The largest value of the CCDE is to develop your mindset and to focus on solving business problems instead of just technical ones. It's not heavy on security but the same principles apply to security design as well. Of course you must have some domain knowledge to be useful as an architect but for an architect soft skills are very important.
There are many paths within security. It depends on what area of security you want to work on. Some work a lot with firewalls. Some work with policy. Some work with penetration testing. They all require different skillsets.
Thanks Daniel for your reply
For me was more important to know from design point of view where to place security appliances and which of them to choose.
My question was not really about what security track to choose.
For example where in particular cases to place firewalls, IPS'es, IDS'es, Log-collectors, VPN servers etc.
I know this is very wide area also, but there should be some best practices anyway.
Working with one or two separate domains in security probably will not add too much value to an Architect. Penetration testing probably will not fit in Architect/Design role at all.
I think here will fit probably more CISSP certification, but this certificate is also too superficial and includes things that will probably not give to an Architect too much help
Daniel, because you already got your CCDE number can I ask you for an advice on my design path?
Where you think would be better to start?
It is not a regular certificate and unlike CCIE, you don't just start on Layer 2 technologies and go up
I already collected a lot of material but the main problem is - where to start
Also, I've read some blogs and saw that architect roles also benefit from such certs (knowledge from TOGAF, CISSP, Cloud architect as AWS, etc). Do you think does it make sense to get them first before CCDE or after?
Sorry for putting so many questions but I put a very wide goal probably and still want to get there
CISSP - Not needed for DE.
TOGAF - Good to understand some concepts but not needed for DE. Personally I feel that ROI on TOGAF is pretty bad and most of it is common sense but that's just me.
AWS - Get it, but after the DE. I'm preparing for AWS SA now.
You really just need to cover the blueprint. Being an expert in some areas always helps. Ideal candidate is CCIE RS/SP in my opinion but you can certainly pass it without any CCIE as well. Just need to put more work in.
Most important thing for CCDE is to collaborate with others. Find some study partners! Good luck!
I've done some research and found out that CISSP actually is one of the choices for Network Architect path and specifically for security part
In domains Security Architecture and Engineering and Communication and Network Security is pretty a lot covered
But of course collaboration with others is the key and also interesting projects
Also what I found was that PMP is also helpful for an Architect, because most likely he will conduct multiple projects at the same time.
Related to TAGAF and ROI, what you think would be best fit then?
So for now I put in my list getting next certs
CCIE RS - done
JNCIP-SP - done (service provider even not cisco)
CCDE - in progress
CISSP - in progress
PMP - ???
TOGAF9 - ???
There are many possible ways that you can look at an architect role and the expectations
you need first to identify what type of architect you want to be
Network Architect, solutions architect, business architect etc
then you need to work on the actual expectations which is not easy as these almost always not clearly defined nor standardized across organizations
check out this blog I posted recently addressing some of these aspects which might be helpful
again you dont need to be as deep as CISSP in security unless your role will have a lot of security, or you are interested in security in specific
the same applies to all the other technologies in terms of the focus and depth of knowledge
also myself and Andre, did an discussion hosted by CLN about this topic you can watch it using the link below