Well, firstly you are needed to start with the basic concepts of networking like the OSI model, sub-netting, TCP concepts, IP related concepts, etc. You are required to start with CCNA routing and switching first so that you could gain a better understanding of network fundamentals like the models, topologies, IP addresses, devices, Configuration, troubleshooting, Routing Technologies, LAN switching Technologies, WAN, Infrastructure security, services and Management, so as to create a solid foundation by understanding the theory and implementing the tasks by Practical, and for achieving this you can take the help of Cisco training institutes like SPOTO Club. This course would be giving you a brief understanding of AAA Concepts, security concepts, security threats, CBAC, ACLs, NAT, VPN, Zone-Based Firewall. Also, brief knowledge about ASA firewall, Proxy firewall, Endpoint Security, Reflexive ACLS, Antivirus anti-malware, Authentication mechanisms, web-based threats, email-based threats, cloud-based proxies, cryptographic concepts, Application Firewall, and Intrusion Prevention System or IPS. The CCIE Security Course is divided into the below mentioned four exams:  SENSS The Implementing Cisco Edge Network Security Solutions or SENSS - 300-206 exam focuses the knowledge of a network security engineer  who is to configure and implement security on Cisco networks perimeter edge devices like the Cisco switch, Cisco router, and Cisco ASA firewall. It would be focusing on the technologies that are used to strengthen the security of a network perimeter like the Network Address Translation or NAT, ASA policy, as well as application, inspect, and a zone-based firewall on the routers of Cisco.  SITCS (v1.0 or v1.5) The Cisco Threat Control Solutions or SITCS - 300-207 exam will be implemented and will check a network security engineer on advanced firewall configuration and architecture with the Cisco next-generation firewall, identity policies and utilizing access, is going to covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions.  SISAS The Implementing Cisco Secure Access Solutions or SISAS with exam code - 300-208 is going to tests that whether a network security engineer would know the components and architecture of secure access, by utilizing 802.1X and Cisco TrustSec, evaluates the knowledge of Cisco Identity Services Engine or ISE architecture, solution, as well as components as an overall network threat mitigation and endpoint control solutions. It would also be including the fundamental concepts of Bring Your Own Device or BYOD using the posture and profiling services of ISE.  SIMOS  The Implementing Cisco Secure Mobility Solutions or SIMOS - 300-209 exam is going to tests the network security engineer on the variety of VPNs or Virtual Private Network solutions that Cisco has available on the Cisco IOS software and Cisco ASA firewall platforms and assesses the knowledge that would be necessary to properly implement highly secure remote communications through VPN technology, like the remote access SSL VPN and site-to-site VPN, DMVPN and FlexVPN. For this, you could make use of GNS3 by installing virtual images of firewalls or UNL software or Cisco IOU in VMWare Workstation. After the completion of this required course, you could move to CCIE security.  CCIE security  would be consisting of a written and a lab exam. This course would provide you with a much complex and deeper understanding of the topics that you have studied before and ways to secure a high scale network by the deployment of the necessary methods and policies and devices that you would be required for securing your network such as ACS, WSA, IPS, IDS, ISE, ASA firewall etc. So, if you are willing to gain this certification, you need to have a good training institute, for which I would like to recommend you to select the SPOTO Club.