Candidates who want to take an ISTQB® Certified Tester Security Test Engineer (CT-SEC) exam must hold a valid ISTQB® Certified Tester Foundation Level certificate.

The 2016 CT-SEC syllabus combined various roles and activities, making it more complex and challenging to navigate. The new structure provides a clearer distinction between key security testing responsibilities:

• Certified Tester Security Test Engineer (CT-STE) (released in January 2025) focuses on the practical execution of security testing activities.
• Certified Tester Security Test Analyst (CT-STA) (scheduled for release in 2026) will concentrate on analyzing business security risks and defining security testing strategies to ensure risks remain within an acceptable threshold.

This separation enhances clarity and specialization, aligning certification content with industry needs.

No, there is no automatic transfer or grandfathering. If you hold the CT-SEC certification and wish to obtain the Certified Tester Security Test Engineer (CT-STE) or Certified Tester Security Test Analyst (CT-STA) certification, you will need to pass the respective certification exams.

Penetration testing is just one aspect of security testing. ISTQB’s security testing syllabus takes a broader approach, emphasizing shift-left testing – integrating security testing from the earliest stages of software development. It also focuses on embedding security testing into the overall software development and quality assurance processes, ensuring a more comprehensive and proactive approach to security.

While a technical background (e.g., knowledge of TCP/IP protocols, firewalls, and technical vulnerabilities) can be beneficial, it is not a mandatory requirement for the certification exam. The syllabus is designed to be accessible to a wide range of professionals, regardless of their programming experience.

Yes, the CT-STE syllabus is not limited to any specific industry. It covers fundamental security testing principles that apply across domains and explicitly addresses different regulatory contexts. The syllabus also explains how industry norms and standards can be leveraged to enhance security testing activities, making it valuable even in highly regulated environments.

Software quality goes beyond functional correctness—it includes many other critical aspects, such as usability, performance, and security. ISTQB provides certifications in various quality domains, and security is included as a key focus. Gaining expertise in security testing can broaden your skill set, enhance your professional value, and open new career opportunities in an increasingly security-conscious industry.