SwA in Education, Training & Certification - US-Cert

More documents

Recommendations

Info

� Serves as senior advisor to procurement and contract management in support of system and software acquisition � Coordinates and collaborates across organizational and dept./agency lines; influences others to comply with security policies, standards, and best practices � Integrates policies and procedures across government agencies; participates in the update of the agency‟s knowledge of federal security policies, procedures, and guidelines » Relevant Competency/Skills Sources(as determined by the department/agency): � OPM GS-2200 Job Family Standard Competencies � Clinger-Cohen Core Competencies with an emphasis on Technical, Desktop Technology Tools, and IT Security/Information Assurance competency areas � Essential � (EBK) for IT Security Professionals (e.g., DHS and DOE) � NIST Special Publications (e.g., NIST SP 800-16, Revision 1, 800-37, 800-53, 800-53A) � ODNI Cyber Subdirectory Competencies � OPM‟s Executive Core Qualifications (ECQs) (for SES positions) � DHS SwA Communities and Forum (https://buildsecurityin.us-cert.gov/swa/) » References: see Table 2, Information Security Workforce Development Matrix Project ,above, Page 8, “ Table 8– Credentials, Competencies and Skills by Performance Level Software Development Written & Oral Communication Creative Problem Solving Information Security/Assurance Critical Thinking and Analytical Skills Software Engineering Project/Program Management Leadership & People Management Suggested Credentials in: � Computer science/engineering � Database/information management � Information assurance/security � Software assurance/security � Information systems management OR alternative experience/credentials: � Information systems security certifications (e.g., ISC² CSSLP and CISSP, various SANS certs, EnCase Cybersecurity suite) � Network engineering certifications (e.g., EnCase forensics suite, Cisco Certified Internetwork Expert (CCIE), GIAC Security Essentials Certification GSEC) � Software/systems administration/engineering/development/ Database Management System (DBMS)certifications � Relevant programming languages experience Software Assurance Pocket Guide Series: Life Cycle Support, Volume I – Version 2.2, Mar 16, 2011 Entry Level Intermediate Level Yes Yes Yes No Yes Yes Associate‟s Degree from an accredited program 1 year experience in work directly related to: � Secure network design, � Database design and security, � Secure coding and testing techniques Bachelor‟s Degree from an accredited program 6 years experience Possession and demonstrated application of relevant certifications (as determined by the department/agency) Advanced Level Master‟s Degree from an accredited program plus 5 years‟ experience Bachelor‟s degree Plus 10 years relevant work experience and project management experience Possession and demonstrated application of relevant certifications (as determined by the department/agency), with the addition of PMP Software Assurance in Education, Training & Certification 19
Academic Curricula Samples (https://buildsecurityin.us-cert.gov/swa/wetwgdocs.html) » Carnegie Mellon University CS curriculum at http://www.csd.cs.cmu.edu/education/bscs/index.html#curriculum. » George Washington University CS curriculum at http://www.cs.ucdavis.edu/courses/exp_course_desc/index.html » Massachusetts Institute of Technology EECS Undergraduate Program at http://www.eecs.mit.edu/ug/index.html. » Master's program in Secure Software Systems at James Madison University athttp://www.cs.jmu.edu/sss/. » Stevens Institute of Technology, Software Assurance Program at http://sse.stevens.edu/academics/graduate/software-engineering/program-overview/software-assurance/ » Stanford University CS curriculum at http://cs.stanford.edu/Courses/. » University of California at Davis CS curriculum at http://www.cs.ucdavis.edu/courses/exp_course_desc/index.html. Commercial Training Examples » Aspect Security, Inc., Application Security Education and Training at http://www.aspectsecurity.com/training.htm. » EC-Council, Application and Information Security, and Computer Forensic Investigation Training at http://www.eccouncil.org/. EC-Council University Master of Security Science (MSS) at http://www.eccuni.us/Academics/MasterofSecurityScience.aspx » Foundstone, Inc., Education at http://www.foundstone.com/us/education-overview.asp. » KRvW Associates, LLC., Training Services at http://www.krvw.com/training/training.html. » LogiGear, Inc., Web and Software Application Security Testing at http://www.logigear.com/training/course_catalog/course.asp?courseId=20. » Microsoft Corp., Clinic 2806: Microsoft® Security Guidance Training for Developers (and other courses) at https://www.microsoftelearning.com/eLearning/courseDetail.aspx?courseId=26043. » Netcraft, Inc., Web Application Security Course at http://audited.netcraft.com/web-application-course. » Next Generation Security Software, Ltd., Security Training at http://www.ngssoftware.com/consulting/training/. » SecuRisk Solutions at http://www.securisksolutions.com/index.php/education/training/ » Security Innovation, Inc., Application Security Education at http://www.securityinnovation.com/services/education/index.shtml » The SANS Institute, Inc. at https://www.sans.org/. Software Assurance Pocket Guide Series: Life Cycle Support, Volume I – Version 2.2, Mar 16, 2011 Software Assurance in Education, Training & Certification 20
Page 1 and 2: Software Assurance in Education, Tr
Page 3 and 4: Information contained in this pocke
Page 5 and 6: Overview Current events related to
Page 7 and 8: Key SwA Knowledge Areas and Efforts
Page 9 and 10: Workforce Development and Improveme
Page 11 and 12: Table 3- Strategies for Injecting S
Page 13 and 14: Books Table 5 - A List of SwA focus
Page 15 and 16: Table 6- Domain-specific SwA standa
Page 17 and 18: EC-Council The International Counci
Page 19: » Software Assurance Engineer » P
Page 23 and 24: Software Assurance (SwA) Pocket Gui

SwA in Education, Training & Certification - US-Cert

Create successful ePaper yourself

Delete template?

Save as template?