as fast as possible then this is the “push” version where people must be pushed to learn additional things. Your company might move to cloud and that would facilitate a need to pick up cloud operations skills to complement the ones you have for the network or the virtualization cluster. You’re not actively seeking the knowledge until it’s needed.

Boiling the Mudpuddle

It’s all well and good when you can recognize which type of learner you are. It’s also important to know where your resources are aimed. If your top destinations for content are part of the “push” model and aim at a lower level when you’re someone that wants to grow and investigate new areas you’re going to hit a wall eventually and sour on them.

A personal story for me comes when I was racing through my certification journey in the early part of my career. Once I started with Cisco I was consuming books left and right. Every time I went into the book store I picked up a new tome to teach me more about routing or remote access networks or even firewalls. I would consume that content whenever I could and apply those lessons to my job or my certification process. Eventually I knew I was reaching a limit because there were fewer and fewer books in the bookstore that taught me things I wanted to know. It made me realize there is a target market for these resources.

Things like certification guides are aimed at a wide market. They want to teach skills to the widest possible audience. Not everyone needs to know the ins and outs of EVPN but most everyone in networking needs to know how a switch forwards frames. If you want to sell the most books which would you write about? You’d write the one that covers the most people. It’s a reality of the market. Content for the entry level and the broadest group sells the best. In today’s world the book has been replaced by the blog and the YouTube channel.

As mentioned, I started my blogging career because of the above bookstore issue. Once I started learning things that weren’t in every book I wanted to share those ideas. That got me to Tech Field Day and eventually to different things. It also made me realize that while my content may never have hundreds of thousands of readers for every post it would serve people that needed to find those lessons or understand those topics in a depth that was beyond a paragraph or two in a 400-page encyclopedia of terminology.

To me, the certification comfort food is that entry-level content. It’s always going to be there. It’s simple to write about, especially when you have good analogies to frame new concepts for people. It’s tasty when you’re starving. And you can make a very good living doing it. But if you’re the kind of person that wants to try new tastes and break away from the comfort and ease you’re going to need to figure out your own path. You need to experiment and make mistakes and struggle to conceptualize what you’re talking about. You need to expand your horizons and do new things and then tell the world how you did it. Like a recipe blog or TikTok channel for cooking you’re going to need to put your crazy ideas out there and see how it goes.

Tom’s Take

There are a lot of great creators out there that have made a very good place for themselves teaching newcomers the basics of how things work. I applaud them and wish them nothing but success. I also know that’s not for me. I started writing about my CCIE studies and the challenges I was solving the real world. Now I write about the state of the market or the changing of tech or how to build and lead teams. It’s very representative of my journey as well as the journeys of those in the community that I talk to. My very nature won’t let me stay in a little bubble and create the same things in new ways. I’m going to push the envelope and explore new things. It means I might not land in everyone’s top list but it also means I won’t be bored. Why be mac-n-cheese when I really need to be risotto?

Backing Up the Dump Truck

Posted on by
1

Hello Ellen,

 

I have received a number of these spam messages over the past few weeks and I had hoped they would eventually taper off. However, it doesn’t appear that is the case. So I’ll take the direct approach.

 

I’m a member of the CCIE Advisory Council. Which means I am obligated to report any and all attempts to infringe upon the integrity of the exam. As you have seen fit to continue to email me to link to your site to promote your test dumps I think you should be aware that I will be reporting you to the CCIE team.

 

Good luck in your future endeavors after they shut you down for violating their exam terms and conditions. And do not email me again.

That’s an actual email that I sent TODAY to someone (who probably isn’t really named Ellen) that has been spamming me to link to their CCIE dump site. The spam is all the same. They really enjoy reading a random page on my site, usually some index page picked up by a crawler. They want me to insure a link to their site which is a brain dump site for CCIE materials, judging by the URL I refuse to click on. They say that if I am not interested that I should just ignore it, which I have been doing for the past two months. And that brings us to today.

Setting the Record Straight

Obviously, the company above is just spamming any and all people with reputable blogs to help build link credibility. It’s not a new scam but one that is pervasive in the industry. It’s one of the reasons why I try to be careful about which links I include in my posts. And I never accept money or sponsorship to link to something. Where appropriate I include information about disclosures and such.

What makes this especially hilarious is that I’m a pretty public member of the CCIE Advisory Council. I’ve been a part of it for almost three years at this point. You would think someone would have a little bit of logic in their system to figure this out. That’s like sending a pirated copy of an ebook to the author. Maybe revenue is down and they need to expand. Maybe they’re looking for popular networking bloggers. Who knows? Maybe they really like poking bears.

What is certain is that I wanted everyone to know that this goes on. And that I’m going to do something about it at the very least. I will report this person’s site, which I will not link to since it won’t be up much longer, and ensure that this crap stops. It’s not just the annoying spam. It’s the fact that they can be this brazen about looking for link karma for a dump site from someone that has the most investment in not having dumps out there.

Don’t buy dumps. You’re not doing yourself any favors. Learn the material. Learn the process. Learn why things work. When you do this you learn how to handle situations and all their permutations. You don’t just think that the answer to a routing protocol redistribution problem is just “B”. You should check out any reputable CCIE training vendor out there first. It’s going to cost you more than the dumps but you’re getting more for your money. Trust me on that.

Moreover, if you get these kinds of emails as a writer or podcaster, don’t accept them. By linking back to these sites you’re adding a portion of your clout and goodwill to them. When (and it’s always when) they get shut down, you take a hit from being associated with them. Don’t even give them the time of day. I had been ignoring this spam for quite a while in the hopes that this group would get the picture, especially based on their text that says ignoring it would make it go away. Alas for them, they pushed one time too many and found themselves on the wrong side of a poked bear.

Tom’s Take

Okay, rant over. This is stuff that just rubs me the wrong way. Not only because they don’t take silence for a hint but because they’re just trading on the good name of other networking bloggers in the hopes of making a few quick bucks before getting shut down and moving on to the next enterprise. I’m going to push back on this one. And the next one and the one after that. It may not amount to much in the long run but maybe it’s the start of something.

A Decade of CCIE Certification

Posted on by
2

I was notified this week that I’m eligible for the 10-year CCIE plaque. Which means that it’s been a decade since I walked out of Cisco’s Building C in San Jose with a new number and a different outlook on my networking career. The cliche is that “so many things have changed” since that day and it’s absolutely accurate because the only constant in life is change.

Labbing On the Road

I think the first thing that makes me think about the passage of time since my certification is the fact that the lab where I took the exam no longer exists. Building C was sold to the company that owns and operates the San Francisco 49ers stadium just down Tasman drive from the old letter buildings. Those real estate locations were much more valuable to the NFL than to Cisco. I can’t even really go and visit my old stomping grounds any more because the buildings were gutted, renovated, and offered to other operations that aren’t from Cisco.

Now, you don’t even go to San Jose or RTP for the lab. Three years ago the labs in the US moved to Richardson, TX. The central aspect of the location is pretty appealing when you think about it. A part of me wishes I would have had the opportunity to take the lab there since I wouldn’t have to jump on a plane and burn three days of my work schedule. The costs of my lab attempts would have been a lot less if I only had to drive down for one night in a hotel and got to come back and sleep in my bed that same night. I realize that it’s equally inconvenient for people to need to fly to the middle of the country when they used to be closer to the lab when it was on either coast. However, real estate in RTP and San Jose is beyond crazy when it comes to price. Moving the lab to somewhere more reasonable means Cisco is getting value out of their buildings elsewhere.

The mobile lab is another aspect of the changes in the CCIE certification program that are a welcome change. By putting the lab on the road and giving people in countries far away from a lab location the opportunity to get certified the program can continue to be relevant. This is due in large part to the changes in the lab that allow a large part of it to be virtualized or operated remotely from a rack located somewhere else. I remember starting my lab studies and thinking to myself that the rack that I was working on was just across the room. Not that there was much that I could do about it. The idea that there could be something going on that was just out of my reach was an itch I had to get over. Today, you would never even start to believe that you had a hardware issue in your lab because of the streamlining of the process. That can only happen when you optimize your offerings to the point where you can just virtualize the whole thing.

The Next Ten Years

Right now, I still have a year to go on my certification before I have to make the decision to keep it current or go to Emeritus retirement. My role on the CCIE Advisory council doesn’t matter either way. I’m likely going to just go Emeritus when the opportunity presents itself because I don’t use those lab skills every day. I’m not configuring BGP filter lists and port channels like I used to. The technical skills that I honed in Building C serve me more now to understand technology at an architecture level. I can see how people are using tools to solve problems and offer commentary when they are making poor decisions or when a better protocol exists.

The CCIE itself is still a very valuable certification to hold and study for. IT certification on the whole has been trending away from being the gold standard for hiring. Cloud and DevOps focus more on skills instead of papers hanging on a wall. However, operations teams still need ways to differentiate their people. If nothing else the CCIE is a great forcing function for you to figure out how deeply into networking you really want to get. It’s not enough to be curious about BGP or Frame Relay and traffic shaping QoS. You have to understand it at a level that would bore most others to tears. If you’re not prepared to know the minutia of a protocol the way that some people memorize batting averages or random movie trivia than you might not be up for this particular challenge.

The CCIE also isn’t going away any time soon. I remarked to someone the other day that the CCIE is a technology bellweather. I can remember the clamor to introduce the “new” SDN changes into the program so many years ago. I also chuckle when I think about the CCIE OpenFlow that more than a couple of people proposed. The certification program exists to refine and highlight the technology solutions that people are using today. It’s not a sneak peak at things that might be important later on in life. Think about how long it took for them to remove ISDN, ATM, and even frame relay from the test. And even frame relay was debated heavily because more than a few claimed they still used it in production.

The CCIE is a testament to the way that people study for and build networks at a high level. It’s not a cool badge to keep on your list like a hunting trophy. It’s a testament to the commitment that it takes to attain something like that. The JNCIE and the VCDX are much the same. They represent an investment of time and energy into something that proves your capabilities. More than any other certification, the CCIE challenges people. It creates study habits and builds communities. It makes people ask themselves hard questions about desire and commitment and helps the best rise to the occasion. It’s more than just a certification.

Tom’s Take

I wouldn’t change a thing about my CCIE journey. I learned as much from the failures as I did from the success. The opportunities afforded to me because of that number have been immeasurable. But through it all I realized that the process of getting my lab has helped shape me into who I am today. A decade past late night study sessions and soul-crushing failures I know that it was all worth it because it helped me take technology more seriously and form the habits and process that have served me well from then on. I’m happy to get the new plaque that marks me as a veteran of the lab plus ten years. My status as a CCIE might pass into Emeritus but the lessons I learned along the way will always be there.

Iron Chef: Certification Edition

Posted on by
6

My friend Joshua Williams (@802DotMe) texted me today with a great quote that I wanted to share with you that made me think about certifications:

You’ve probably already thought through this extensively, and maybe even written about it, but after sitting through another 8 hour practical exam yesterday I’m more convinced than ever that expert level exams from technical companies are more analogous to a gimmicky Food Network TV show than real world application of technical acumen. They don’t care so much about my skill level as they do about what kind of meal I can prepare in 30 minutes using Tialapia, grapes, and Dr. Pepper syrup with my salt shaker taken away halfway through.

I laughed because it’s true. And then I thought about it more and realized he’s way more than right. We know for a fact that companies love to increase the level of challenge in their exams from novice to expert. It’s a way to weed out the people that aren’t committed to learning about something. However, as the questions and tasks get harder it becomes much more difficult to get a good sense of how candidates are going to perform.

Boiling Water Isn’t Hard?

When you look at something like the CCNA, they’re trying to make sure you know how networks actually work. The simulations and lab exercises are pretty basic. Can you configure RIP correctly? Do you know the command to enable a switch port? There isn’t a need to get crazy with it. Using Joshua’s analogy from above, it’s not unlike a show like Worst Cooks in America, where the basics are the challenge that needs to be overcome. Not everyone is a superstar chef. Sometimes getting the building blocks right is more than half the battle.

As you move up the ladder, the learning gets harder. You dive deep into protocols and see how technologies build on each other. You need to configure BGP, but you also need to have some kind of other IGP running to distribute the routes. You need to remember that this spice goes in while the dish is cooking and this other goes on at the end so the flavor isn’t destroyed. I would liken this to a “fun” challenge cooking show, where the expert Food Network Chef faces off against someone that isn’t in the food business at a high professional level. Maybe they run a diner or are a short-order cook in a hotel restaurant. They aren’t looking to create their own signature dish. They know enough to cook what tastes good. But ask them to make hollandaise sauce or make pufferfish sashimi and they’re out.

Which brings us to the highest level of learning. The expert certification tracks. These are the crowing achievements of a career. They are the level that you have to be at to prove you know the technology inside and out. How do you test that, exactly? Microsoft had a great way of doing it back in the day with some of the mastery programs. You went to Redmond and you spent a couple of months learning the technology with the people that wrote it. It was very similar to a doctor’s internship in a hospital. You did the work with people that knew what you needed to know. They corrected you and helped you grown your knowledge. Even though you were an expert you understood what needed to be done and how to get there. At the end you took an exam to cover what you had learned and you earned your mastery.

Other certification programs don’t do that. Instead, they try to trip you up with tricky scenarios and make you make mistakes if you’re not paying attention. This is the Iron Chef round. You know your stuff, eh? Face off against this hard challenge. And by the way, here’s your curveball: You have to use this crazy extra ingredient. A show like Chopped does this a lot too. You need to make a meal using chicken, soy sauce, and candy corn. Are they testing your ability to prepare food? Or trying to figure out how creative you can be with a set of constraints that don’t make sense?

Ala Config!

The theory behind this kind of challenge is sound on paper. You never know what you’re going to walk into and what you’ll be forced to fix. I’ve had some real interesting problems that I’ve needed to solve over my career. But in every crazy case I never had to deal with the kinds of constrained setups that you get in lab-based exams. Configure this protocol, but don’t use these options. Make this connection work this way using one of these options but know that picking the wrong one will wreck your configuration in about two hours. Make trout-flavored ice cream. You name it and it’s a huge challenge for no good reason.

In theory, this is a great way to challenge your experts. In practice, it’s silly because you’re putting up barriers they will never see. Worse yet, you force them to start looking for the crazy constraints that don’t exist. One of my favorites is the overarching constraint in the CCIE lab that you are not allowed to use a static route to anything unless explicitly allowed in the question. Why? Because static routes don’t scale? Because they create administrative overhead? Or is it because a single static route fixes the problem and doesn’t require you to spend an hour tagging routes when redistribution happens? Static routes cut the Gordian Knot in the lab. So they can’t be allowed. Because that would make things too easy.

Tom’s Take

We need to move away from trivia and Iron Chef-style certifications. Instead of making our people dependent on silly tricks or restricting them from specific tools in their kit, we need to ensure their knowledge is at the right level. You would never ask a chef to cook an entire meal and not be able to use a saucepan. Why would you take away things like static routes or access lists from a network engineer’s arsenal? Instead of crafting the perfect tricky scenario to trap your candidates, spend the time instead teaching them what they need to know. Because once someone learns that trout is a horrible ice cream flavor we all win.

Thanks to Josh Williams for this great post idea!

The Certification Ladder

Posted on by
Reply

Are you climbing the certification ladder? If you’re in IT the odds are good that you are. Some people are just starting out and see certifications as a way to get the knowledge they need to do their job. Others see certs as a way to get out of a job they don’t like. Still others have plenty of certifications but want to get the ones at the top of their field. This last group are the ones that I want to spend some time talking about.

Pushing The Limit

Expert-level certifications aren’t easy on purpose. They’re supposed to represent the gap between being good at something and going above and beyond. For some that involves some kind of practical test of skills like the CCIE. For others it involves a board interview process like the VCDX. Or it could even involve a combination of things like the CWNE does with board review and documentation submissions.

Expert certifications aren’t designed to be powered through in a short amount of time. That’s because it’s difficult to become an expert at something without putting in the practice time. For some tests, that means meeting some minimum requirements. You can only attempt your VCDX when you have already passed the VCAP-DCA and VCAP-DCD test, for example. Or you may have a minimum requirement of time in the industry, such as the CISSP requirement of four years in the security industry.

But, more importantly, the requirement is that you truly are an expert. How many times have you bumped into someone that has a certification that you think to yourself, “How on earth did they pass that?” It should be fairly uncommon to run into a CCIE that you feel that way about. The test is rigorous and requires everyone to pass a very similar version of the practical exam. Sure, you still run into people that say the old 2-day exam was harder. But by and large, most CCIEs have had to endure the same kind of certification requirements.

Now, what people do after they get there is an entirely different matter altogether. There are a lot of people that get to the pinnacle of their certification journey and sit there on top of their mountain. They take time to survey the lands that they now watch over and they relax. They don’t see any need in going any further. They’ve done what they came to do. And for many that’s the way to go. Congratulations on your ride.

Still others use this opportunity negatively. They expect people to kiss the brass certificate and pay deference to them because of it. This can affect almost anyone. I remember years ago back to a time when I had just gotten my CCIE lab out of the way. I was working on a proposal for a customer. We had just gotten an email from the customer asking why we didn’t include a particular switch in the design. I told our team that we didn’t need it because the requirements of the design didn’t need something that cost three times over what we recommended. The customer’s response was, “Well, this other partner guy is a CCIE and he says we need that switch.” I replied back with, “Well, I’m a CCIE too, so let’s cut that crap and talk about the hardware.”

I’m not sure how many times that person had used the “I’m a CCIE” justification for their recommendations, but it shows me that some people believe a piece of paper speaks louder than their track record. Those people are usually the ones that fall back into the pattern of “listen to me because I passed tests” not “listen to me because I did the studying”. It’s important to ascribe value to passing a test, but remember that the test is a way to prove you have knowledge. It reminds me of this scene from Tommy Boy:

Throwing up a certification as justification for a recommendation is no different that just tossing a worthless guarantee on a box. Prove you know what you’re talking about instead of just saying you do.

Exceeding Your Reach

The last type of person that climbs the certification ladder is like the one in this tweet from my friend Hank Yeomans:

https://twitter.com/HankYeomans/status/1177237065509064705

He looks at the ascent to the top of his certification ladder as a chance to do more. To build more. It’s not the end of the journey. It’s not bad to stop and look around at the new view from the top of your ladder when you’ve climbed it. But if you look at the journey as the start of something that you need to finish, you’re going to start immediately looking around to find the next thing that you need to do. Perhaps it’s learning a new technology related to the one that you just finished. Or maybe it’s that you want to figure out how to get even better at what you do.

People that never rest in their attempts to be better at the ones that ultimately change the way things are done. They don’t just accept that this is the way that things need to be. Instead, they use the top of their ladder to stretch out and see what they can reach. They realize that everything we do in life it just building on something else we’ve already done. We use Crawl, Walk, Run as a metaphor for building through a project or a process all the time. That’s because we know that you have to make steps all the time to progress. But what if someone just said, “You know what, I’ve mastered walking. I don’t need to run. All you people who only crawl listen to me because I’m better than you!” It would show how short-sighted they are when it comes to continuing the journey.

Tom’s Take

Many times, I’ve talked about the fact that I relaxed after I passed my CCIE and enjoyed not studying into the wee hours of the night. But after a while I started getting uncomfortable around 8-9pm. Because there was a little voice in the back of my head that kept telling me “You should be studying for something.” Instinctively, that voice knew that I needed to continue my journey. I would never be content resting on my laurels and I could never bring myself to use my certification as a crutch to make myself look important to others. Instead, I needed to push myself to build on what I’ve already done and make myself better. As Hank said, it’s just a foothill on a greater journey. Once you’ve learned how to use your ladder to increase your reach, even the sky isn’t the limit any longer.

The CCIE Times Are A Changing

Posted on by
6

Today is the day that the CCIE changes. A little, at least. The news hit just a little while ago that there are some changes to the way the CCIE certification and recertification process happens. Some of these are positive. Some of these are going to cause some insightful discussion. Let’s take a quick look at what’s changing and how it affects you. Note that these changes are not taking effect until February 24, 2020, which is in about 8 months.

Starting Your Engines

The first big change comes from the test that you take to get yourself ready for the lab. Historically, this has been a CCIE written exam. It’s a test of knowledge designed to make sure you’re ready to take the big lab. It’s also the test that has been used to recertify your CCIE status.

With the new change on Feb. 24th, the old CCIE written will go away. The test that is going to be used to qualify candidates to take the CCIE lab exam is the Core Technology exam from the CCNP track. The Core Technology exam in each CCNP track serves a dual purpose in the new Cisco certification program. If you’re going for your CCNP you need the Core Technology exam and one other exam from a specific list. That Core Technology exam also qualifies you to schedule a CCIE lab attempt within 18 months.

This means that the CCNP is going to get just a little harder now. Instead of taking multiple tests over routing, switching, or voice you’re going to have all those technologies lumped together into one long exam. There’s also going to be more practical questions on the Core Technologies exam. That’s great if you’re good at configuring devices. But the amount of content on the individual exam is going to increase.

Keeping The Home Fires Burning

Now that we’ve talked about qualification to take the lab exam, let’s discuss the changes to recertification. The really good news is that the Continuing Education program is expanding and giving more options for recertification.

The CCIE has always required you to recertify every two years. But if you miss your recertification date you have a one year “grace period”. Your CCIE status is suspended but you don’t lose your number until the end of the one-year period. This grace period has informally been called the “penalty box” by several people in the industry. Think of it like a time out to focus on getting your certification current.

Starting February 24, 2020, this grace period is now formalized as an extra year of certification. The CCIE will now be valid for 3 years instead of just 2. However, if you do not recertified by the end of the 3rd year, you lose your number. There is no grace period any longer. This means you need to recertify within the 3-year period.

As far as how to recertify, you now have some additional options. You can still recertify using CE credits. The amount has gone up from 100 to 120 credits to reflect the additional year that CCIEs get to recertify now. There is also a new way to recertify using a combination of CE credits and tests. You can take the Core Technologies exam and use 40 CE credits to recertify. You can also pass two Specialist exams and use 40 CE credits to recertify. This is a great way to pick up skills in a new discipline and learn new technologies. You can choose to pass a single Specialist exam and use 80 CE credits to recertify within the three-year period. This change is huge for those of us that need to recertify. It’s a great option that we don’t have today. They hybrid model offers great flexibility for those that are taking tests but also taking e-learning or classroom training.

The biggest change, however, is in the test-only option. Historically, all you needed to do is pass the CCIE written every two years to recertify. With the changes to the written exam used to qualify you to take the lab, that is no longer an option. As listed above, simply taking the Core Technologies exam is not enough. You must also take 40 CE credits.

So, what tests will recertify you? The first is the CCIE lab. If you take and pass a lab exam within the recertification period you’ll be recertified. You can also take three Specialist exams. The combination of three will qualify you for recertification. You can also take the Core Technologies exam and another professional exam to recertify. This means that passing the test required for the CCNP will recertify your CCIE. There is still one Expert-level exam that will work to recertify your CCIE – the CCDE written. Because no changes were made to the CCDE program in this project, the CCDE written exam will still recertify your CCIE.

Also, your recertification date is no longer dependent on your lab date. Historically your recert date was based on the date you took your lab. Now, it’s going to be whatever date you pass your exam or submit your CEs. The good news is this means that all your certifications are going to line up. Because your CCNA and CCNP dates have always been 3 years as well, recertifying your CCIE will sync up all your certifications to the date you recertify your CCIE. It’s a very welcome quality of life change.

Another welcome change is that there will no longer be a program fee when submitting your CE credits. As soon as you have amassed the right combination you just submit them and you’re good to go. No $300 fee. There’s also a great change for anyone that has been a CCIE for 20 years or more. If you choose to “retire” to Emeritus status you no longer have to pay the program fee. You will be a CCIE forever. Even if you are an active CCIE and you choose not to recertify after 20 years you will be automatically enrolled in the Emeritus program.

Managing Change

So, this is a big change. A single test will no longer recertify your number. You’re going to have to expand your horizons by investing in continuing education. You’re going to have to take a class or do some outside study on a new topic like wireless or security. That’s the encouragement from Cisco going forward. You’re not going to be able to just keep learning the same BGP and OSPF-related topics over and over again and hope to keep your certification relevant.

This is going to work out in favor of the people that complain the CCIE isn’t relevant to the IT world of today. Because you can learn about things like network automation and programmability and such from Cisco DevNet and have it count for CCIE recertification, you have no excuse not to bring yourself current to modern network architecture. You also have every opportunity to learn about new technologies like SD-WAN, ACI, and many other things. Increasing your knowledge takes care of keeping your CCIE status current.

Yes, you’re going to lose the ability to panic after two and a half years and cram to take a single test one or two times to reset for the next three years. You also need to be on top of your CCIE CE credits and your recert date. This means you can’t be lazy any longer and just assume you need to recertify every odd or even year. It means that your life will be easier without tons of cramming. But it means that the way things used to be aren’t going to be like that any longer.

Tom’s Take

Change is hard. But it’s inevitable. The CCIE is the most venerable certification in the networking world and one of the longest-lived certifications in the IT space. But that doesn’t mean it’s carved in stone as only being a certain way forever. The CCIE must change to stay relevant. And that means forcing CCIEs to stay relevant. The addition of the continuing education piece a couple of years ago is the biggest and best thing to happen in years. Expanding the ability for us to learn new technologies and making them eligible for us to recertify is a huge gift. What we need to do is embrace it and keep the CCIE relevant. We need to keep the people who hold those certifications relevant. Because the fastest way to fade into obscurity is to keep things the way they’ve always been.

You can find more information about all the changes in the Cisco Certification Program at http://Cisco.com/nextlevel

Home on the Palo Alto Networks Cyber Range

Posted on by
Reply

You’ve probably heard many horror stories by now about the crazy interviews that companies in Silicon Valley put you though. Sure, some of the questions are downright silly. How would I know how to weigh the moon? But the most insidious are the ones designed to look like skills tests. You may have to spend an hour optimizing a bubble sort or writing some crazy code that honestly won’t have much impact on the outcome of what you’ll be doing for the company.

Practical skills tests have always been the joy and the bane of people the world over. Many disciplines require you to have a practical examination before you can be certified. Doctors are one. The Cisco CCIE is probably the most well-known in IT. But what is the test really quizzing you on? Most people will admit that the CCIE is an imperfect representation of a network at best. It’s a test designed to get people to think about networks in different ways. But what about other disciplines? What about the ones where time is even more of the essence than it was in CCIE lab?

Red Team Go!

I was at Palo Alto Networks Ignite19 this past week and I got a chance to sit down with Pamela Warren. She’s the Director of Government and Industry Initiatives at Palo Alto Networks. She and her team have built a very interesting concept that I loved to see in action. They call it the Cyber Range.

The idea is simple enough on the surface. You take a classroom setting with some workstations and some security devices racked up in the back. You have your students log into a dashboard to a sandbox environment. Then you have your instructors at the front start throwing everything they can at the students. And you see how they respond.

The idea for the Cyber Range came out of military exercises that NATO used to run for their members. They wanted to teach their cyberwarfare people how to stop sophisticated attacks and see what their skill levels were with regards to stopping the people that could do potential harm to nation state infrastructure or worse to critical military assets during a war. Palo Alto Networks get involved in helping years ago and Pamela grew the idea into something that could be offered as a class.

Cyber Range has a couple of different levels of interaction. Level 1 is basic stuff. It’s designed to teach people how to respond to incidents and stop common exploits from happening. The students play the role of a security operations team member from a fictitious company that’s having a very bad week. You learn how to see the log files, collect forensics data, and ultimately how to identify and stop attackers across a wide range of exploits.

If Level 1 is the undergrad work, Cyber Range Level 2 is postgrad in spades. You dig into some very specific and complicated exploits, some of which have only recently been discovered. During my visit the instructors were teaching everyone about the exploits used by OilRig, a persistent group of criminals that love to steal data through things like DNS exfiltration tunnels. Level 2 of the Cyber Range takes you deep down the rabbit hole to see inside specific attacks and learn how to combat them. It’s a great way to keep up with current trends in malware and exploitive behavior.

Putting Your Money Where Your Firewall Is

To me, the most impressive part of this whole endeavor is how Palo Alto Networks realizes that security isn’t just about sitting back and watching an alert screen. It’s about knowing how to recognize the signs that something isn’t right. And it’s about putting an action plan into place as soon as that happens.

We talk a lot about automation of alerts and automated incident response. But at the end of the day we still need a human being to take a look at the information and make a decision. We can winnow that decision down to a simple Yes or No with all the software in the world but we need a brain doing the hard work after the automation and data analytics pieces give you all the information they can find.

More importantly, this kind of pressure cooker testing is a great way to learn how to spot the important things without failing in reality. Sure, we’ve heard all the horror stories about CCIE candidates that typed in debug IP packet detail on core switch in production and watched it melt down. But what about watching an attacker recon your entire enterprise and start exfiltrating data. And you being unable to stop them because you either don’t recognize the attack vector or you don’t know where to find the right info to lock everything down? That’s the value of training like the Cyber Range.

The best part for me? Palo Alto Networks will bring a Cyber Range to your facility to do the experience for your group! There are details on the page above about how to set this up, but I got a great pic of everything that’s involved here (sans tables to sit at):

How can you turn down something like this? I would have loved to put something like this on for some of my education customers back in the day!

Tom’s Take

I really wish I would have had something like the Cyber Range for myself back when I was fighting virus outbreaks and trying to tame Conficker infections. Because having a sandbox to test myself against scripted scenarios with variations run by live people beats watching a video about how to “easily” fix a problem you may never see in that form. I applaud Palo Alto Networks for their approach to teaching security to folks and I can’t wait to see how Pamela grows the Cyber Range program!

For more information about Palo Alto Networks and Cyber Range, make sure to visit http://Paloaltonetworks.com/CyberRange/