
Department of Defense Directive 8570 stipulates that personnel performing Information Assurance (IA) functions within the DoD must obtain (and maintain) one of the certifications required for their position category or specialty and level.
Course content as of 01/06/2020
Implement separation of duties to reduce fraud and identify breaches by two to three authorized individuals performing key tasks within internal controls and compartmentalization.
Explore defense in depth by outlining layered security across network architecture, interconnection strategy, on-prem and cloud resources, and diverse user contexts for secure deployment.
Learn how open design and peer review foster collaboration, reduce risk, and strengthen security through faster flaw detection, training, and organizational efficiencies, while studying Kirchhoff’s law and foundational cryptography concepts.
Explore fail safe versus fail secure concepts, defense in depth across technical, administrative, and physical controls, and how hashing, digital signatures, and wildcard certificates support secure software lifecycles.
Explore secure coding references from Carnegie Mellon and the OWASP quick reference guide to validate data, encode outputs, and prepare for the CSSLP exam.
Discover essential standards from NIST, ISO, and IEC that shape secure software lifecycle practices, including ISO/IEC 27001/27002 and PCI guidance.
Discover cloud security best practices for Google Cloud Platform, focusing on organizational setup, identities and access management, roles, networking, audit trails, and logging for compliance.
Explore architectural risk assessment by outlining the main steps, identifying defects, and applying the sdlc approach to show how risk drives project success and provide resources.
Explore common data classifications used in commercial and government sectors, from proprietary and private to confidential, sensitive, secret, and top secret, including unclassified levels.
Learn to enable Google Cloud Platform data loss prevention, configure detectors and templates, and create regex rules to identify p.i. data such as ssn or credit cards with alerts.
Please note that the content is broken into TWO Courses. This is Course ONE which is available now on Udemy.
Domain 1-4 is covered in this course....
Content between two courses is over 20 hours.
Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).
CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at (ISC)².
Obtaining your certification will prove your skills, help advance your career, and even gain support from a community of cybersecurity leaders here to help you throughout your professional journey.
The Certified Secure Software Lifecycle Professional (CSSLP) certification is a vendor neutral credential; launched in 2008 by the International Information System Security Certification Consortium, or (ISC)2. This exam is very challenging even to software developers with experience because of the depth of knowledge required to learn in order to pass.
This course has been developed by an industry professional with over twenty years of IT experience. Course contains numerous aids to help the learning process such as demos, discussions, whiteboard designs, test tips, practice reviews and practice questions.
The CSSLP certification validates that the certified professional has the expertise to include the best security practices, auditing, and authorization into each phase of the Software Development Lifecycle (SDLC). SDLC phases include software design, implementation, testing, and deployment.
After earning their CSSLP certification, a software professional will be able to develop a software security program in their organization, reduce production cost, mitigate source code vulnerabilities, and reduce losses because of software breaches.
The CSSLP meets the Level I and II IA System Architecture and Engineering requirements of the DoD mandate 8570.01M. Additionally, the CSSLP certification is accredited for the requirements of ANSI/IEC/ISO Standard-17024.
The CSSLP certification exam is a well written exam evaluating potential candidates across eight different domains. The exam contains 175 question, multiple-choice exam is administered over a 4-hour period at a Pearson Professional Center.
The CSSLP exam questions are developed from the skills and information contained within the CSSLP CBK with the following tested percentages.
Note Course is broken into TWO Courses due to size of content.
Course One Contains content for these Domains (This Course).
Secure Software Concepts – 13%
Secure Software Requirements – 14%
Secure Software Design – 16% Secure Software Implementation/Programming – 16%
Course Two Contains these Domain Objectives.
Secure Software Testing – 14%
Secure Lifecycle Management – 10%
Software Development, Operations, and Maintenance – 9%
Supply Chain and Software Acquisition – 8%
Who would be the target audience?
The audience should be willing to study and review materials to pass the CSSLP Plus and meet the requirements set by ISC2
In order to become a fully certified CSSLP, (ISC)² requires the candidate to have a minimum of four years cumulative paid full-time SDLC experience in one or more of the eight domains of the CSSLP credential. A candidate can substitute one year of experience for a four-year college degree. If a candidate passes the certification exam but does not possess the required years of experience they will become an associate of (ISC)² and have five years to earn the experience. At which time they will become a fully certified CSSLP.
Roles which would benefit from taking the exam.
Software Developers Software Engineers DevOps Engineers Enterprise Architects Application Developers Security Professionals
What you will learn
• Protecting data and business assets and complying with applicable laws and regulations
• Following secure coding standards and how documentation can help in the maintenance and operations of software
• Identifying software vulnerabilities and how to perform testing of units of code
• Managing each phase of the software development life cycle (SDLC)
• Developing security to meet environmental risk and operational challenges
• Supporting incident response, patch and vulnerability management, and continuity of operations
• Supporting the software acquisitions process
• Understanding security related frameworks and best practices
TechCommanders is an online training platform for both aspiring and veteran IT professionals interested in next generation IT Skills.
TechCommanders is led by Joseph Holbrook, a highly sought-after technology industry veteran.
Techcommanders offers blended learning which allows the students to learn on demand but with live training.
Courses offered are used to prepare students to take certification exams in Cloud, DevOps, IT Security and Blockchain.
Techcommanders was established in Jacksonville, Florida in 2020 by Joseph Holbrook, both a US Navy Veteran and a technology industry veteran. Techcommanders, Advancing your NextGen Technology Skills.