In protecting websites, we know there is a very serious need for expertise. What is the best way to communicate that? Certifications are one of the only routes to establishing a benchmark for expertise in this fast paced technology driven industry. Application security experts are in high demand- this is even called out in some of my favorite guidance language:
“individual(s) must have the proper skills and experience to understand the source code and/or web application, know how to evaluate each for vulnerabilities, and understand the findings. Similarly individuals using automated tools must have the skills and knowledge to properly configure the tool and test environment, use the tool, and evaluate the results.”
Prior to now, there was only one route to really demonstrate your expertise, the CSSLP. I am proudly submitting my latest certification for those hard earned CPEs- this cert is very relevant to today’s security landscape- I am now a certified Application Security Specialist!
I would encourage you consider pursuing this designation with the Institute for Certified Application Security Specialists. This type of designation will give your team that edge when engaging the ‘proper skills and experience’ debate with your auditor (or in your next interview!)