All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Secure Software Assessor | Work Role ID: 622 (NIST: DD-WRL-005)

40 Courses
5 Labs
55 Hours
Skill IQ

A **secure software assessor** analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.

This path will get you started on your journey to becoming a secure software assessor! Begin with the fundamental concepts of the software development lifecycle development and testing techniques through hands-on labs, dive into the essential skills necessary to perform the day-to-day functions of secure software assessing and then expand your skill set with, automation, deeper/advanced concepts and additional knowledge from adjacent roles!

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the **Workforce Framework for Cybersecurity (CSWF)** and the **DoD Cyber Workforce Framework (DCWF)** for the work role of:

**Secure Software Assessor** Work Role 622 or DD-WRL-005

Get started

Content in this path

Fundamentals

Begin your learning journey with the fundamental concepts of secure software assessing techniques through hands-on labs and courses!

Course

OWASP Top 10: The Big Picture

  • by Hampton Paulk
  • 1h 24m
  • Oct 27, 2023
Course

Security Controls: CIS Controls

  • by Bobby Rogers
  • 1h 32m
  • Dec 20, 2021
Course

Information and Cyber Security GRC: Risk Management

  • 1h 36m
  • Feb 27, 2024
Course

Software Process Management

  • 3h 43m
  • Dec 10, 2024
Course

Secure Software Concepts for CSSLP®

  • by Kevin Henry
  • 1h 31m
  • Sep 05, 2023
Course

Secure Software Architecture and Design for CSSLP®

  • by Kevin Henry
  • 2h 19m
  • Sep 05, 2023
Course

Secure Software Lifecycle Management for CSSLP®

  • by Kevin Henry
  • 1h 41m
  • Sep 05, 2023
Course

Secure Software Testing for CSSLP®

  • by Kevin Henry
  • 1h 23m
  • Sep 05, 2023
Course

Developer Security Champion: Vulnerability Testing

  • by Christian Wenz
  • 18m
  • Sep 20, 2023
Course

Linux Endpoint Security: Processes

  • by Aaron Rosenmund
  • 25m
  • Nov 03, 2022
Lab

Linux Endpoint Security: Processes

  • by Aaron Rosenmund
  • 1h 55m
  • Aug 04, 2025
Course

Windows Endpoint Security: Logs

  • by Michael Teske
  • 28m
  • Nov 29, 2023
Lab

Windows Endpoint Security: Logs

  • by Michael Teske
  • 2h 35m
  • Aug 04, 2025
Course

OWASP Top 10 with Burp Suite

  • by Mike Woolard
  • 1h 10m
  • Sep 09, 2024

Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a secure software assessor including development and evaluation.

Course

Developer Security Champion: OWASP Top 10

  • 16m
  • Jul 01, 2023
Course

Developer Security Champion: SAST & DAST

  • by Jon La Plante
  • 18m
  • Jun 13, 2024
Course

DevSecOps: Automated Security Testing Fundamentals

  • by Peter Mosmans
  • 1h 20m
  • Mar 19, 2024
Course

DevSecOps: Adding Security Testing Tools to Pipelines

  • by Peter Mosmans
  • 2h
  • Mar 19, 2024
Course

DevSecOps: Enabling Security Governance and Compliance in DevSecOps

  • by Richard Harpur
  • 1h 35m
  • May 23, 2024
Course

Pen Testing: Planning, Scoping, and Recon

  • by Alexander Tushinsky
  • 1h 13m
  • Oct 10, 2022
Course

Web App Pen Testing: Reconnaissance

  • by Tim Tomes
  • 1h 14m
  • Nov 28, 2023
Course

Web App Pen Testing: Mapping

  • by Tim Tomes
  • 1h 49m
  • Dec 19, 2023
Course

Pen Testing: Reporting

  • by Gavin Johnson-Lynn
  • 1h 6m
  • Jun 14, 2022
Course

Secure Software Supply Chain for CSSLP®

  • by Kevin Henry
  • 54m
  • Sep 05, 2023

Expanded Skillset

It's time to expand your skill set with tools! This section gives you a brief introduction into many, additional skills that you will find helpful as a secure software assessor. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Course

Ansible Fundamentals

  • by Tim Warner
  • 2h 41m
  • Sep 18, 2023
Course

Fundamentals of OT Security

  • by Matthew Lloyd Davies
  • 41m
  • Sep 14, 2023
Course

Application Analysis with Snyk

  • by Sean Wilkins
  • 27m
  • May 21, 2025
Course

Application Analysis with SonarQube

  • by George Smith
  • 34m
  • Sep 27, 2022
Course

Application Analysis with Endlessh 1

  • by Laurentiu Raducu
  • 16m
  • Jun 08, 2022
Course

Scan Web Applications with Bash

  • by Ricardo Reimao
  • 47m
  • May 12, 2023
Course

Pen Testing with Bash

  • by Malek Mohammad
  • 58m
  • May 16, 2023
Course

Specialized Testing: Deserialization

  • by Peter Mosmans
  • 1h 1m
  • Feb 27, 2023
Lab

ASP.NET ViewState Deserialization Attack Chain

  • by Gavin Johnson-Lynn
  • 1h 5m
  • Aug 04, 2025
Course

Specialized Testing: Command Injection

  • by Michael Edie
  • 1h 2m
  • Jul 06, 2023
Course

Business Logic Testing with Burp Suite

  • by Malek Mohammad
  • 28m
  • Oct 11, 2024
Lab

Password Protection for C# Applications

  • by Shimon Brathwaite
  • 50m
  • Aug 05, 2025

Adjacent Skill Knowledge

Now that you've mastered all the skills for a secure software assessor, learn about additional cyber roles and their responsibilities.

Course

IT Professional Fundamentals: Virtualization and Cloud Computing

  • by Vlad Catrinescu
  • 1h 27m
  • Mar 16, 2022
Course

Security Engineering: Secure Networks

  • by Chris Jackson
  • 1h 43m
  • Aug 13, 2024
Course

Security Engineering: Asset Evaluation and Execution Plan

  • by Chris Jackson
  • 1h 10m
  • Apr 30, 2024
Course

Specialized Engineering: Enterprise Hybrid Cloud

  • by Michael Brown
  • 1h 9m
  • Dec 05, 2022
Course

Developer Security Champion: Data Protection Standards

  • by Kevin James
  • 14m
  • Apr 09, 2024
Course

Specialized Testing: API Testing

  • by George Smith
  • 56m
  • Dec 14, 2022
Course

Python Secure Coding Playbook

  • by Gavin Johnson-Lynn
  • 2h 24m
  • Sep 02, 2021
Course

Sandworm: C2 over HTTP Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 12, 2024
Lab

Sandworm: C2 over HTTP Emulation Lab

  • by Matthew Lloyd Davies
  • 55m
  • Aug 05, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
What You'll Learn
Prerequisites
  • None
Related topics
  • Secure Software Development Lifecycle
  • CSWF
  • DCWF
  • NICE Framework
  • Secure Software Assessor
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Hampton Paulk
Hampton Paulk
Hampton brings 25+ years of hands-on technology experience to every course he creates. His teaching philosophy is simple: meet learners where they are and make complex topics accessible. Whether breaking down emerging technologies, explaining foundational concepts, or exploring advanced implementations, he draws from decades of real-world experience building, breaking, and fixing systems. His approach combines practical insights with clear explanations, helping professionals at all levels gain t...
Bobby Rogers
Bobby Rogers
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assura...
Kevin Henry
Kevin Henry
Kevin Henry is a well-known and respected educator and lecturer in the fields of information security and audit. Kevin uses his more than 30 years of practical experience as a network technician, computer programmer, and information systems auditor to deliver outstanding presentations that make each topic interesting, relevant, and useful. Often described by students as "The best instructor I have ever had," Kevin has the ability to provide quality instruction that engages the audience and provi...
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an...
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Michael Teske
Michael Teske
Michael Teske is a principal security author with Pluralsight helping people build their skills toolkit. Michael has 25+ years of experience in the IT Ops/Cloud/Cybersecurity industry including 17 of those years as an IT instructor at a technical college, focusing on Microsoft server infrastructure, security and automation. Michael attained his MBA with an emphasis in Computer Information System Security several years ago. Michael still keeps up with the industry as an independent consultant in ...
Mike Woolard
Mike Woolard
Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.
Jon La Plante
Jon La Plante
Jon is a seasoned web and mobile product manager with more than 20 years of experience in the software industry. He’s worked on projects of all kinds, including internal business support systems, large commercial offerings, and SaaS startups. Starting his career as a developer, then moving into people management before discovering his passion for product, Jon has cultivated a deep appreciation for the nuances of product development, and understanding of the product lifecycle.
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet...
Richard Harpur
Richard Harpur
Richard is a highly experienced technology leader with a remarkable career ranging from software development, project management through to C-level roles as CEO, CIO, and CISO. Richard is highly rated and ranked in Ireland's top 100 CIOs. As an author for Pluralsight - a leader in online training for technology professionals - Richard's courses are highly-rated in the Pluralsight library and focus on teaching critical skills in cybersecurity including ISO27001 and Ransomware. As a Certified Info...
Alexander Tushinsky
Alexander Tushinsky
Alex has spent the past 30+ years working as a software developer, application architect, cybersecurity professional, and technical trainer. He is a lifelong learner and holds over 20 active certifications in IT. Alex is a Microsoft Certified Trainer and enjoys sharing his knowledge with others. He has taught at Rutgers University, Bergen Community College, County College of Morris, College of Southern Nevada, and UNLV. He holds a BS in Software Development and a Masters in Cybersecurity from We...
Tim Tomes
Tim Tomes
Tim is a believer, husband, father, veteran, software developer, web application security engineer, and the founder of PractiSec (Practical Security Services). With extensive experience in web application security and software development, Tim currently conducts consultative engagements, manages multiple open source software projects (Recon-ng Framework, the HoneyBadger Geolocation Framework, PwnedHub, etc.), writes technical articles (lanmaster53.com), and frequently instructs and presents on s...
Gavin Johnson-Lynn
Gavin Johnson-Lynn
Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and many languages in between. Gavin's experience of secure development revealed a passion for security, leading him to become a speaker and blogger on the subject. He has held...
Tim Warner
Tim Warner
Tim Warner is a Microsoft Most Valuable Professional (MVP) and Microsoft Certified Trainer (since 1997) with nearly three decades of experience as an IT professional and technical educator. Based in Nashville, TN, Tim focuses on generative AI, DevOps, and the Microsoft technology stack, including Azure, GitHub, SQL Server, and Windows. At Pluralsight, his courses have amassed well over one million watch hours, reflecting his ability to translate complex systems into clear, actionable learning. T...
Matthew Lloyd Davies
Matthew Lloyd Davies
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ...
Sean Wilkins
Sean Wilkins
Sean Wilkins, with over two decades of experience in the IT industry, serves as a distinguished networking consultant and contributor at Tech Building Blocks. His professional journey spans multiple prominent enterprises, underlining his extensive field expertise. Sean's credentials include esteemed certifications from Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). Academically, he has achieved a Master’s of Science in Information Technology, specializing in Network Architec...
George Smith
George Smith
George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo...
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Ricardo Reimao
Ricardo Reimao
Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.
Malek Mohammad
Malek Mohammad
Malek Mohammad is an Information Security Consultant and Penetration Tester with previous software development experience. Malek works on making payment applications more secure through Penetration Testing and Threat Modeling. In addition, He helped many software developers in designing their application with security in mind, and not as an afterthought. Malek still has enthusiasm for software development, he uses Python to automate attack scenarios.
Michael Edie
Michael Edie
Michael is a Senior Security Consultant with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates s...
Shimon Brathwaite
Shimon Brathwaite
Shimon Brathwaite is a seven-year cybersecurity professional with extensive experience in Incident Response, Vulnerability Management, Identity and Access Management and Consulting. He has worked at one of the Big Four consulting firms, multiple of Canada’s largest banks and in startup environments. In addition to his full-time work, he runs a blog securitymadesimple.org, a consulting company and is a published author with four books on cybersecurity. He is open for engagements related to cybers...
Vlad Catrinescu
Vlad Catrinescu
Vlad is a Microsoft 365 and Power Platform expert specializing in empowering organizations to securely and effectively integrate AI-powered tools, such as Microsoft 365 Copilot and AI Agents, into their digital workplaces. An IT professional at heart, Vlad excels at preparing, securing, and governing modern environments, enabling IT administrators and business users to automate processes, enhance productivity, and drive digital transformation with confidence. As a Microsoft Certified Trainer, a...
Chris Jackson
Chris Jackson
Chris Jackson is a cybersecurity professional with years of experience in identifying security incidents, securing applications and security training. Over the years, he has tested web applications for vulnerabilities, helped deploy SIEM platforms and more. He is passionate about teaching cybersecurity and committed to learning new technologies.
Michael Brown
Michael Brown
I have worked in IT for 25 years, for 22 of those years I have delivered IT Training. I have delivered Microsoft, CISCO and Amazon Web Services courses across Europe. For the last 4 years I have focused on Cloud technologies delivering cloud training to some of Europe’s biggest organisations. I have been a Microsoft Certified Trainer since 1997 and currently hold certifications from Microsoft, CompTIA and AWS. When not working on training material or delivering courses I spend time in the nort...
Kevin James
Kevin James
As a seasoned technologist with over 30 years of wide-ranging expertise in information technology roles across diverse industries, Kevin is passionate about finding effective and economical solutions to business problems. His passion for teaching technical subjects allows him to have a particular style that imparts information yet teaches at the same time. He enjoys working with Linux, Unix and Windows Operating Systems and combined with a deep knowledge of software platforms as varied as Ap...

Join our learners and upskill
in leading technologies