You can't secure what you don't acknowledge.SM

Monday, September 29, 2008

ISC2's new CSSLP to the rescue?

Well, ISC2 is at it again with yet another security certification - this time focused on application security. The CSSLP (Certified Secure Software Lifecycle Professional) focuses on security where it's often the weakest...at the source code level.

Not a bad idea in general. I just don't foresee someone getting such a certification and then suddenly being a development expert much less someone being able to lock down the software lifecycle. These are things that come with tons and tons of experience in both psychology, politics, security AND development. The latter two of which I cover in-depth in my audio program Certifications, Degrees, or Experience - What's Best for Your Security Career? Here's a sample snippet for your listening pleasure.

I'm not saying it can't be done. I'm just a little skeptical at this point.

What we need is a certification in getting management on board with security. Arguably the biggest problem we have with security. It could be called Certified Butt Kisser Striking Fear into Management or CFUD. Know that you heard it here first!

No comments:

Post a Comment