Image Alt
  /  ISC2 Courses   /  CSSLP   /  Certified Secure Software Lifecycle Professional CSSLP – FAQ

Certified Secure Software Lifecycle Professional CSSLP – FAQ

ISC2 CSSLP logo horizontalISC2 Official Training Partner logo

Many cybersecurity professionals have questions about the Certified Secure Software Lifecycle Professional CSSLP certification – what is it, why should I consider it, what is involved and lots more. If you are thinking about becoming CSSLP certified and are interested in learning more about the process and requirements, the Certified Secure Software Lifecycle Professional CSSLP – FAQ may give you some answers. If you do not find what you are looking for, please contact us and we would be delighted to answer your questions.

On September 15, 2023, the CSSLP credential exam was updated to ensure that those who hold the CSSLP, such as software development and security professionals, are applying best practices during each phase of the Software Development Life Cycle (SDLC). Read more about the CSSLP Domain Refresh FAQ here >>

What is the Certified Secure Software Lifecycle  Professional CSSLP certification?
The Certified Secure Software Lifecycle Professional (CSSLP®) certification validates that software professionals have the necessary expertise to incorporate security practices into each phase of the software development lifecycle – from software design and implementation to testing and deployment.

The CSSLP certification shows software professionals can:

  • Develop an application security program in an organisation
  • Reduce rework costs and delays by addressing source code vulnerabilities earlier in the development cycle
  • Enhance the credibility of an organisation and team
  • Reduce losses due to insecure software breaches


Why is the CSSLP certification important?
As application vulnerabilities top the list of cybersecurity concerns, the most common application flaws are most frequently, rediscovered threats. This high volume of known application vulnerabilities suggests that many development teams do not have the security skills needed to identify and address all potential security flaws.

Without the necessary advanced technical skills and knowledge, business and governmental entities are exposed to attack and risk serious consequences including, data breaches, disruption to operations, lost business, reputational damage, and regulatory fines. Software professionals must remain current on the latest advances in software development and the new security threats they create.


Why should software professionals consider the CSSLP certification ?
If an application is designed, developed or operated in an unsecure manner is prone to vulnerabilities, misconfigurations and design issues that could be exploited by a malicious hacker. Organisations and individuals need to ensure they have the right skillsets to design, build and operate applications in a secure manner. The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the knowledge to build security into each phase of the software development lifecycle. It details the essential  security measures that should take place, beginning with the requirement phase, through software specification and design, software testing and ultimately disposal.


Who is the CSSLP certification relevant to?
The certification is ideally suited to any professional who is involved in the designing, building, testing, and operating an application and needs to ensure that security is a core component of the process.

  • Developers that want to learn the best practices and techniques available on how to design, develop and test an application.
  • Security managers who want to become more familiar with application security.
  • Application development managers that also want to learn how to manage those teams or those developers and make sure that those applications are developed securely.

The CSSLP is most relevant to those working in roles such as:

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager


What can attendees expect to cover in the CSSLP training seminar?
Participants on the course, will get the knowledge and the right tools to:

  • build security from the very beginning of the application development lifecycle,
  • understand the security requirements that need to be put in place as part of the design phase,
  • apply development frameworks and methods to build that security into the application,
  • learn how to build security into the code,
  • test the application from a hacker mindset and make sure that the application does not contain any high or critical security vulnerabilities in the code, and
  • learn how to operate the application in a secure manner.

The broad spectrum of topics included in the CSSLP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security.

  • Domain 1: Secure Software Concepts
  • Domain 2: Secure Software Lifecycle Management
  • Domain 3: Secure Software Requirements
  • Domain 4: Secure Software Architecture and Design
  • Domain 5: Secure Software Implementation
  • Domain 6: Secure Software Testing
  • Domain 7: Secure Software Deployment, Operations, Maintenance
  • Domain 8: Secure Software Supply Chain


Why should organisations consider CSSLP training for their teams?
Learning together as a group allows the content and discussion to focus on the specific circumstances of the organisation for even more relevant and effective learning. Attendees not only learn best practices but also how they should be applied most effectively and can – in confidence – discuss how they can address the unique challenges they face as a team. Learning as a team provides an opportunity to collaborate and learn using real-world scenarios.


What training formats are available?
Classroom-based SeminarsOfficial ISC2 CCSLP training seminars are scheduled throughout the year and promoted on the Cycubix website and social media channels. By subscribing to Cycubix Insights, subscribers not only are the first to know of these dates, they are also offered a discount on registrations.

Private Group Training – For organisations with a larger group or team that require training, Private Group Training is more cost effective and more convenient option. The content can be tailored to specific requirements and the courses can take place online, at the client’s location or at a local venue . Learning together as a group allows for the discussion to focus on the specific circumstances of the organisation, for even more relevant and effective learning.

Live Online TrainingThis is a convenient and effective platform for teams distributed across multiple locations, allowing them to collaborate and use real-world scenarios to develop essential cybersecurity skills – as a team. Participants benefit from real-time tuition and live instructor and peer to peer interaction, using the content and structure applied in a classroom setting, delivered online.


Who is the instructor for the CSSLP course?
Fabio Cerullo is an official certified instructor for ISC2, the global leader in cybersecurity education and certification. Fabio has over 15 years of experience in the information security field gained across a diverse range of industries from financial and government institutions, to software houses and start-ups. Fabio has delivered training to thousands of IT and security professionals worldwide in cyber, cloud, and application security. By leveraging his extensive knowledge and experience, he presents the subject matter in a simple and interesting way, and promotes enriching interaction among attendees, which has granted him great feedback and recognition in the industry.

Read more about Fabio here >>


What is included in cost the training?

  • Expert, in-person instruction from an ISC2-Authorised Instructor
  • Up-to-date, official ISC2 courseware
  • Student handbook
  • Certificate of attendance (40 CPEs)
  • Lunch and refreshments (for public and private on-site trainings)
  • Exam Voucher is NOT included but can be purchased directly from the ISC2 website:

How is the CSSLP Examination structured?

  • Length of exam – 3 hours
  • Number of questions – 125
  • Question format – Multiple choice
  • Passing grade – 700 out of 1000 points
  • Exam availability – English
  • Testing center – Pearson VUE Testing Center

Can I apply to the exam right after the course?
These courses provide the most thorough review of the Common Body of Knowledge (CBK), industry concepts and best practices and attract delegates from different backgrounds. Since ISC2 exams are experience-based, attendees usually take the exam from a couple of weeks to a couple of months after the course, depending on their personal study and their experience in the domains covered in the CBK. Best preparation is based on a combination of training course, individual study and experience. Cycubix cannot guarantee you will pass the exam by attending the course alone.


Once I pass the test am I automatically CCSLP Certified?
When you receive notification informing you that you have successfully passed the exam, you can start the Online Endorsement Application. Candidates must have a minimum of 4 years cumulative paid full-time Software Development Lifecycle (SDLC) professional experience in 1 or more of the 8 domains of the CSSLP CBK. Earning a 4-year college degree or regional equivalent will satisfy 1 year of the required experience. Education credit will only satisfy 1 year of experience. If you don’t have the required experience to become a CSSLP, you may become an Associate of ISC2 by successfully passing the CSSLP examination. You will then have 5 years to earn the 4 years required experience.


Why train with Cycubix?
ISC2 certifications are recognised as the gold standard in the industry and confirm comprehensive and professional knowledge critical to developing and protecting systems and data in business and working environments. As an ISC2 Official Training Provider (OTP), Cycubix recognises the role of training in the development and management of a comprehensive information security strategy. All courses are available as regularly schedule of classroom-based seminars, private group training for organisations with a larger group or team that require training or as live online training seminars.

  •  ISC2 Official Training Provider – Benefit from our highly engaging training seminars based on the most up-to-date official content, delivered by an Authorised ISC2 Instructor with a deep understanding of the subject matter and the ability to explain it effectively
  • Best-in-class learning opportunity – An invaluable opportunity to collaborate and learn with peers and an instructor with extensive hands-on experience using real-world scenarios and interactive learning techniques – either in a classroom environment, as part of a private group training or live online
  • Continuous professional development – Take control of the ever-changing requirements of cybersecurity management with practical skills that are not only essential to becoming certified, but also for your career progression

Cycubix is an ISC2 Official Training Partner and offers CISSPCCSPCSSLPSSCP  and Certified in Cybersecurity trainings.

In addition, we offer custom cybersecurity trainingsecurity awareness trainingcorporate cybersecurity trainingcybersecurity consultancy to ensure we adapt to your company’s specific needs. Discover all our cyber security trainings and online cyber security trainings available at Cycubix.