The Ultimate

Guide to the CSSLP

Lead the way in developing secure software
Achieve more
in your career
You prove every day that you have what
it takes to secure critical assets. But our
profession is always changing, and even
the brightest minds can benefit from
having a guide on the journey to success.
ISC2 is here to help you discover the
right path, create your plan and thrive
throughout your career.

The Ultimate Guide to the CSSLP

covers everything to know about the
secure software practices certification.
Inside, see how CSSLP and ISC2
help distinguish you as a top-level
cybersecurity expert.

Inside…
» Is CSSLP right for me?
» CSSLPs in the community
» CSSLP fast facts
» Benefits of CSSLP certification
» Benefits of ISC2 membership
» Exam overview
» Official training
» Pathway to certification
» CPE opportunities
» Continuing professional development
Is CSSLP right for me?
As organizations continue to pursue digital transformation initiatives, the threat
landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s
where CSSLP from ISC2 comes in — to help fill the gap. Once certified, the opportunities
for certified professionals are near limitless.

The CSSLP is ideal for software development and security professionals responsible for
applying best practices to each phase of the Software Development Lifecycle (SDLC).
It shows your expertise and ability to incorporate security practices - authentication,
authorization and auditing - into each phase of Software Development Lifecycle.

As a first step – become an ISC2 Candidate

Begin your journey by joining ISC2, the world’s leading cybersecurity professional organization.
As a Candidate, you’ll access many of the benefits our certified members enjoy, including 20% off
online training and 30% - 50% off textbooks to help you on your path to CSSLP certification.

Sign up now. Your first year is free — no cost to you.*

*If you choose to renew after the first year, U.S. $50 due annually.

Acquire four years experience

To qualify for the CSSLP, candidates must have a minimum of four years of cumulative paid work
experience in one or more of the eight domains of the current ISC2 CSSLP Exam Outline.

If you don’t yet have the required experience to become a CSSLP, you may become an Associate
of ISC2 after successfully passing the CSSLP exam. The Associate of ISC2 will then have five
years to earn the experience needed for the CSSLP certification.

Discover your path

See “Pathway to certification” for more information.
Jobs that typically use or require
CSSLP certification
• Software Architect • Penetration Tester/Testing
• Software Engineer Manager

• Software Developer • Software Procurement Analyst

• Application Security Specialist/ • Project Manager

Manager/Architect • Security Manager
• Software Program Manager • IT Director/Manager
• Quality Assurance Tester
CSSLPs in the community
“Earning the CSSLP has fostered trust and collaboration in circumstances
where I previously had no relationship or history to build upon. I frequently
leverage the knowledge I gained while preparing for the exam.”
John Kent
Manager IT
FedEx, Plano, TX

“The CSSLP has enhanced my credibility among the stakeholders who rely
on my recommendations for security best practices. ISC2 has also provided
a good platform to connect with like-minded individuals who inspire me to
learn more.”
Prasanna Padmarajulu
AVP Application Security (Cybersecurity Services)
Standard Chartered Bank, Chennai, India

“Since passing the CSSLP exam, I have become one of the lead security
champions in the business, which gives me more responsibility within my
team and allows me input into how the secure development lifecycle works
across our organization.”
Gavin Johnson-Lynn
Principal Offensive Security Specialist
Sage, Newcastle, England

“The CSSLP has brought me numerous job offers from international

companies around the world. Being a member of ISC2 has also been
valuable, providing access to useful benefits and development resources.”
Reimo Reisberg
Lead Developer
Helmes, Tallinn, Estonia

Become an ISC2 Candidate

You’ll access a full range of benefits as you pursue the CSSLP, including 20% off
online training and 30% - 50% off textbooks to help you prepare. Sign up now.
CSSLP Fast facts

Introduced in 2008

DoD-approved

ISC2 certified members

work in more than 170
countries globally

Average CSSLP Salary:

CSSLPs are part of U.S. $119,350
a network of over
600,000 cybersecurity
professionals

ANAB/ANSI
accredited

Shout-outs

Named among the RANKED #1

8 MOST IN-DEMAND among 20 technology
IT SECURITY certifications that are
CERTIFICATIONS. PAYING OFF IN HIGHER
— CIO COMPENSATION.
— Foote Partners, ZDNet.com
Benefits of CSSLP certification

Career opportunities and

advancement
Raise visibility and credibility,
improve job security and create Versatile skills
new opportunities. Build vendor-neutral skills
that can be applied to
different technologies and
methodologies.

Credibility
Demonstrate a solid
foundation to mitigate and
respond to cyberthreats. Leadership
Develop a broad set of technical
and nontechnical skills that job
experience alone doesn’t provide.

Membership in a
strong peer network
Become an ISC2 member,
unlocking exclusive Higher salaries
resources, educational tools
In 2023, Certification Magazine’s
and peer-to-peer networking
annual survey lists an average salary
opportunities.
of $119,350 (in U.S.) and $108,570
(globally).

Expanded knowledge
Reach a deeper, better and Stronger skill set
broader understanding Expand the skills and
of the exam outline. knowledge needed to fulfill
organizational duties.
Benefits of ISC2 membership
Once you earn your CSSLP, you’ll become an ISC2 member and part of a professional
community that never stops learning and growing. You’ll also gain access to a full
suite of benefits and resources for continuing education and development, many
that will help you earn CPE credits to maintain your certification:

• Free online continuing professional

development courses

• Discount on ISC2 Certificates

• Discount pricing for ISC2 events and industry

events including ISC2 Security Congress

• Discounts on select publications including text

books, practice test books and study guides.

• Free access to ISC2 webinars on cybersecurity

topics, tools and trends

• Free access to ISC2 Security Congress webinar

channel, containing breakout sessions from
past conferences

• Invitation to join or start a local ISC2 Chapter

• Volunteer opportunities

• Access to the
Center for Cyber Safety and Education

• Professional recognition through

ISC2 Global Achievement Awards

Sign up now to become an ISC2 Candidate

Your first year is free — no cost to you.* You’ll enjoy most of these benefits as you prepare for
certification — plus 20% off Online Instructor-Led and Online Self-Paced Training for CSSLP.

*If you choose to renew after the first year, U.S. $50 due annually.
Exam overview
The CSSLP exam evaluates expertise across eight security domains. (Think of domains as topics you
need to master based on your professional experience and education.) Passing the exam proves you
have the advanced knowledge and technical skills to effectively design, develop and implement best
security practices within each phase of the software lifecycle.

10% 12%
Secure Software Supply Chain Secure Software Concepts

11% 11%
Secure Software Deployment, Secure Software Lifecycle
Operations, Maintenance Management

14%
Secure Software Testing 13%
Secure Software Requirements

14%
Secure Software
Implementation
15%
Secure Software Architecture and Design

125 Number of items on

the CSSLP exam
View the CSSLP exam outline.

3
Exam availability:
Maximum amount of time English
hrs. for the CSSLP exam
Testing Centers:

700
Pearson VUE
Score you need out of 1,000
to pass the exam
Official Exam Prep
ISC2 offers Official Exam Prep for CSSLP. Save 20% on Official ISC2 Exam Prep when you sign up to
be an ISC2 Candidate.

Everyone has their own style of learning. That’s why we offer three options to help guide you in
CSSLP certification. Experience new learning with recently enhanced Official ISC2 CSSLP Exam
Prep Options. Exam Prep.

1. Online Self-Paced - Register Now

Your self-guided tour toward certification - now featuring adaptive learning for a streamlined
experience customized to each individual. Leveraging the power of AI, the training guides
learners through a self-paced learning experience adaptive to their individual needs.

• Flexibility to study on your own time and at your own pace

• Personalized learning that adapts to your needs
• Interactive, engaging courseware
• Analytics dashboard to track learning progress
• Education Guarantee
2. Online Boot Camp – Register now
Progress through the course domain by domain with the most current content that aligns to the
CSSLP exam outline to be easy-to-follow in live virtual learning sessions from an ISC2 Authorized
Instructor.
• 180-day access to the most up-to-date course content — straight from the source
• Virtual live instruction and access to recordings if you miss a session
• Official ISC2 Student Training Guide (electronic format)
• Interactive content
• Online interactive flash cards
• 24x7x365 chat technical support
• Education Guarantee
• And more!

3. Classroom – Learn more

Your guided small group tour (10 or more students) toward certification
• Learn in-person at your office or a private venue near you
• Interact with an ISC2 Authorized Instructor and students
• Coordinate training around your schedule

CSSLP Self-Study Resources

We offer a variety of Self-Study Resources to supplement your
coursework and reinforce key concepts. Choose from options for
every schedule and learning style.
Pathway to certification
1 Become an ISC2 Candidate
Begin your journey by joining ISC2, the world’s leading cybersecurity professional organization.
As a candidate, you’ll access many of the benefits our certified members enjoy, including 20%
off training and 30% - 50% off textbooks to help you on your path to CSSLP.
Sign up now.

2 Obtain the required experience

To qualify for the CSSLP, candidates must have a minimum of four years of
cumulative paid work experience in one or more of the eight domains of the current
ISC2 CSSLP Exam Outline.

• Domain 1: Secure Software Concepts

• Domain 2: Secure Software Lifecycle Management
• Domain 3: Secure Software Requirements
• Domain 4: Secure Software Architecure and Design
• Domain 5: Secure Software Implementation
• Domain 6: Secure Software Testing
• Domain 7: Secure Software Deployment, Operations, Maintenance
• Domain 8: Secure Software Supply Chain

If you don’t yet have the required experience, you may become an Associate of ISC2
after successfully passing the CSSLP exam. The Associate of ISC2 will then have five
years to earn the experience needed for the CSSLP certification.
Pathway to certification
3 Study for the exam
Many self-study resources are available from ISC2 to help you prepare with confidence.
Some CSSLP candidates pass the exam with self-study, and many choose to attend an
Official ISC2 Training to review and refresh their knowledge before sitting for the exam.

4
Pass the exam
You have a maximum of three hours to complete the 125-item CSSLP exam. Ready
for the exam? Register now and get it on the calendar.

5
Get endorsed
After you pass the exam, you have nine months from the date of the exam to complete
the ISC2 endorsement process.

6
Earn CPE credits
Once you are certified, you become a member of ISC2 and recertify every three years.
Recertification is accomplished by earning continuing professional education (CPE) credits
and paying an annual maintenance fee (AMF) to support ongoing development.

90 CPE credits
over 3 years

U.S. $135 AMF

Members with multiple ISC2
certifications only pay a single AMF.
CPE opportunities
The CPE credit requirement helps you maintain your competencies following initial
certification. By developing and enhancing skills through CPE activities, you make an
important investment in yourself while increasing value to customers and employers.

Join webinars
• Think Tanks
• Security Briefings
• Knowledge Vault
• Security Congress

Read and write

• Read a book directly related to CSSLP and submit a 150-word review
• Author an information security article published in a journal or magazine
• Review an educational white paper related to the CSSLP

Attend trainings and events

• ISC2 Chapter meetings
• Prepare or attend an educational presentation related to the CSSLP CBK domains
• ISC2 Skill-Builders – grow your knowledge with short-format learning on demand
• ISC2 Certificates – Grow your skills with quick learning averaging just 3.5 hours per
certificate that focuses on high demand subject matter
• Discount pricing for ICS2 events and industry events, including ISC2 Security Congress

Volunteer
• Become a Safe and Secure Online Ambassador and spread your knowledge about
cyber safety in your community
• Volunteer to help develop ISC2 certification exams
Continuing
professional development
ISC2 Certificates allow you to advance your skills in areas employers are seeking and provide
pathways toward gaining the competencies you need for the journey to ISC2 certification.

ISC2 Certificates turn a laser focus on the subject matter. And with courseware
created on the hottest topics by cybersecurity’s most respected certifying body, you’re assured
the most current and relevant content. Current ISC2 Certificates include:

• Cloud Security
• Risk Management
• CISO Leadership
• Healthcare Security
• Security Administration and Operations
• Security Engineering

Stay in front of the hottest topics and trends impacting your current role and your cybersecurity
career with ISC2 Software Security Skill-Builders, created by industry experts and available now
on demand. Learn how to apply best practices throughout the software development lifecycle,
from design and implementation to testing and deployment.
Get in touch with us
For more information about CSSLP certification and training, contact an Education
Consultant in your region:

Americas — Phone: +1.866.331.4722 ext. 2, Email: training@isc2.org

Europe, Middle East and Africa — Phone: +44 203 960 7800, Email: info-emea@isc2.org
Asia-Pacific — Phone: +852.5803.5662, Email: isc2asia@isc2.org

About ISC2
ISC2 is an international nonprofit membership association focused
on inspiring a safe and secure cyber world. Best known for the
acclaimed Certified Information Systems Security Professional
(CISSP®) certification, ISC2 offers a portfolio of credentials that are
part of a holistic, pragmatic approach to security. Our association of
candidates, associates and members, more than 600,000 strong, is
made up of certified cyber, information, software and infrastructure
security professionals who are making a difference and helping to
advance the industry. Our vision is supported by our commitment
to educate and reach the general public through our charitable
foundation – The Center for Cyber Safety and Education™.
For more information on ISC2, visit isc2.org, follow us on X or
connect with us on Facebook, LinkedIn and Youtube.

© 2024 ISC2, Inc. All rights reserved. 02/2024