PhotoGranary -

Security-by-design push prompts new ISC2 accreditations

Security-by-design has become a hot-button regulatory issue. ISC2 has decided now is the time to upskill cyber pros around these vital software and hardware development principles

With security-by-design principles becoming more widely adopted and enforced around the world, professional security training and accreditation body ISC2 is set to launch a new software security certification to upskill professionals in this increasingly important area of security practice.

Security-by-design is defined as an approach to software and hardware development that aims to make such systems as secure as possible by a number of means, including continuous testing, authentication standards, and coding best practice. The principles of security-by-design ultimately address a distressingly common problem of security being something of an afterthought in product development.

In the UK, the Product Security and Telecommunications Infrastructure (PSTI) Act, which comes into force this spring, introduces a regulatory regime that enforces security-by-design for connected products, while both the UK and US cyber agencies, the National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Security Agency (CISA) recently published landmark guidelines on ensuring artificial intelligence (AI) systems have security ‘baked in’ at the development stage.

ISC2’s recent Cybersecurity Workforce Study found that 26% of respondents felt their was a skills gap in their organisations when it came to application security, and 23% expected application security skills to be increasingly in-demand for cyber pros looking to advance their careers.

Responding to these trends, ISC2s Certified Secure Software Lifecycle Professional (CSSLP) Self-Paced training course has been designed to guide participants towards advanced skills in authentication, authorisation and auditing throughout the software development lifecycle (SDLC).

“This is an opportunity for ISC2 members – and other professionals – to increase their skills and demonstrate their expertise in secure technology development and lifecycle management,” said ISC2 CEO Clar Rosso.

“As the market, including regulators, increasingly demand that technology be secure-by-design and concerns about the safety of the AI ecosystem increase, the CSSLP supports security pros and developers in building in-demand skills. Plus, our adaptative training format focuses professionals’ time in the areas where they need it most.”

AI-powered learning

Fully embracing the power of emerging technology, the CSSLP Self-Paced training course incorporates AI features that are designed to deliver adaptive, personalised and non-linear learning to meet the needs of each individual learner.

According to ISC2, each learner has a “unique journey” through content, based on factors such as their pre-existing knowledge of the subject matter, their interest in it, their learning speed and their general confidence levels and this will be continuously assessed throughout the process.

ISC2 said learners undertaking the CSSLP course will be able to rely on technology to lead their journey towards security-by-design, or if they wished to control and select what topic areas or domains to focus on and when, as they wish.

More information on the new CSSLP courses can be found here.

Read more about tech skills

Read more on Application security and coding requirements

Data Center
Data Management