I’m working as a senior software engineer in Java/J2EE (Java 2 Platform, Enterprise Edition) technology. I have more than five years of experience in software development life cycle (SDLC) and more than three years in secure software development. I’m planning to do a certification in Certified Secure Software Lifecycle Professional (CSSLP), but can’t find any related material. Could you guide me to tutorials or a study guide and provide more details regarding this certification, such as registration, preparation and so on?
(ISC)2’s CSSLP is one of the few security certifications available for people involved with the software life cycle. Like the SSCP (Systems Security Certified Practitioner) and the CISSP (Certified Information Systems Security Professional), it consists of seven domains aimed specifically at software, analysis and design.
There are several study resources available, and I always recommend using more than just one.
To start, the following books can serve as a good resource: The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle Professional by Ronald Krutz and Alexander Fry and the Official (ISC)2 Guide to the CSSLP by Mano Paul (due out soon).
For computer-based training, consider the CSSLP Certification Training Video Course on CD from CBT Planet. For class-based training, there are the seven-day boot camps from training providers like Firebrand as well as the 2010 CBK Review Seminars.
However, the first place to look for information on and register for the CSSLP would be (ISC)2’s own Web site.
Keep in mind that once you gain the CSSLP credential, it doesn’t stop there. According to (ISC)2: “Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing. This is primarily accomplished through earning 90 continuing professional education (CPE) credits every three years, with a minimum of 15 CPEs earned each year after certification. CSSLPs must also pay an annual maintenance fee of USD 100 per year.”
One thing I’d like to point out is that you need to get endorsed by another (ISC)2 member in order to gain the full (ISC)2 credential. You can get endorsed by (ISC)2 directly; however, the process is comparable to being audited.
Put it on your to-do list to check out prices for the (ISC)2 exams. There are two prices: early and standard. Early registration applies to registration and payment received 16 days prior to the exam date and is $50 cheaper.
One other thing to keep in mind is that beginning this year, Pearson VUE will be offering (ISC)2 exams starting with the CSSLP; the rest will be phased in over the next three years.