cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Re: Not too happy with CSSLP Exam

I stand corrected on the exam being covered by ISC2.  I re-read the e-mail and my wishful thinking saw one thing, but in fact it is another.  ISC2 will allow anyone who has taken their course and failed the test to re-attend I believe the class free of charge.  It's not the actual test.  We'd still be out the money for taking a 2nd exam.

Newcomer I

Re: Not too happy with CSSLP Exam

All of my study material had the models. 

Newcomer I

Re: Not too happy with CSSLP Exam

Hi
Thanks for your response. So did you pass the exams? Can you provide the names of the study materials you used & the models being referred to please? Are you already in the security, developer, DBA, or hardcore IT field?
Newcomer I

Re: Not too happy with CSSLP Exam

I did pass the test on the first pass. It was brutal. I studied the infamous CSSLP CBK ans the All-in-One. The CBK had the models. I also read the CISSP book by Shon Harris.

 

I have been a developer for about 30 years. Most of it as a developer or a manager of developer. I have a fair amount of security experience from a management prospective,

 

I found the test to be about 25% book knowledge and 75% experience and common sense.

 

The security experience was the key for my passing. There were definitely were not covered in the books. 

 

Sal 

 

 

 

Newcomer I

Re: Not too happy with CSSLP Exam

That should have read:

 

There definitely were questions that were not covered by the book.

 

The CBK was the 2nd edition.

 

I totally went the self-trained route. 

 

 

Newcomer II

Re: Not too happy with CSSLP Exam

That should have read:

 

Official (ISC)2 Guide to the CSSLP CBK

CSSLP Certification All-in-One Exam Guide

Tags (1)
Viewer II

Re: Not too happy with CSSLP Exam

I passed the exam, but only by the skin of my teeth, (I had to answer all 175 questions.)  I am a software engineer, but have been more on the analysis side rather than the actual coding for the last five years.  I studied by just reading the official CSSLP CBK, but there was certainly information on the test which was not thoroughly covered in the study guide.  I also have my CISSP, and I feel that test was exponentially easier than the CSSLP.  The CSSLP test is certainly designed for someone who has actual hands-on software development experience.

Newcomer I

Re: Not too happy with CSSLP Exam

Congratulations! Thanks for taking the time to respond. My point exactly.
It's very misleading when you state Project Managers, Quality Assurance
Analysts & even Business Analysts can take the exams and pass it. It's also
implied that this exams is geared for folks with software development life
cycle knowledge but in my opinion, it's really not. It's more for folks
with hard-core IT background for example, coders, developers, programmer's
etc. What baffles me is how can the governing board give classes that does
not fully equip the students with everything needed to pass the exams nor
does it's book of knowledge have ALL necessary info for the exams. Doesn't
anyone else see something wrong with this picture or is it just me? I'm
baffled!

Thanks,

Valerie Thomas
The quality, not the longevity of one's life is what is important!
-Rev. Dr. Martin Luther King, Jr.
Highlighted
Advocate I

Re: Not too happy with CSSLP Exam


@veejaydee40 wrote:
It's very misleading when you state Project Managers, Quality Assurance Analysts & even Business Analysts can take the exams and pass it.
It's also implied that this exams is geared for folks with software development life cycle knowledge but in my opinion, it's really not. It's more for folks with hard-core IT background for example, coders, developers, programmer's etc. 

Valerie,

It appears that you may have misread or misinterpreted the information on the CSSLP exam.

Here is what the CSSLP information page says:

 

=-=-=-=-=

The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment – including those in the following positions:

Software Architect                            Penetration Tester
Software Engineer                           Software Procurement Analyst
Software Developer                         Project Manager
Application Security Specialist        Security Manager
Software Program Manager            Quality Assurance Tester

IT Director/Manager

=-=-=-=

 

 

There is no claim that individuals in any of those specialties can (or should) take the exam expecting to pass without preparation. The certification is one that covers knowledge that "security professionals responsible for applying best practices to each phase of the SDLC" should have. One reason that we have so much software without decent security built in is that a huge proportion of workers with SDCL responsibility, including oversight jobs like PM and QA, simply do not.

 

Similar to the basic philosophy of the CISSP CBK content, the CSSLP content CBK is based on knowledge that SDLC-involved workers should have, both to do their own jobs and also to understand what others in the SDLC environment should be doing.  This broader knowledge is especially important for management level workers like project managers and software quality assurance workers, to be sure the architects, programmers, and covers are including the correct aspects. 

 

Also, with regard to the expectation that the cram course will cover every question on the exam, I repeat the statement above by William @denbesten:

"f you read through these boards, you will find that there is no single source of material that will prepare you for an (ISC)² exam. The recommendations that you will consistently get are to use many references, to take lots of practice tests and to earn (much of) the required experience prior to sitting for the exam. (ISC)² exams are all about ability to apply your knowledge and experience in real-world situations. Although important, "book knowledge" is not enough to pass (ISC)² exams."

 

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
Newcomer III

Re: Not too happy with CSSLP Exam

I had handos-on software development for all my carrer...and I can tell you that the exam was difficult even for me. It is more difficult than CISSP, I agree.