Certified Secure Software Lifecycle Professional exam passed

So, it is over … I finally managed to be able to take the exam and I passed it.

Let’s see how I did it:


Study materials

Official (Isc)2 Guide to the Csslp (Isc2 Press) von Mano Paul

(about 500 useful pages)

The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle Professional von Ronald L. Krutz und Alexander J. Fry von John

(about 600 useful pages)


I bought both of them only because the second has tests. But I was disappointed because the same tests are in the book in printed form. Of course, with answers. And of a questionable quality. But, nevertheless, better than nothing.


Which one is better ?

I don’t know… none of them would make a difference in passing the exam if you don’t have what it takes: min. 4 years experience in software development.

The two books mentioned covered the chapters in two different ways:

– the first one is more like a story about the topics required by the exam

– the second one is very technical and descriptive. It is like a conclusion of the first one.

Study time

With interruptions, I started in December 2011 and I studied about 3-4 times per week (incl. weekend) in the evening and in weekends.

So, this makes about 3,5 months study time.



The exam

Probably the toughest exam I’ve had so far…

It doesn’t have much to do with the theory I read. It has to do with experience and it is good so.

ISC requires to have min. 4 years of experience in order to be allowed to take the exam.

You need experience in

– Software development

– Managing software development

– Security – here the ComptTIA Security+ certification helped a lot

– Testing

– Planning software development – here the ComptTIA Project+ certification helped a lot

– Designing software

– Software architectures

– Auditing


Without having previous experience in these areas, you have no chance… because the books only just touch the subjects.


What is required by the certification

The Candidate Information Bulletin specifies quite clearly what is expected.



Next steps

I need an endorsement from an ISC professional which guarantees for me certain aspects.

Everything is well documented, I don’t expect any problems here.



© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: