Update on the CSSLP And its Impact on the SDLC Profession. Hart Rossman, CSSLP Member, (ISC) 2 Application Security Advisory Board

Similar documents
Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008

Software Development: The Next Security Frontier

Security Transcends Technology

Information Security Principles and Practices

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance

Certification and Training

Information Systems Security Engineering Professional (ISSEP)

The Next Generation of Security Leaders

The Value of Information Security Certifications

WCA WEBINAR SERIES: The Case for Cyber Security Training

Access FedVTE online at: fedvte.usalearning.gov

Investor Presentation

IT S A FUNNY THING ABOUT OFFICIAL CERTIFICATES

BHEF s National Higher Education and Workforce Initiative

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

Security Certifications. A Short Survey. Welcome. Stan Reichardt stan2007@sluug.org

The National Skills Academy for IT. Cyber Security

All about CPEs. David Gittens CISA CISM CISSP CRISC HISP

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Understanding the Federal IT Security Professional (FITSP) Certification

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES & GUIDELINES

Social Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com

Kris Madura, MBA, PMP. Security Program Manager

How To Become A Security Professional

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Practical Applications of Software Security Model Chris Nagel

Certification for Information System Security Professional (CISSP)

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

HEALTH INFORMATION MANAGEMENT (HIM) HUMAN RESOURCE PACKAGE

Cover/Signature Page Full Template

THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT

Software Assurance Competency Model

Tableau Dashboard for Maximo 15-AUG-13

Pharmacist Education & Training

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages

Cybersecurity Credentials Collaborative (C3) cybersecuritycc.org

CompTIA CASP Pre-approved Training for CompTIA CASP Continuing Education Units (CEUs)

IT Privacy Certification

(ISC)² Foundation Announces 2014 Information Security Scholarship Recipients

IT and Cybersecurity. Workforce Development with CompTIA Certification

GIAC Program Overview 2015 Q4 Version

Partnering Excellence

Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C Direct: agarg@thinkbrg.

NOVEMBER DEFENSE & FEDERAL TECHNOLOGY MARKET UPDATE

BilgeAdam IT Services

Certification Programs

CompTIA Certification Renewal Policy and Continuing Education (CE) Program. Kyle Gingrich Senior Director, Product Management

UMUC FED Program. Online Open House July 22, 2015

Forensic Certifications

Microsoft SQL Server and Oracle Database:

The Evolution of Application Monitoring

A Blueprint for: Microsoft Dynamics CRM Success

Shon Harris s Newly Updated CISSP Materials

A Blueprint for Business Software Implementation Success

Cybersecurity Workforce Training Partnership

TOPSECRETPROTECTION.COM (TSP)

An expert s tips for cracking tough CISSP exam

Information Security Specialist Training on the Basis of ISO/IEC 27002

Business Analysis. Business Analysis Certification Preparation, Training & Corporate Workshops. featuring

(ISC) Congress Schedule of Events (All events will take place at the Orange County Convention Center, unless otherwise stated.

Bilge Adam IT Services

The IPSJ Model of IT Professional Certification

Table of Contents. The Case for SharePoint. SharePoint with an Agile Execution. Typical LASER Project. Build the Right Solutions/ Solutions Right

Enterprise Class IT Solutions and Services

Understanding the Federal Cyber Security Professional (FCSP) Certifications

BMS Consulting Cyber Security and IT Technology Team

ISSECO Syllabus Public Version v1.0

Guide to information security certifications. SearchSecurity.com's guide to vendor-neutral security certifications

Agile Training and Certification Options. David Hicks

Learning objectives for today s session

from PKI to Identity Assurance

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

IBM Project Management Competency -Overview

Transcription:

Update on the CSSLP And its Impact on the SDLC Profession Hart Rossman, CSSLP Member, (ISC) 2 Application Security Advisory Board

(ISC)² Built the largest, most comprehensive Software Security Body of Knowledge (Certified Secure Software Lifecycle Professional) CSSLP Incorporated are: Public Standards: NIST,OWASP, ISO 2700x, PCI-DSS, etc. Corporate Best Practices: Symantec, Cisco, Microsoft, Xerox, SRA International, Boeing Industry Associations and Advisory: SAFEcode, RSA, SANS, ISSA, BASDA, DSCI (NASSCOM) Government Standards: Department of Homeland Security / Software Assurance Initiative

Certified Secure Software Lifecycle Professional (CSSLP) Domains (ISC)² CSSLP CBK Domains Secure Software Concepts Secure Software Requirements Secure Software Design Secure Software Implementation/Coding Secure Software Testing Software Acceptance Software Deployment, Operations, Maintenance, and Disposal

Current CSSLP Statistics CSSLP Credential Holders: 935 certified 250 took the education program in 2010 129 sat for the exam in 2010 CSSLP Organizations Demographics: Banking Aerospace Government Mobile Phone Manufacturers Insurance Consulting Firms Software Security Companies Software Manufacturers

CSSLP Statistics (Cont.) CSSLP Education Program Reviews: CSSLP course is consistently being touted as graduate level material in written reviews submitted by participants Course Evaluation Statistics: 5 being Excellent and 1 being Poor (of 203 respondents) - Avg. Quality of Course Materials: Rated 4.7 - Avg. Quality of Course Instructor: Rated 4.8

CSSLP Statistics (Cont.) Job Titles of CSSLPs : Sr. Software Developer/Analyst/Architect/Engineer Application Security Architect/Engineer/Analyst Lead Software Engineer Project Manager CISO CSO Consultant Information Assurance Manager/Analyst/Architect

CSSLP Statistics (Cont.) Job boards listing CSSLP as required or preferred: Chase Boeing JP Morgan Serco Dell Citi EMC HP Lockheed Martin CSC Fortify Shire Pharmaceutical

How the SwA Community Can Use the CSSLP

Why the CSSLP? Building secure software, along with writing secure code, is critical now! Software Assurance has kaleidoscope of perspectives to be factored into secure software lifecycle. First line of defense is qualified and educated personnel who know how to write secure code that meets security requirements, including design, testing, deployment, and ultimately disposal of software.

CSSLP CBK Overlap between Other Certifications/Programs GSSP-C (SANS) Software Coder Certification Program GSSP-J (SANS) Software Coder Certification Program CSSE (ISSECO) Entry-level Education Program Certificate of Completion CSSLP (ISC)² Professional Certification Program Software Assurance Initiative (DHS) Awareness Effort Vendor- Specific Credentials

Software Lifecycle Stakeholder Chart Client Side PM Industry Group Delivery Heads Business Analysts Auditors Top Management Software Lifecycle Stakeholders Business Unit Heads IT Manager Security Specialists Testers Quality Assurance Managers Technical Architects Developers/ Coders Project Managers/ Team Leads

CSSLP Certification Requirements By Examination: Process Public exams available worldwide through PearsonVUE Candidate must submit: Completed examination registration form Proof of 4 years experience in the Software Development Lifecycle (SDLC) or 3 years experience with a one year waiver for 4-year degree or equivalent in an IT related field Pay a fee of $549 (early-bird) or $599 (standard) Candidate must Pass the official (ISC)² CSSLP certification examination Complete the endorsement process Maintain their CSSLP status with CPE s

What s Next for the CSSLP?

Progress of the CSSLP ANSI Accreditation Achieved Oct 2010 (ISC)² Application Security Advisory Board Established Nov 2010 Andreas Fuchsberger, CISSP-ISSAP, CSSLP, Royal Halloway, University of London, and security, privacy and identity standards lead, Microsoft Corp. Sharon Hagi, CISSP, CSSLP, IBM Paco (Brian) Hope, CISSP, CSSLP, Cigital Ajoy Kumar, CSSLP, JP Morgan Chase Robert Lai, CISSP-ISSAP, ISSEP, CAP, CSSLP, SAIC Glenn Leifheit, CSSLP, FICO and ASAB co-chair Anthony Lim, CSSLP, Asia-Pacific, Rational Software, Suntec Alessandro Moretti, CISSP, CSSLP, UBS Dr. Yiannis Pavlosoglou, UBS Hart Rossman, CSSLP, SAIC Bola Rotibi, CEng, Creative Intellect Consulting Ltd. Dave Stender, CISSP, CAP, CSSLP, U.S. Internal Revenue Service Dr. Vehbi Tasar, CISSP, CSSLP, (ISC)² and ASAB co-chair Richard Tychansky, CISSP-ISSEP, CAP, CSSLP, Lockheed Martin Corp. Further details on the AppSec Advisory Board can be found at https://www.isc2.org/innerpage.aspx?id=6979&terms=application+security+advisory+board

Future for the CSSLP DoD 8570 Mandate Sponsorship Received Associate Designation Anticipated Working to align the CSSLP curriculum with SEI Cert Undergraduate and Masters level Software Assurance Curriculum Model http://www.cert.org/mswa/

For more information, please contact: David W. Stender, CISSP CSSLP CAP david.stender@irs.gov Glenn Johnson, (ISC)² Corporate Accounts Manager Lead CSSLP Consultant gjohnson@isc2.org Visit www.isc2.org/csslp

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information