CSSLP Experience Requirements
Candidates must have a minimum of four years cumulative, full-time experience in one or more of the eight domains of the current CSSLP Exam Outline. Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience. Part-time work and internships may also count towards the experience requirement.
If you don’t have the required experience to become a CSSLP, you may become an Associate of ISC2 by successfully passing the CSSLP examination. You will then have five years to earn the four years required experience.
Part-time work and internships may also count towards your experience.
Work Experience
Valid experience includes information systems security-related work performed in the Software Development Lifecycle (SDLC), or work that requires application security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the eight domains of the ISC2 CSSLP Exam Outline:
- Domain 1: Secure Software Concepts
- Domain 2: Secure Software Lifecycle Management
- Domain 3: Secure Software Requirements
- Domain 4: Secure Software Architecture and Design
- Domain 5: Secure Software Implementation
- Domain 6: Secure Software Testing
- Domain 7: Secure Software Deployment, Operations, Maintenance
- Domain 8: Secure Software Supply Chain
Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience.
Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
- 1040 hours of part-time = 6 months of full time experience
- 2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.