What it takes to be a CSSLP
Recently, someone asked me how to get certified, which books to study, etc. I got certified last year but didn't write a post about it, so it's a great opportunity to share some thoughts.
I studied for 6 hours a day for 30 days without breaks, using solely the official CSSLP book from Mano Paul. That, combined with an application development background, was enough for me to pass the exam with an approximate score of 90%+ correct answers, based on my simulations on studISCope, which is also a website from Mano.
However, unlike other certifications in the information security field, CSSLP is one that requires a development background. If you don't have this background and just want to add one more certification to your resumé, please stop.
Security is the top layer of what you do. How can you protect something if you don't know how it works? Don't skip steps. Learn development first and then move on to information security. Not the other way around. Without a development background, you will be incomplete. You won't be able to communicate effectively with developers, let alone persuade them to implement security controls. Basically, it will be a failure.
So, before diving into the book, create at least a web application using an MVC framework. The more challenging the development, the better. MVC stands for Model View Controller, and it's a design pattern. Learn about those as well.
Today, it's easy and getting easier to build your first application. You can try Ruby on Rails (Ruby), Laravel (PHP), Phoenix (Elixir), or any other framework you prefer. Just do it.