Hey all, i'm happy to announce that on 9/3/2020 i succesfully passed the CSSLP exam. I started my preparation a year ago and have been studying on a regural basis since then(approx 3 hours per week). Resources that i used:
The latter also included mock exams which i used the last month to measure my readiness.
Since i don't have the required experience to endorse as a CSSLP yet, i will travel the associate path. I face an issue though, when i try to submit my AMF. See image below:
I've been getting this for 3 days in a row now. Can you provide some details on this?
Happy to be with you guys, lets get a safer cyber world for all people.
Many congratulations and welcome to the club! Glad you made it as I know you've been preparing for this for a while.
You'll need to contact Member Services to resolve the AMF payment issue. Either to make a payment over the phone, or for them to fix the issue with your account on the back-end. You can find their details through the "contact" link at the bottom of this site or on the main site.
BTW - I recommend you call them and keep calling until you speak with someone rather than emailing or leaving a voicemail if you want this resolved quickly.
First of all, congratulations for your achievement.
Please could you tell us how was the exam? I mean if you find it difficult in terms of long and tricky questions, etc. I have been studying exactly the same books thank you intermittently, and I feel comfortable with the exam questions provided in both, but reading posts of other people that took the exam months ago I don’t feel that real exam includes questions similar to that.
Thanks and Regards,
Overall, If i were to rate it in terms of difficulty then i would give it 7 out of 10. I mean that i expected it to have questions that require in-field experience, eg: "Considering this fact and that fact: As an ISSE, what's the best course of action?", but it actually didn't. I also feared that it might include questions that require an undefined number of answers(choose all that apply), but again it didn't. Fortunately it also didn't include hard-wired questions, e.g "pick the right ISO publication". I wouldn't say they are not similar. They are similar in terms of context, that is the 8 domains that make up the certification study material. What i have found is that slight terminology variations exist between official CBK and the other one, which may seem ambiguous for someone new to the software security field(certainly to me xD) and ultimately create this impression you are talking about. One thing that i noticed though is that it included material that was not explicitly stated in neither of the books. I mean maybe it could as an external reference, but not as a discrete topic under listed sections. And there was a good number of them. There were also a few "gift" questions(eg: "What is this?"), approx 4 or 5. Most questions targeted pure knowledge and context-awareness.(eg: "To know what threat modeling is and in which SDLC is it appropriate to apply.")
Please feel free to ask me for more if this answer isn't sufficient for you.
First of all, thanks for your answer.
What you are describing in your post is much better to what other people that took the exam months ago described in their comments. Probably the exam changed in some way in the last times, as I have read other recent posts in which some people writes comments similar to yours. Glad to hear that :)!
When you say that for you it is 7 out of 10 without having too much experience in the field, I feel much more conformable in taking the exam in the future. Btw, what is your background and experience in software engineering / security?
Do questions in exam are long with tricky answers in general, or are ver concise and not trying to confuse the candidate? I think that one of the main problems that had many students in past months were that questions were really long (even difficult to understand the own question), and answers most of the times tricky (using similar and weird words in the answers, etc).
When you say that there are 4-5 "gift questions" you mean that those questions are really hard because not included anywhere in materials or because are long and confusing?