The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle Professional von Ronald L. Krutz und Alexander J. Fry von John

(about 600 useful pages)

I bought both of them only because the second has tests. But I was disappointed because the same tests are in the book in printed form. Of course, with answers. And of a questionable quality. But, nevertheless, better than nothing.

Which one is better ?

I don’t know… none of them would make a difference in passing the exam if you don’t have what it takes: min. 4 years experience in software development.

The two books mentioned covered the chapters in two different ways:

– the first one is more like a story about the topics required by the exam

– the second one is very technical and descriptive. It is like a conclusion of the first one.

Study time

With interruptions, I started in December 2011 and I studied about 3-4 times per week (incl. weekend) in the evening and in weekends.

So, this makes about 3,5 months study time.

The exam

Probably the toughest exam I’ve had so far…

It doesn’t have much to do with the theory I read. It has to do with experience and it is good so.

ISC requires to have min. 4 years of experience in order to be allowed to take the exam.

You need experience in

– Software development

– Managing software development

– Security – here the ComptTIA Security+ certification helped a lot

– Testing

– Planning software development – here the ComptTIA Project+ certification helped a lot

– Designing software

– Software architectures

– Auditing

Without having previous experience in these areas, you have no chance… because the books only just touch the subjects.

What is required by the certification

The Candidate Information Bulletin specifies quite clearly what is expected.

Next steps

I need an endorsement from an ISC professional which guarantees for me certain aspects.

Everything is well documented, I don’t expect any problems here.