Welcome to the Cloud Academy's presentation of the Certified Secure Software Lifecycle Professional, or CSSLP course. 

The CSSLP is a certification created and conferred by the International Information Systems Security Consortium, known as ISC2 for short. This is a unique certification intended for those involved in the software development process, who need to understand how to bring security into the picture, an interesting and important aspect of systems development and operation. This course presents the common body of knowledge upon which the CSSLP is based. Using only the most current sources and information, it will bring insights and knowledge to add to your experience and thus prepare you to successfully take and pass the certification examination. 

Like all high-quality training, this course was developed with a very clear idea of which roles would either require or benefit from the concepts and knowledge that would be covered in it. These roles are the ones found in many public and private organizations that will encounter the security issues and challenges found in systems and software development, whether in a project setting or in an operational one. The CSSLP CBK contains the theory and practical basis for the professionals in such roles to effectively analyze the issues of integration of security into the development life cycle. Having this ability will lead them to develop effective strategies that help achieve project and operational objectives while enabling the balancing of the competing priorities of functionality and security. 

Having the CSSLP credentials signifies that its owner is both skilled and experienced in addressing these complex situations effectively, and thus enabling them to provide much needed support to their team's efforts. As with all professional certifications, the CSSLP has prerequisites that must be met by the candidates before they can begin the process to attain it. Once these are confirmed as met, the candidate can then take the exam. Successful passage is followed by an endorsement affirmation process to validate the necessary experience claimed that will allow the candidate to become the CSSLP. If the required experience amount is not yet at the required level, the candidate will automatically become an associate of ISC-squared, and be given a five-year period to gain the remaining experience needed for full qualification and conferrence of the certification. 

Now, this slide shows the domains of the CSSLP, and this list is current as of September 2020. The current structure shows layering from basic to advanced, each building upon and integrating with the previous domains. This approach is intentional to ensure that the candidate can move through the course and readily grasp the relationship of each unit to the others while introducing more advanced ideas and knowledge with each successive domain. The result is a well-integrated and cohesive training program that communicates the necessary information as contained in the CBK to meet the twin objectives of preparing for the examination and becoming more expert in the process of secure software design and development. 

Now here we have the current breakdown of the domains and their prevalence on the exam itself. Referring to the previous slide and the presented domain structure for just a moment, the order shown is the order which ISC-squared has the domains in currently. This order does not represent a priority of subject area, which is to say that domain one is not in fact more important than domain two, simply because it comes before it. The order appears to be arranged in order to facilitate the optimal learning experience for the attendees, with each succeeding module building on the preceding ones. AS this wheel indicates, domains are presented in roughly equal proportion on the exam. And since, each exam is generated uniquely for each person taking it, these percentages may vary in their exact amounts, but they will not do so greatly from those shown here. To explain, the wheel shows the breakdown of time spent in the interior as indicated on the job task analysis survey done each year by ISC-squared. The certification holders themselves tell ISC-squared how and where they spend their time in the domain areas. And these are then used to configure the test generation engine that produces all the exams given. In this way, the exam presents what the practitioners are actually doing, and this alignment ensures accurate representation and correspondence. 

Now, this slide shows the sources used to prepare this course material. Between these two volumes, the attendees will receive the best foundational launch and the most up-to-date changes available. In each of these, there are practice questions, case studies, and hands-on labs, which provide the readers with all the self-test helps needed to facilitate learning and confirm absorption of each topic. Similarly, they will also confirm areas requiring additional work and study, an equally important thing to ensure the most productive and successful learning experience possible. As is the case with all of the ISC-squared examinations, the question formats presented will vary from the traditional four-option multiple choice to more advanced types. And like all the other exams, the CSSLP is scored by counting only correct answers. This is because correct answers indicate proof of knowledge, or in rare cases, a lucky guess. Incorrect answers can result from many things, not just a lack of knowledge. So counting only correct answers is a more trustworthy measure of what the candidate actually knows and should be credited with. There are also the unscored items, which are questions in their final vetting phase before their inclusion is counting questions or questions used specifically to validate each exam's construction and integrity. This situation also brings out another equally important point. Answer all of the questions. 

So let's talk about how best to prepare. Since you are already here, you already must know that following this course is one of the best steps to take. But there is much you can do and should do to improve your chances of success further. Unfortunately, there is no practice questions companion volume for the CSSLP like there is for some of the other ISC-squared certification courses. However, the questions you will find in the volumes used to create this course will be excellent compensation. Likewise are those found in the CSSLP ultimate guide, which you should be sure to download and read. Also, there are flashcards available online from the ISC2 website at the website address shown. And you should use all of these resources in your preparations. 

Now, once you've attained it, there will be the matter of maintaining it. ISC2 currently requires 90 continuing professional education hours to be acquired over the three-year certification period, ideally, at the rate of 30 credits per year. ISC2 now requires a single annual fee of $125 USD per year. That will cover all ISC2 certifications held. Upholding the code of ethics is every bit as important as these other items. ISC-squared takes this very seriously, as should we all. So the question arises, how do I get buy CPEs to maintain my certification? Well, like many active security professionals, you no doubt have trouble finding time to keep up with your certification training requirements. Still, we all have the responsibility to keep up our credentials. ISC2 is aware that this can be challenging, and so it recognizes many options through which to obtain them. The list shown on this slide presents many of the most popular ways. These include the very popular webinars ISC-squared itself offers, as well as those from other sources like BitSight and Bitglass. Many of these are offered as a single hour live presentation that is also recorded for later listening. Many are free, and are of a length convenient to listen over a lunch hour, during a commute, while on a flight through the plane's wifi. Be sure to wear a headset for that; or after hours. These sessions present moderated discussions of both interest and concern, covering topics like cryptocurrency, ransomware, phishing, and other timely topics. The quality of these programs is typically quite high and the exchanges can be very lively. Oh, did I mention that many are free? 

So in closing out this introduction to the CSSLP, we've covered nearly all of the aspects of the course that a candidate needs to know starting out. Anytime you have questions, be sure you write them down when they occur so that you don't forget. That way, you can be sure to go back and refer to the authoritative sources used for this course and find the answer that you need.