Back to RCSP

RCSP Certification Blueprint

Large-format A0 poster · prints edge-to-edge at 841 × 1189 mm

RKR NETWORKSAI-Readiness Academy
Security · ProfessionalCertification Blueprint · A0
RCSP

RKR Certified Security Professional

Zero-Trust Network Security Engineering | Professional Tier | 16 Weeks, Lab-First

16 weeks
Duration
10 hrs/week
Effort
8 modules
Curriculum
18 graded labs
Hands-on
Comparable in rigor toJuniper JNCIP-SECCisco CCNP SecurityAruba ACCP

The blueprint

RCSP builds engineers who can contain a breach by design: application-aware NGFW policy with TLS decryption on Juniper SRX and PAN-OS, custom Snort 3/Suricata detection, macro- and micro-segmentation with TrustSec and EVPN-VXLAN group-based policy, identity-driven access with Aruba ClearPass and Cisco ISE, SASE/SD-WAN edge security, and ATT&CK-mapped SIEM detections with automated containment — proven on a live multi-vendor rack and a defended zero-trust capstone design.

Skill domains

6 assessed domains
01

NGFW & Threat Prevention

  • SRX unified policies + AppSecure; PAN-OS App-ID/User-ID
  • SSL forward-proxy decryption design with pinned-app exclusions
  • Snort 3/Suricata rule authoring; IDP tuning under evasion
  • Firewall HA: chassis cluster and active/passive failover
02

Segmentation & Zero Trust

  • Macro-segmentation: VRFs, zones, firewall hairpinning
  • TrustSec SGT/SGACL with SXP propagation to firewalls
  • EVPN-VXLAN group-based policy and host-level enforcement
  • Dependency mapping to least-privilege allow-lists
03

NAC & Identity

  • ClearPass: EAP-TLS, profiling, OnGuard posture, dynamic roles
  • Cisco ISE: policy sets, MAB fallback, pxGrid context sharing
  • Phased 802.1X rollouts — monitor to closed mode with rollback gates
04

SASE & Secure SD-WAN

  • IPsec/IKEv2 overlays with segment-aware VPN topologies
  • DIA breakout with tunnel steering into SSE (SWG/CASB)
  • ZTNA private-app access vs legacy VPN exposure
05

SecOps & Detection

  • Firewall/IPS/NAC telemetry pipelines into Elastic or Splunk
  • MITRE ATT&CK-mapped correlation rules; portable Sigma content
  • SOAR containment: API-driven quarantine via ClearPass/ISE
06

Cloud & DC Security

  • East-west inspection via service-leaf firewall clusters in EVPN-VXLAN
  • Layered AWS/Azure policy: SGs, NACLs, centralized managed firewalls
  • Securing hybrid connectivity and the fabric control plane

Signature labs

Rack time, not watch time

PAN-OS TLS decryption rollout with enterprise CA and pinned-app exclusions

TrustSec micro-segmentation: SGTs from ISE, SXP to firewall, SGACL enforcement

ClearPass EAP-TLS with posture-gated quarantine and automatic remediation release

Secure SD-WAN overlay with SSE breakout and ZTNA private-app publishing

ATT&CK-mapped detection pack firing on live C2, lateral movement and brute force

Capstone: zero-trust build on the RKR rack surviving scripted attack injection, defended in viva

How you are examined

90-question proctored theory (120 min, 750/1000) + 6-hour graded rack practical: NGFW policy with decryption, ClearPass zero-trust NAC, SGT micro-segmentation, and two live-firing SIEM detections — rubric-scored with a verifiable per-domain scorecard.

Career ladder

  1. On certification (0-12 months)
    Network Security Engineer II — NGFW, NAC and segmentation deliveryRs 10-16 LPA
  2. 1-2 years
    Senior Security Engineer — owns firewall estate, 802.1X rollout, IPS tuningRs 16-24 LPA
  3. 2-4 years
    Zero-Trust / SASE Lead — segmentation and SASE programs across sites and DCRs 22-32 LPA
  4. 4+ years (RCSE track)
    Security Architect — enterprise and datacenter security architectureRs 32-48 LPA

Rs 10-24 LPA typical on certification, scaling to Rs 22-35 LPA in senior zero-trust and DC security roles

Anyone can pass a quiz about zero trust. RCSP makes you build one — and defend it while it's under attack.

RKR NETWORKSNetworks First, Networks LastRCSP · Security stream · Professional tier · training.rkr-networks.com

Tip: in the print dialog choose “Save as PDF”, set paper size to A0 and margins to none for a full-bleed poster.