Secure System Development
Secure System Development
Secure System Development is the development and updating of a system or product, in conformance with agreed security requirements and standards, throughout its lifecycle.
​
You perform technical work to deliver software or hardware, including detailed technical design, coding or hardware prototyping, debugging and documentation. You follow technical specifications which lay out the requirements, including the security requirements set by the security architecture or design team. In a smaller organisation, you may also carry out some or all of the secure design work, setting this within the overall structure specified by the security architect. You probably design and carry out tests, although the substantive part of security testing will be carried out by a security testing practitioner or team.
​
If off-the-shelf components are integrated into the system (as they usually are), you need to develop a deep understanding of their potential vulnerabilities so as to mitigate these in your own code.
​
If you develop secure hardware, especially for Industrial
On the program learners will receive knowledge and skills relating to the following areas:
-
Secure Development
-
Technical Security Architecture
-
Legal and Regulatory Environment
-
Governance
-
Common Standards and Frameworks
-
NIST Cyber Security Framework
-
ISO/IEC 27001
-
Risk Management
-
Secure Software Lifecycle
-
Software Security
-
Hardware Security
-
Cryptography
-
Web and Mobile Security
-
Network Security
-
Data Protection Act 2018
-
Privacy and Electronic Communications Regulations (PECR)
-
'Agile' Techniques
Control Systems, you take into account physical threats as well as possible software-driven breaches. Even if you work purely on software, if that software will be part of a cyber-physical system, you think of the impact of potential physical access to remote parts of the system.
​
Your working day is generally quite structured: development plans direct your work, as well as the formal specifications and standards that you follow in carrying out the work. However, if there is a cyber security incident you're liable to be called in at short notice to help diagnose a newly exposed vulnerability or to propose changes to close it.
​
Depending on the size and type of your organisation, you may either be part of a formally structured team, co-ordinating with other specialist teams, or working in a smaller, less formal structure where you take on whatever tasks need doing. You probably use an agile development methodology, requiring fast but controlled cycles of development, testing and implementation.
​
You're probably required to follow a secure development methodology and standards, such as Secure by Design. You keep your skills in methodologies and standards updated as much as your coding skills, so there's continuous pressure to learn and to stay on top of changes in secure development principles, programming languages or hardware components, and development methods.
​
There are many more jobs in secure software development than in hardware-specific or hybrid roles, so you're much more likely to be working in a software role.
Entry Level Program
Learners will receive...
-
Coming soon...
Practitioner Level Program
Learners will receive...
-
Coming soon...