Friday, February 27, 2009

Getting the CSSLP

I am pleased to report that I'm now a Certified Secure Software Lifecycle Professional, or CSSLP. This is an (ISC)2 certification introduced late last year. The name doesn't exactly roll off the tongue, but my employer was kind enough to pay the $550 fee (normally $650) for me to go through the gauntlet required to get this cert. Actually, it wasn't that bad. Up until March 31, 2009, CSSLP candidates are not required to take and pass an exam. Instead, you have to submit and pass the CSSLP Experience Assessment. Essentially, this consists of submitting your current resume, writing four essays of 250-500 words each, and getting an endorsement from an (ISC)2 credential holder.

The four essays are not difficult if you have the right experience, but they were time consuming for me. I spent about an hour on each one. The essays must describe your professional experience in 4 of 7 different topic areas:

  1. Applying Security Concepts To Software Development
  2. Software Requirements
  3. Software Design
  4. Software Implementation/Coding
  5. Software Testing
  6. Software Acceptance
  7. Deployment,Operations, Maintenance And Disposal
I have experience in all of these areas, but I chose #1, #3, #4, and #5 for my essays. These topic areas correspond to the domains that represent the CSSLP Common Body of Knowledge (CBK). I'm looking forward to using my experience and knowledge in this area more as time goes on. There seems to be a nascent trend in the industry to be more proactive about developing secure applications, hence a new cert like CSSLP. I believe assessments and penetration testing will continue to be important, but introducing security elements earlier in the process is bound to pay off in more secure software. Hopefully, my new certification will pay off my company and for me.


Danny Ha (Made in Hong Kong) 8/26/2009 5:29 AM  

Hi Dave,

Nice to know you on your blogspot.

Keep in touch.

Danny Ha, CSSLP...
Hong Kong

Anonymous,  2/08/2013 4:28 AM  

Hi i am CISSP , but i want to sit in CSSLP exam , Can any any one guide me for preparation , and notes and books material .


Dave Ferguson 2/08/2013 8:40 AM  

It is better for me to let others who have taken the exam answer your question about preparation. This link may be helpful: Keep in mind you also have to have 4 years of experience in the one of the CSSLP domains.

  © Blogger templates The Professional Template by 2008

Back to TOP