Well, ISC2 is at it again with yet another security certification – this time focused on application security. The CSSLP (Certified Secure Software Lifecycle Professional) focuses on security where it’s often the weakest…at the source code level.
Not a bad idea in general. I just don’t foresee someone getting such a certification and then suddenly being a development expert much less someone being able to lock down the software lifecycle. These are things that come with tons and tons of experience in both psychology, politics, security AND development. The latter two of which I cover in-depth in my audio program Certifications, Degrees, or Experience – What’s Best for Your Security Career? Here’s a sample snippet for your listening pleasure.
I’m not saying it can’t be done. I’m just a little skeptical at this point.
What we need is a certification in getting management on board with security. Arguably the biggest problem we have with security. It could be called Certified Butt Kisser Striking Fear into Management or CFUD. Know that you heard it here first!
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”