Preparing for CSSLP
I've been working predomiently as a software engineer / consultant for 10 yrs and in recent years my interest in application security has grown significantly. I do have several MCITP/MSCE certs from MSFT that aligns with part of my day to day job (programming) but I highly doubt for next 10 yrs I will be working in a full capacity as an engineer. There is nothing wrong with progamming but already in my current job I've been actively given more work around solution design & architecture which is a welcome change for me.
I initially looked for various vendor natural certifications (those more inline with management than hands-on) and ISC certs came pretty high on the list. I have to say I was initially tempted towards CISSP but I don't think it really resonate with my current profile and also CSSLP seems to fit much better with my current exp. I still believe I may try CISSP in the future but not now, for sure. Interestingly most people are not even aware of CSSLP but if you search for it on job sites (did it for my awareness) it does show up as requirement for few jobs and some of these job would accept it as replacement of CISSP or if candidate is willing to pass CISSP after taking that job.
With that I went and register for the CSSLP exam in early December 2015. I am currently reading ISC2 Office Guide to CSSLP but will be planning to add more rigor in coming weeks. There are really very few learning sources (not surprise) around CSSLP as compare to CISSP. My employer is paying for the cert and I will ask them about any potential training they can sponsor but not sure if there are many options for a good training. I am thinking to get my hands on few books that I found on amazon on CSSLP exam (4 I believe is the number). I feel with consistent focus and rigorous study plan 90 days would be good enough to appear in the exam but for now I will keep the date to early December.
It would be interesting to know know how other folks are preparing for the CSSLP exam? or what trigger them to take this exam.
I initially looked for various vendor natural certifications (those more inline with management than hands-on) and ISC certs came pretty high on the list. I have to say I was initially tempted towards CISSP but I don't think it really resonate with my current profile and also CSSLP seems to fit much better with my current exp. I still believe I may try CISSP in the future but not now, for sure. Interestingly most people are not even aware of CSSLP but if you search for it on job sites (did it for my awareness) it does show up as requirement for few jobs and some of these job would accept it as replacement of CISSP or if candidate is willing to pass CISSP after taking that job.
With that I went and register for the CSSLP exam in early December 2015. I am currently reading ISC2 Office Guide to CSSLP but will be planning to add more rigor in coming weeks. There are really very few learning sources (not surprise) around CSSLP as compare to CISSP. My employer is paying for the cert and I will ask them about any potential training they can sponsor but not sure if there are many options for a good training. I am thinking to get my hands on few books that I found on amazon on CSSLP exam (4 I believe is the number). I feel with consistent focus and rigorous study plan 90 days would be good enough to appear in the exam but for now I will keep the date to early December.
It would be interesting to know know how other folks are preparing for the CSSLP exam? or what trigger them to take this exam.
Comments
-
xXxKrisxXx Member Posts: 80 ■■■■□□□□□□Hey welcome to the site. How do you feel the content of ISC2 Official Guide to CSSLP is? Another good certification in Software Security is the GWEB. The course content is useful, I think you'd enjoy the course. I plan on going after the CSSLP eventually this year.
-
B99101146 Registered Users Posts: 4 ■□□□□□□□□□So far I have read two chapters (each chapter cover specific exam domain) form the book CSSLP ISC2 official guide and I would say it's written as a manual/guide so expect short sections with condense information. I will call reading experience informative but rather dry.
One thing I did and thought to share is, before reading a chapter I attempt the sample questions that are provided at the end of each chapter. Then after post reading the chapter I go through those questions again. Finally I compare my answers from both attempts and that give me rough idea of my standing on that partucular domain. Not surprisingly I did score ~80% on domain that I work on daily basis and less than that on the other on my first attempt.
I checked the Gweb exam link and it seems interesting and if I plan to attempt more hands on cert in the future that will be interesting. However if you do have links to some educational material that covers Gweb exam I may feel motivated to go trough them at some point.
Btw you mention you are planning to take CSSLP exam. Would be beneficial to share the study plans. I probably going go to stream line plan soon for my slef. -
ctrber Registered Users Posts: 3 ■□□□□□□□□□I am also preparing for the CSSLP using the official guide written by Mano Paul. While it is an excellent reference, I would prefer some CBT (computer based training) or videos of some kind. I'm considering the official ISC2 online course and using the book as a reference/in-depth guide. I have scored one point above passing on a practice test (71%) but hope to score 90% to ensure I am well-prepared for the exam.
Has anyone had any experience with the official ISC2 online course or any other online training for the CSSLP? -
xXxKrisxXx Member Posts: 80 ■■■■□□□□□□Hey guys, how have you 2 progressed through the CSSLP content? Have you taken the exam yet?
I'm currently enrolled in the online 8 week training that started this week. Just got done with Session 2 of the week based around Domain 1. The online training seems ok. The only thing I don't like so far is that the instructor is encouraging active participation over Microphone. The interactions of students in the course gets the students thoughts on the subject manner and isn't diving incredibly deep on the content. This is a different approach than what I'm used to taking vLive Training from SANS where the instructor is going over each page of the course content and sharing his/her experiences on the content.
It's fine if people want to interact but I don't have much to contribute on certain topics I have no experience with. Not sure if this is ISC2's preference in teaching or if it's just the instructors style. I would prefer to hear more hardcore instruction and diving deep into topics instead of listening to discussions and hearing whether or not the instructor has anything to add or correct based on students response.
If anyone plans on taking online training for the course and is paying out of pocket, sometimes ISC2 has problems filling their online classes. I suggest reaching out to a certification consultant by e-mailing for more information and ask them what discounts/bundles you can get. I was able to save $500 on the course and received a bundle I was happy with. -
ctrber Registered Users Posts: 3 ■□□□□□□□□□I have still been reading the Mano Paul book while I am waiting on my company to approve the paid course (they may offer to pay half the price).
I was asking earlier about the official online eLearning:
https://www.isc2.org/elearning/default.aspx
For the price, it seems like a good deal. I was just wondering if anyone could vouch for the quality of the material. I prefer online training (Lynda.com, Pluralsight.com) for exactly the reason xXxKrisxXx mentioned - no wasted time on "interactive discussions" and the fact that it is self-paced. I like being able to go back and review individual sections.
Any thoughts would be greatly appreciated. -
Mike7 Member Posts: 1,112 ■■■■□□□□□□For those interested, there is a series of webcasts about CSSLP by ISC2 at http://education.isc2.org/csslp-webcasts/ . It provides an overview of the 8 domains in the exam. There is fair amount of overlap with CISSP domains and I have application development experience. May take the exam.
BTW, ISC2 members can buy the book for 50% off at 30 euros. Login to ISC2 site and check member benefits page for instructions. No discounts for ebook though. -
gr8csslp Registered Users Posts: 1 ■□□□□□□□□□Has anyone appeared for the CSSLP exam? Can anyone confirm if Mano Paul's book is sufficient to prepare for the exam? I would love to know if there is a study group for CSSLP.
-
Mike7 Member Posts: 1,112 ■■■■□□□□□□The CSSLP CBK finally reached me from across the Pacific ocean. If you visit the ISC2 site, most if not all white papers and articles on CSSLP are by Mano Paul; he probably wrote bulk of the exam questions as well.
Quite an interesting read, fonts are big, quite a number of new terms. Not a lot of depth, but still a good educational read.
Mano Paul's background is in Microsoft .NET; so it helps if your software development experiences is with .NET.
The book will serve as a good reference.
May supplement it with the CSSLP AIO, the comments on Amazon are very positive. -
JayMy Registered Users Posts: 1 ■□□□□□□□□□Hi hb99 and everyone,
I am also looking for good practice questions for CSSLP. I have done some expresscertification practice questions and they seems pretty good IMO. I did all questions from official ISC2 book too.
I am also interested to hear some advices for the exam. Looks like there isn't that much time per questions vs CISSP exam and that makes me pretty nervous.
--J