CSSLP Snapshot

CSSLP certification recognizes the key qualifications of those involved in building secure software. It is the only certification that addresses the need for software and security professionals who possess the knowledge and experience to implement security best practices throughout the software development lifecycle (SDLC). 

CSSLPs understand the importance of secure software and their role in protecting organizations and intellectual property from evolving threats. With an increasing number of attacks exploiting vulnearabilities in software, the demand for professionals with application security expertise is on the rise. CSSLPs have proven their ability to incorporate security - authentication, authorization, encryption, auditing, and more - into each phase of the SDLC and their commitment to staying current with the latest advances in software security.

CSSLP Snapshot Personal Profile

icon checkmark What's Required?

Candidates must have a minimum of 4 years cumulative paid full-time Software Development Lifecycle (SDLC) professional experience in 1 or more of the 8 domains of the CSSLP CBK. Earning a 4-year college degree or regional equivalent will waive 1 year of the required experience. Only a 1 year experience exemption is granted for education.

 icon person What Job Title Do You Have?

CSSLPs hold a range of titles including software architect, software developer, application security specialist, security manager, IT director, and vice president of IT audit. The certification is relevant to any software and security professional involved in the software development process, from software design and implementation to testing and deployment.

icon calendar What's a Typical Day Like for a CSSLP?

Because CSSLPs represent such a wide cross-section of software and security professionals, the day can vary from person to person. CSSLPs often spend part of their day researching industry events to understand the emerging risks and cyber security landscape, as well as the trending threats, technologies, and exploits and how they may impact applications and associated development processes - from requirements, architecture, and design, to coding, testing, and deployment. Security activities can range from performing security architecture walk-throughs to doing vulnerability assessments, penetration testing, and source code review. CSSLPs with more management responsibilities often provide training for development teams on software security best practices.

icon house What's Your Job Setting Like?

CSSLPs often work in team environments as either leaders or highly valued contributors. CSSLPs who work for software providers may be required to travel to customer locations, and those with more IT security-related titles may be found in areas of the organization such as the network operations center.

icon tools What Skill Sets are Most Important to Your Job?

In addition to possessing the skills to develop software that performs as expected, CSSLPs must have a deep understanding of the security landscape, application vulnerabilities, and evolving ways in which software can be exploited. They also need to know what tools and methodologies are required to effectively address these threats. Curious and creative by nature, CSSLPs are driven to understand how things work so they can help build innovative and secure software. But they must also know how to break things and make them not work. Their knowledge of how hackers can take advantage of code is critical, enabling them to identify vulnerabilities and build more secure software from the start - before any security breaches can occur.

icon computer If a Security Breach were to Take Place, What is Your Role in Handling Remediation and/or Prevention? 

CSSLPs provide critical insight to the security teams in the event of a breach. Their expertise is called upon to quickly diagnose what software assets might be involved and where they are located. More than anyone else, CSSLPs understand the threat vectors and how software can be accessed and potentially used by hackers. Their expertise is vital in helping the response teams swiftly respond and manage the remediation efforts.

certs chart top

 orange line

White Paper

The Need for
Improved Software Quality

Download Now  

orange line  


CSSLP Named #1 Tech Cert that is Paying Off by Foote Partners

csslp named #1 tech certFoote Partners found that IT professionals with certs continue to see a competitive edge in compensation. Out of the top 20 certs that Foote predicts will increase in value the first half of 2014, CSSLP is #1.

Read the article orange arrow small