Endorsement question - supervisor

Hello,

Still studying for the exam here, but have a question regarding endorsement.
My interest in getting the CISSP exam is to move from my current area to another one in the firm or even going to other company. My current employer (and my manager, for that matter) doesn't know about it and I'm paying for all the expenses myself (books, bootcamp, exam fees).

In the software projects I manage there - with lots of security aspects that I'm involved with/responsible for such as secure design, static/dynamic scanning, etc, I've worked with a bunch of great people (software managers/leads), and was thinking if one of them could be listed in my endorsement form. For reasons stated above, I wouldn't like to have my manager as a supervisor.

Could people that I have worked with be added in my endorsement application as "Supervisor", or it must be someone I reported to?

Thanks!!

Find more posts tagged with

Comments

dustervoice

megablue wrote: »

Could people that I have worked with be added in my endorsement application as "Supervisor", or it must be someone I reported to?

Thanks!!

I strongly believe it has to be someone to whom you report . Also, I would recommend you have a discussion with your manager about your career aspirations.

Code of Ethics Canons:

Act honorably, honestly, justly, responsibly, and legally.

cyberguypr

Think about this, if you are audited you'll have to provide proof of anything you claimed in your endorsement. Are you willing to risk your cert if it comes to light that the person you claimed was not your supervisor? Risk is too high.

analyst

megablue wrote: »

In the software projects I manage there - with lots of security aspects that I'm involved with/responsible for such as secure design, static/dynamic scanning, etc, I've worked with a bunch of great people (software managers/leads), and was thinking if one of them could be listed in my endorsement form. For reasons stated above, I wouldn't like to have my manager as a supervisor.

Could people that I have worked with be added in my endorsement application as "Supervisor", or it must be someone I reported to?

Thanks!!

You can do anything you want. But you shouldn't lie about who your supervisor is.

You should, of course, ask one of the people most familiar with your infosec contributions to endorse you. It'll technically be that persons responsibility to reach out to your actual supervisor to confirm your claims. But if he/she already knows what you've done, it'll be a formality with no bearing on outcome.

Unless you're one of the few who get audited. If you do, you'll need to talk to your boss and tell him/her about your aspirations.

pcasesa

^^^
This is good advice.

sponge2

The short answer is it can be done.

You should be able to get an endorsement from anyone that can verify, validate your work experience, because for reasons you mentioned you do not want to discuss your career development plans with your immediate superior.

You should ask your local (ISC)2 chapter leaders on how to get an endorsement and they should be able to help you out.

Hope this helps.

sponge2

Besides what if your manager is a jerk and does not wish to endorse you?

You cannot force people to do anything, now can you?

beads

What if your supervisor has the technical background of your average potted plant?

-b/eads

dgeronimos

You do not have to tell your employer why you are getting the CISSP. Just tell them you are completing the CISSP certification.

gutbrodj

I think the question has gone a little sideways. You are not submitting you manager for endorsement, you are submitting them for work verification, that yes you worked in the domains as you indicated on your membership form. The membership form you fill out from an online form (it'll be listed on your exam results if you passed). It's primarily concerned with identifying who you are and what your experience is, and if you are in compliance with the certification requirements.

At the end of the form you have two choices, either locate a CISSP that is currently certified, and have them endorse you, or ask (ISC)2 to find a CISSP that will endorse you. In the first case if you already know a CISSP, then the only time (ISC)2 will contact your boss is if you pull the short straw from the Audit Lottery. In the second case, the CISSP that (ISC)2 asks to endorse you will call you manager, and previous employers that make up your 5 year work history (4 with a degree), and validate that your work involved the items you stated on the form. They will be professional, and if you were untruthful at any time (ISC)2 may revoke your ability to be certified. But that is all after you pass the exam, don't worry about it until then.

megablue

I spoke directly with (ISC)2 and gutbrodj is spot on. In summary:

- you must inform a supervisor's name or in his/her absence, a HR representative that can confirm at least the title you held at that company and start/end dates (*)
- that person will be contacted by (ISC)2 only in case of an audit

(*) Before deciding to take the CISSP exam, I had asked the same questions to ISACA regarding the CISM certification, and they told me that listing a peer in the endorsement form - that has knowledge of my work there - is fine.

thanks for all replies in this thread!