Official ISC2 Certified Secure Software Lifecycle Professional (CSSLP) CBK Training

The broad spectrum of topics included in the CSSLP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following eight domains:

1. Secure Software Concepts
2. Secure Software Lifecycle Management
3. Secure Software Requirements
4. Secure Software Architecture and Design
5. Secure Software Implementation
6. Secure Software Testing
7. Secure Software Deployment, Operations, Maintenance
8. Secure Software Supply Chain

The CSSLP is ideally suited to professionals working in positions such as, but not limited to:

• Software Architect
• Software Engineer
• Software Developer
• Application Security Specialist
• Software Program Manager
• Quality Assurance Tester
• Penetration Tester
• Software Procurement Analyst
• Project Manager
• Security Manager
• IT Director/Manager

For the Individual –

• Proves subject matter expertise in application security and shows desirable skills to employers
• Expand security knowledge, affirm expertise with current and relevant skills
• Apply vendor-neutral skills to different technologies and methodologies
• Holistic understanding of best practices, policies and procedures throughout the software development life cycle
• Better protect the organization

For the Organization

• Reduce loss of revenue and reputation due to a breach resulting from insecure software
• Improve processesReduce production cost, vulnerabilities and delivery delays
• Increase credibility of the organization and its development team
• Ensure professionals are up-to-date on best practices, policies and procedures
• Comply with government and industry regulations (DoD 8140.01/8570.01 approved)

• Official ISC2 courseware
• Taught by an authorized ISC2 instructor
• Student handbook
• Certificate of attendance (40 CPEs)
• Lunch and refreshments (onsite courses)
• Exam Voucher is NOT included but could be purchased separately.

• Vendor-neutral – CSSLP certification ensures professionals have the advanced technical skills and knowledge necessary for authentication, authorization and auditing using best practices, policies and procedures.
• Rigorous – Proctored exam requires practical knowledge and experience in building security practices – authentication, authorization, and auditing – into each phase of the SDLC, from software design and implementation to testing and deployment.
• Continuing Education – CSSLPs must participate in continuing professional education to stay current on emerging threats, technologies, regulations, standards and practices.

• Length of exam – 3 hours
• Number of questions – 125
• Question format – Multiple choice
• Passing grade – 700 out of 1000 points
• Exam availability – English
• Testing centers:  Pearson VUE is the exclusive global administrator of all ISC2 exams (https://home.pearsonvue.com/isc2)

Prerequisites for certification

• Candidates must have a minimum of 4 years cumulative paid full-time Software Development Lifecycle (SDLC) professional experience in 1 or more of the 8 domains of the CSSLP CBK
• Earning a 4-year college degree or regional equivalent will satisfy 1 year of the required experience. Education credit will only satisfy 1 year of experience
• If you don’t have the required experience to become a CSSLP, you may become an Associate of ISC2 by successfully passing the CSSLP examination. You will then have 5 years to earn the 4 years required experience