CSSLP certification recognizes the key qualifications of those involved in building secure software. It is the only certification that addresses the need for software and security professionals who possess the knowledge and experience to implement security best practices throughout the software development lifecycle (SDLC).
CSSLPs understand the importance of secure software and their role in protecting organizations and intellectual property from evolving threats. With an increasing number of attacks exploiting vulnearabilities in software, the demand for professionals with application security expertise is on the rise. CSSLPs have proven their ability to incorporate security - authentication, authorization, encryption, auditing, and more - into each phase of the SDLC and their commitment to staying current with the latest advances in software security.
CSSLP candidates must possess a minimum of four years of cumulative paid full-time professional work experience in the SDLC in one or more of the eight domains of the (ISC)²® CSSLP CBK®. Alternatively, candidates can have three years of recent work experience with an applicable four-year college degree.
What Job Title Do You Have?
CSSLPs hold a range of titles including software architect, software developer, application security specialist, security manager, IT director, and vice president of IT audit. The certification is relevant to any software and security professional involved in the software development process, from software design and implementation to testing and deployment.
What's a Typical Day Like for a CSSLP?
Because CSSLPs represent such a wide cross-section of software and security professionals, the day can vary from person to person. CSSLPs often spend part of their day researching industry events to understand the emerging risks and cyber security landscape, as well as the trending threats, technologies, and exploits and how they may impact applications and associated development processes - from requirements, architecture, and design, to coding, testing, and deployment. Security activities can range from performing security architecture walk-throughs to doing vulnerability assessments, penetration testing, and source code review. CSSLPs with more management responsibilities often provide training for development teams on software security best practices.
What's Your Job Setting Like?
CSSLPs often work in team environments as either leaders or highly valued contributors. CSSLPs who work for software providers may be required to travel to customer locations, and those with more IT security-related titles may be found in areas of the organization such as the network operations center.
What Skill Sets are Most Important to Your Job?
In addition to possessing the skills to develop software that performs as expected, CSSLPs must have a deep understanding of the security landscape, application vulnerabilities, and evolving ways in which software can be exploited. They also need to know what tools and methodologies are required to effectively address these threats. Curious and creative by nature, CSSLPs are driven to understand how things work so they can help build innovative and secure software. But they must also know how to break things and make them not work. Their knowledge of how hackers can take advantage of code is critical, enabling them to identify vulnerabilities and build more secure software from the start - before any security breaches can occur.
If a Security Breach were to Take Place, What is Your Role in Handling Remediation and/or Prevention?
CSSLPs provide critical insight to the security teams in the event of a breach. Their expertise is called upon to quickly diagnose what software assets might be involved and where they are located. More than anyone else, CSSLPs understand the threat vectors and how software can be accessed and potentially used by hackers. Their expertise is vital in helping the response teams swiftly respond and manage the remediation efforts.