CISSP Study Plan – Day 6 of 55 | SDLC & Scrum Development Methodology Explained
- Luke Ahmed
- Sep 8, 2025
- 3 min read
Updated: Sep 18, 2025
"SDLC was my weakest domain so I had to hit it harder than the rest ! And you know what? The exam knew, and pummeled me with SDLC questions."
- Luke Ahmed
Today is Day 6 of Yihenew’s CISSP study plan, continuing with Systems Development Security, but now shifting the focus toward the Scrum development methodology within the SDLC.
Key Areas Covered:
Scrum Framework — iterative development approach using short sprints (1–4 weeks) to deliver working software quickly
Roles — Product Owner (defines vision and backlog), Scrum Master (facilitates the process), Development Team (builds and tests increments)
Artifacts — Product Backlog, Sprint Backlog, and Increment, all designed to ensure transparency and traceability
Ceremonies — Sprint Planning, Daily Stand-ups, Sprint Review, and Retrospective, ensuring continuous communication and feedback
Security in Scrum — weaving security tasks into backlog items and reviews so vulnerabilities are addressed during development, not after
In this CISSP study plan session, Yihenew highlighted that Scrum isn’t just about speed—it’s about adaptability and accountability. Security professionals must understand how Agile and Scrum change the way risks, controls, and secure coding practices are implemented.
If you’re building your own CISSP preparation plan, these SDLC concepts are critical for mastering the Software Development Security domain and tie directly into Security and Risk Management through governance, oversight, and secure process integration.
Quick CISSP Practice Question
In the Scrum methodology, who is primarily responsible for ensuring that security requirements are added into the product backlog?
A. Development Team
B. Scrum Master
C. Product Owner
D. Security Architect
✅ Correct Answer: C. Product Owner
Explanation:The Product Owner owns the backlog and decides what work gets prioritized, including security tasks. The Development Team implements backlog items, the Scrum Master facilitates the process, and a Security Architect may advise — but only the Product Owner can formally add and prioritize items in the backlog.
👉 Can you take the Yani Challenge?
55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:
Course
Luke's CISSP Course (2 months access, $89.98)
One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)
Books, Notes, and Practice Questions
All-In-One Study Guide by Shon Harris (Around $45)
Sybex 10th Edition (Around $52.55)
Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.
📚 Study Plan (55 Days of Dedication):
- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).
- Weekends: 5–6 hours of deep study sessions.
Pass CISSP in first attempt within 100 questions.
Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.
If Yihenew could do it, so can you.
All the best Future CISSP. You can feel free to contact me anytime as well.
Thank you.
Luke Ahmed
All of Yani's 55 Study Days
