cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ign1s
Newcomer I

CSSLP Questionaire

Hello, I am interested in becoming a CSSLP. I have almost two years of paid, working experience as a software developer. Since i lack the required experience, i guess i need to become an ISC2 associate first by taking the CSSLP exam. I need some clarification.
 
  • Considering successfull pass of the exam and remaining working years completion, how is the transition from ISC2 to CSSLP achieved? Do i need to retake any exam?
  • How is the domain of the working experience defined? Do i need to be explicitly assigned a security-wise role in my team to qualify for the exam?
  • In case of failure, what is the cost of trying again?
  • How many CPE do i need to recertify? Do external(not ISC2 community oriented) activities count towards credits? (e.g open source contributions). Please provide some specific examples on CPE earning.

 

Thanks in advance. Happy to be here 🙂

3 Replies
emb021
Advocate I

Let me try to answer some of your answers.

 

* As I understand, you just need to submit an application to become fully certified.  There is no re-test.  This is the whole purpose of the Associate status.  You have 9 months after taking the exam to apply for the certification.  The Associate status "maintains" this pass until you can get the experience to apply.
* Look at the domains.  You need to do work in 2(?) of them.

* You have to pay for the exam again.  Not sure if its the same cost or a discount BUT you will have to wait a few months before retaking.
* Not sure how many CPEs are required for the CSSLP.  That is given elsewhere.  Its over a 3 year period now, no annual minimums.  YES non-ISC2 activities count.  You can go to industry conferences, take webinars from many sources, attend meetings with industry groups like ISSA.  Not sure where this idea that only ISC2 activities count.  For me, I've used my attendance at ISSA meetings for CPEs for years, plus as a board member of our chapter, I get group B.  ISACA meetings also.  Conference from ISSA, ISACA, various BSides also have counted.  Webinars from ISSA, ISACA, elsewhere I've used.

Hope this helps.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
AlecTrevelyan
Community Champion


@ign1s wrote:
Hello, I am interested in becoming a CSSLP. I have almost two years of paid, working experience as a software developer. Since i lack the required experience, i guess i need to become an ISC2 associate first by taking the CSSLP exam. I need some clarification.
 
  • Considering successfull pass of the exam and remaining working years completion, how is the transition from ISC2 to CSSLP achieved? Do i need to retake any exam?

When you pass the exam you go through the endorsement process via a link on the member portal. At this point if you don't have enough experience to endorse as a CSSLP you would select to endorse as an Associate which grants you 5 years to gain the 4 years needed.

 

Later on when you have enough experience you go through the endorsement process again this time opting to endorse as a CSSLP.

 

As mentioned, you get 9 months from passing the exam to complete the initial endorsement either as an Associate or as a CSSLP. So if you think you can gain enough experience in that 9 months to endorse as a CSSLP you might want to skip the Associate endorsement and just wait. This could save you money and effort as you need to pay annual fees and complete CPEs as an Associate.

 

  • How is the domain of the working experience defined? Do i need to be explicitly assigned a security-wise role in my team to qualify for the exam?

Check the exam outline for details. This includes the domains broken down into sections and sub-sections. Do you have any experience in any of these elements? You don't need to have the word "security" in your job title but you do need to have been involved in at least one section/sub-section listed in one of the domains:

 

https://www.isc2.org/Certifications/-/media/ISC2/Certifications/Exam-Outlines/CSSLP-Exam-Outline-v10...

 

 

  • In case of failure, what is the cost of trying again?

You pay the full price of the exam for each attempt. If you fail the first attempt you have to wait 30 days before being able to test again. If you fail a second time you will have to wait 90 days before testing again. If you fail a third time you'll have to wait 180 days before testing again. You can only test for a particular certification a maximum of three times in a year.

 

The retake policy can be found in the results reporting section of this link:

 

https://www.isc2.org/Register-for-Exam

 

 

  • How many CPE do i need to recertify? Do external(not ISC2 community oriented) activities count towards credits? (e.g open source contributions). Please provide some specific examples on CPE earning.

This is all explained in the CPE handbook:

 

https://www.isc2.org/-/media/ISC2/Certifications/CPE/CPE---Handbook-Digital-V2.ashx

 

 

 

Thanks in advance. Happy to be here 🙂


You're very welcome!

 

ign1s
Newcomer I

Thank you for your answers. I will definitely give it a shot!