Re: Provisionally passed CSSLP exam today - Notes

norbertmurzsa

Hi All,

Today, I provisionally passed the CSSLP exam.

Below, I summarize my notes about my preparation and my exam experience.

Preparation: I read and practiced the following materials

.

First, I purchased and read through the CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition.
The above book gave me free access to practice questions at Total Seminar Training Hub (https://hub.totalsem.com/). Unfortunately, these practice questions were hard to understand. the wording is very complex and sometimes they do not make sense, so I gave it up after some tries.
The next book I purchased and read was the Official (ISC)2 Guide to the CSSLP CBK 2nd Edition, that I felt as a kind of out-of-date book to learn from.
At the end I decided to buy a 180 day access to the Official ISC2 CSSLP Online Self-Paced Training which I think it generally worth to purchase. It included the following

The CSSLP Official ISC2 Textbook, 6th Edition via the BookShelf mobile and desktop apps. This is a good book. Easy to read and understand and it generally covers a great material for the preparation.
A Customized Certified Secure Software Lifecycle Professional (CSSLP) Learning Experience at https://obrizum.io/ . This online training is based on the lightweight version of the official textbook. So just completing the online training will not cover the whole official textbook above. The online training includes the following:

Online material for all the 8 CSSLP domains
Domain Catalog that is a lightweight extract of the official textbook
Additional, recommended resource links (NIST, etc. materials)
35 practice questions per domain
Full 150 exam practice questions at the end

The practice questions generally are good and the analytics at the completion of practice questions (surveys at the end of the domains and at the end of the full practice questions) are helpful. They show which domain(s) you need to practice more and how you improve your knowledge over time.
Please note that you only can answer a question 5 times. After that the question becomes unavailable. So, you may not be able to complete the full exam questions any time. After the fifth tries that question becomes inaccessible.
My issues with some of the questions and the online training you can read here

The actual ISC2 CSSLP Exam today used 180 minutes and 125 question. Surprisingly, after the registration and the security process, I started my Exam (the actual questions) around 12pm and finished around 2.40pm, just two minutes before the expiration - not sure how this was 180 minutes though. I did not find any questions from the Official ISC2 CSSLP Online Self-Paced Training and sometimes I found hard to understand the questions. They need some refreshments.

And finally, my experience with the ISC2 Customer Support.

After using completing the Official ISC2 CSSLP Online Self-Paced Training, because the practice questions became inaccessible soon, I considered and purchased a 30-day Extension for the earlier purchased 180-day Access Course to do some more practice questions.

Unfortunately, after paying the USD $230 for the additional 30-day Extension, it turned out that purchasing the extension does not include re-establishing the access to the practice questions. I saved the screenshots of purchasing the 30-day Extension and none of the screens says what level of access will be given or what access restrictions the Extension will provide you with.

I sent an email to the ISC2 Customer Support for explanation, I asked them to reimburse my payment as I only purchase the extension for the practice questions, but they denied my claim. I offered to give an exam voucher for the same amount that I could have been used for my CSSLP exam, but this email was not even answered.

In summary:

The CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition. book is a good book.
The quality of the Total Seminar Training Hub's questions did not meet my expectations.
The Official (ISC)2 Guide to the CSSLP CBK 2nd Edition is a bit obsolete. I don't recommend buying it.
The Official ISC2 CSSLP Online Self-Paced Training covers a good material for the preparation (especially the official book via the BookShelf desktop and mobile apps and the practice questions)
The limitation at the practice questions (answer 5 times only) is a big unfortunate so does the inflexibility of the ISC2 Customer Support. Here, I expected more the "Customer is always right" attitude. With a voucher, I would have spent that money for another ISC2 training or exam anyway which indeed will not happen unfortunately.

I'm happy to answer any further questions.

Thanks

Norbert

Sebastian0

Hi,
Have you done quizlets?
When you think of questions, have you seen them before? In a book or somewhere on a test question?

norbertmurzsa

Hi,

I'm not sure I follow you.

Please help and give some context of which quizlets you are referring to?

Same applies to the questions too.

Thanks

N

nkeaton

Congratulations. Nice write-up.

nkeaton

@Sebastian0 You will not find practice questions like ISC2 exam ones from reputable sources. Practice questions are only to make you think.

akkem

Congratulations on passing your exam!
Nice write-up, thank you!

InfiniteEntropy

Congratulations and a great write up. My experience of materials was similar.
1. All-in-one, a good book, but the questions in Total Seminar Training Hub were often poorly written or lacking context. Rather than use them as practice exam I used them in study mode, just to get another approach to the subject

2. CBK, as you say slightly out of date, but I found it useful for a once through and then referred back to it for a more in-depth answer to the Total seminar answers above.
3. Pluralsight, I had the subscription anyway and went through the course in addition to the books. It was less “dry” than the books and easier to take in.
4. ISC2 flashcards. I’m went through these in test mode whenever I had a few minutes spare.
5. Essential CSSLP Exam Guide by Phil Martin. I thought this was the best of the books and brought everything together nicely.

I think if I had a recommendation to I’d say you should probably have 2 books and if possible one of them should be Essential CSSLP as it was excellent.

I came from a development background originally and this really helped. I’d be interested to know how people found it if they only ever worked in security.

norbertmurzsa

Hi InfiniteEntropy,

Thank you for sharing your thoughts.

Regarding the Official (ISC)2 Guide to the CSSLP CBK 2nd Edition, I may have been a bit unfair with it. It is not a bad book. On the other hand, we cannot expect a technology related book from 2013 to be accurate enough in 2025.

I probably saw the Essential CSSLP Exam Guide by Phil Martin earlier but I did not take enough attention to it when I considered my materials for the exam preparation.

Thanks for sharing your opinion about this book. I probably will give it a try, even if I already passed the CSSLP exam. A good book always remains a good reading material. Let’s see it.

I also can see a couple of new CSSLP related books at Amazon such as

but I have not seen these book earlier when I started my study for the CSSLP exam.

There are not enough ratings yet on these ones to recommend them, but it is certainly a good sign that new books are issued for CSSLP.

N

akkem

Thanks for sharing the CBKs! Does anyone have recommended digital content they've gone through? I’m getting a bit bored with reading books—would prefer watching videos or listening to audio instead.
We have available ISC2 courses—just looking for some additional resources beyond those.

nkeaton

@akkem Sybex makes the official ISC2 study guides. AiO (All in One) is taken from the late Shon Harris for CISSP. As far as I know, she never concentrated on any other certifications. Some of ISC2's did not even exist until after she had passed. I know that I have taken at least 3 of their exams that had almost nothing to study. I did read the latest CBK for the historical perspective on it, realizing that almost nothing reading was testable. While I have not focused on the CSSLP (not sure if ever will), for mine I concentrated on the NIST references suggested by ISC2 https://www.isc2.org/certifications/references?queryID=b527e3430d3f91ef81121dda41d9f12d. Looking at the CSSLP, there are some of the NIST documents but do like that included OWASP as a reference. I do not think that have ever read anything in the references beyond NIST for mine but again this is not one of the certifications that have worked towards and only detailing what I did for lesser know and attempted certifications. There was some good extra reading in the reference list(s) but focus most on the exam objectives/outline. I always carry a copy with me in some form for those moments have occasionally to review something.