CSSLP Experience Requirements
A candidate is required to have a minimum of four years of cumulative paid Software Development Lifecycle (SDLC) professional work experience in one or more of the eight domains of the (ISC)² CSSLP CBK, or three years of cumulative paid SDLC professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology (IT) or related fields.
If you don’t have the required experience to become a CSSLP, you may become an Associate of (ISC)² by successfully passing the CSSLP examination. You will then have five years to earn the four years required experience.
Part-time work and internships may also count towards your experience.
Valid experience includes information systems security-related work performed in the Software Development Lifecycle (SDLC), or work that requires application security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the eight domains of the (ISC)² CSSLP CBK:
- Domain 1.Secure Software Concepts
- Domain 2. Secure Software Requirements
- Domain 3. Secure Software Architecture and Design
- Domain 4. Secure Software Implementation
- Domain 5. Secure Software Testing
- Domain 6. Secure Software Lifecycle Management
- Domain 7. Secure Software Deployment, Operations, Maintenance
- Domain 8. Secure Software Supply Chain
Please Note: Effective September 15, 2023, the CSSLP exam will be based on a new exam outline. Please refer to the CSSLP Exam Outline and FAQs for details.
Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience.
Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
- 1040 hours of part-time = 6 months of full time experience
- 2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.
Not Enough Experience?
Start on a pathway to certification with the Associate of (ISC)²! You can take a certification exam without the work experience. If you pass, you simply work to get the experience needed for certification.