The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment. The CSSLP shows you can:

• Develop an application security program in your organisation
• Reduce production costs, source code vulnerabilities and delivery delays
• Enhance the credibility of your organization and your team
• Reduce losses due to insecure software breaches

The broad spectrum of topics included in the CSSLP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following eight domains:

1. Secure Software Concepts
2. Secure Software Lifecycle Management
3. Secure Software Requirements
4. Secure Software Architecture and Design
5. Secure Software Implementation
6. Secure Software Testing
7. Secure Software Deployment, Operations, Maintenance
8. Secure Software Supply Chain

The CSSLP is ideally suited to professionals working in positions such as, but not limited to:

• Software Architect
• Software Engineer
• Software Developer
• Application Security Specialist
• Software Program Manager
• Quality Assurance Tester
• Penetration Tester
• Software Procurement Analyst
• Project Manager
• Security Manager
• IT Director/Manager

For the Individual – 

• Proves subject matter expertise in application security and shows desirable skills to employers
• Expand security knowledge, affirm expertise with current and relevant skills
• Apply vendor-neutral skills to different technologies and methodologies
• Holistic understanding of best practices, policies and procedures throughout the software development life cycle
• Better protect the organization

For the Organization

• Reduce loss of revenue and reputation due to a breach resulting from insecure software
• Improve processesReduce production cost, vulnerabilities and delivery delays
• Increase credibility of the organization and its development team
• Ensure professionals are up-to-date on best practices, policies and procedures
• Comply with government and industry regulations (DoD 8140.01/8570.01 approved)

• Official ISC2 courseware
• Taught by an authorized ISC2 instructor
• Student handbook
• Certificate of attendance (40 CPEs)
• Lunch and refreshments (onsite courses)
• Exam Voucher is NOT included but could be purchased separately.

Fabio Cerullo is an official certified instructor for ISC2, the global leader in cybersecurity education and certification. Fabio has over 15 years of experience in the information security field gained across a diverse range of industries from financial and government institutions to software houses and start-ups.
Internationally recognised Fabio has delivered training to thousands of IT and security professionals worldwide in cyber, cloud, and application security.

“Very good course. I enjoyed it and it has definitely motivated me even more.” – ISC2 Official Certified Secure Software Lifecycle Professional (CSSLP) Training Attendee – July 2018

• Ranked #1 on the Certification Salary Survey 75 list with an annual salary of $165,890 (in U.S.), $116,100 (globally) in 2021 – Certification Magazine
• Salary Survey Extra: Deep Focus on (ISC)2 CSSLP article – Certification Magazine
• Named one of the 8 most in-demand IT security certifications – CIO

• Vendor-neutral – CSSLP certification ensures professionals have the advanced technical skills and knowledge necessary for authentication, authorization and auditing using best practices, policies and procedures.
• Rigorous – Proctored exam requires practical knowledge and experience in building security practices – authentication, authorization, and auditing – into each phase of the SDLC, from software design and implementation to testing and deployment.
• Continuing Education – CSSLPs must participate in continuing professional education to stay current on emerging threats, technologies, regulations, standards and practices.

• Length of exam – 3 hours
• Number of questions – 125
• Question format – Multiple choice
• Passing grade – 700 out of 1000 points
• Exam availability – English
• Testing centers:  Pearson VUE is the exclusive global administrator of all ISC2 exams (https://home.pearsonvue.com/isc2)

Prerequisites for certification

• Candidates must have a minimum of 4 years cumulative paid full-time Software Development Lifecycle (SDLC) professional experience in 1 or more of the 8 domains of the CSSLP CBK
• Earning a 4-year college degree or regional equivalent will satisfy 1 year of the required experience. Education credit will only satisfy 1 year of experience
• If you don’t have the required experience to become a CSSLP, you may become an Associate of ISC2 by successfully passing the CSSLP examination. You will then have 5 years to earn the 4 years required experience

Cycubix offers other courses designed to instruct participants on best practice in secure coding using specific programming languages or on incorporating security practices into each phase of the software development lifecycle (SDLC).

• The Web Application Security Essentials course provides the knowledge and resources required to those responsible for implementing, managing, or protecting web applications.
• The Web Application Secure Coding in Java and Web Application Secure Coding in .Net courses are designed to instruct participants on best practice in secure coding using specific programming languages.
• The Threat Modeling course provides attendees with the knowledge required to identify, quantify, and address the security risks associated with an application – at the design stage of the SDLC.
• Developed by ISC2, the global leader in information security certifications, the Certified Information Systems Security Professional (CISSP) is designed to recognize information security leaders who understand cybersecurity strategy, as well as hands-on implementation. It demonstrates technical knowledge and experience to design, develop and manage the overall security posture of an organization.