Methodology Selection and Justification
Covers the process of choosing, adapting, and defending an appropriate methodology for a specific engagement or study. Candidates should demonstrate how to evaluate available approaches against objectives, constraints, and context including organizational priorities, technology environment, regulatory and compliance requirements, timeline, budget, and stakeholder needs. Includes recognizing different engagement and research types such as external testing, internal testing, cloud assessments, application programming interface assessments, red team exercises, user interviews, surveys, qualitative studies, and quantitative studies, and explaining how methodology differs for each. Requires articulating trade offs between methods, how to combine or customize standard frameworks and industry methodologies with pragmatic optimizations, how to document the rationale and acceptance criteria, how to measure success and risks, and how to communicate justification to technical and non technical stakeholders.
