parsonsisconsulting

I am studying to become a CSSLP.  I have had my CISSP for a number of years and have been a programmer and ethical hacker for ten years.  I have my master’s degree in information security and management science and a bachelor’s degree in information science and human computer interaction.  I work for a very large security company.   I am taking the exam too and wanted to share my knowledge of studying for it with the blogsphere.    

The CSSLP examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven domains which comprise the CSSLP, taxonomy of information security topics:

• Secure Software Concepts – security implications in software development and for software supply chain integrity

• Secure Software Requirements – capturing security requirements in the requirements gathering phase

• Secure Software Design – translating security requirements into application design elements Secure Software Implementation/Coding – unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation

• Secure Software Testing – integrated QA testing for security functionality and resiliency to attack

• Software Acceptance – security implication in the software acceptance phase

• Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software

CSSLP stakeholders include:

•    Auditors
•    Top Management
•    Business Unit Heads
•    IT Manager
•    Security Specialists
•    Application Owners
•    Developers & Coders
•     Project Managers Team Leads
•    Technical Archietects
•    Quality Assurance Managers
•    Business Analysts
•    Industry Group Delivery Heads
•    Client Side PM

https://www.isc2.org

Thanks Matt Parsons, CISSP, MSM
mparsons@parsonsisconsulting.com