Luego de adquirir las credenciales CCSA y CCSE, he dejado pasar un tiempo para incubar el conocimiento adquirido. Ahora el próximo objetivo para mediano plazo es lograr el CCMA.
CCMA, Checkpoint Certified Master Architect, es la máxima credencial que un profesional de Checkpoint pueda tener. Comparado a CCIE Security y JNCIE Security, se trata de un examen denominado hands on lab, o dicho de otra manera "un laboratorio de manos a la obra". Tiene una parte escrita cuyo código es 156-100. Consiste en un examen en VUE el cual tienes que aprobar con un mínimo de 80%. Por otra parte, el laboratorio debe solventarse en un máximo de 8 hrs, en un centro autorizado de Checkpoint (que usualmente es en Estados Unidos). El código del examen es 156-105.3.
Estoy construyendo un programa de estudio personal para realizar el examen la primera semana de Ene 2014, y el práctico para la primera semana de Mar 2014.
En una discusión en Checkpoint Experts en Linkedin, realicé la pregunta: "cómo puedo convertirme en CCMA" obtuve los siguientes comentarios:
"
MDM and VSX are must, so are VPN advanced features like VPN routing. In my time the written exam was a combination of CCSA, CCSE and CCSE+ ones, with addition of "Principles of network security" course that nobody takes. I believe you should expect more or less the same situation now.
You have to know MGMT advanced procedures such as migrations and advanced upgrades, be able to plan and deploy a complex CP solution including the products mentioned above, in addition with Eventia family and (potentially) endpoint. Aim to the latest CP version available, R76.
Now the lab exam is virtualized, so you would be able to do that from a local CP office.
Some tactics: be prepared to troubleshoot the lab before even going to perform the exam tasks. Plan more time than 8 hours for the lab, in case the initial state is not OK. Be aggressive and demand additional time from Check Point in this case. In the written exam read the question carefully. Comment ALL questions that do not make sense to you, there will be some. In general, be prepared to some painful and unpleasant experience, much tougher that passing the standard exams"
Valeri Loukine
"
Realistically, it's exactly like a JNCIE-SEC or CCIE-SEC exam. If you can find prep-guides for those and adapt them to CP-world, you'll likely be fine...
...Looking at workbooks/mock-labs for other vendors is probably the best place to start. Obviously portions of this don't apply to CP, but a lot of it does:
http://www.ine.com/self-paced/ccie-security/workbooks.htm
Something most people overlook for the CCMA is that you "absolutely" need to be able to understand advanced routing - it's not "just" security."
Craig Dods
"
I would make sure to have at the very least worked through the VSX and MDM courses. They used to be required but was removed a while back"
Fredrik Lindstrom
"I recommend you to just refresh on your CCSA, CCSE, as well as do CCMSE and CCMSE Plus VSX labs. I see you work with Check Point for already two years, but from my experience although I worked with and for Check Point for a few years, my CCMA would have never been achieved if I did not do labs day/night and even during my lunch break at work. Even when sleeping, I was still thinking about why my Global VPN won't come up for my externally managed gateway on ESXi server. It's not technically difficult, but there is just too much involved and you need to be quick at troubleshooting, configuring, and designing architecture according to best security practices. When you live and breathe the technology for the sake of interest, you will not only pass, but will also enjoy the architecture challenge". Denys Borysiuk, T.P.
Link:
CCMA