Options
Security Certification Verification validation
TechGromit
Member Posts: 2,156 ■■■■■■■■■□
Recently I saw a former co-worker with a CISSP and wanted to verify the cert. The ISC2 website is completely worthless, they want the last name and "Certification / Designation Number", I tried every possible combination of First Name, Last name, CISSP, CISSP / Number always comes back with not found, I even tried a manager and a member of this website. It really shouldn't be that difficult to verify certs. With the SANS website, you just have to enter last name, and all SANS certifications are listed.
Anyway got me thinking, the verification process for certifications is pretty weak. After all there is more than one John Smith in the world, if you share a name, Pesto, instant resume booster. But there no need to hope someone shares your last name that's a security professional, just change your name to someone with a lot of certifications, get a new driver's license, and just apply for new job. 150k sounds about right. You could even post your photo of yourself on a forum and list your certs, nice little bread crumb trail, see it's me, online proof. While it's true you couldn't do the job, but fake it to you make it. Push your work onto Jr. associate. I could do this task Mr. Jr associate, but why don't you take a shot at it, be good experience for you. Turn in work as "John Smith and team", could take 6 months before someone would figure out you really don't have a clue what your doing. After all be better making 150k for 6 months then $7.25 at Walmart for 6 months.
Finally did get a match on ISC2 for a Manger in my Company. Haven't been able to verify the former Co-Worker in question.
Anyway got me thinking, the verification process for certifications is pretty weak. After all there is more than one John Smith in the world, if you share a name, Pesto, instant resume booster. But there no need to hope someone shares your last name that's a security professional, just change your name to someone with a lot of certifications, get a new driver's license, and just apply for new job. 150k sounds about right. You could even post your photo of yourself on a forum and list your certs, nice little bread crumb trail, see it's me, online proof. While it's true you couldn't do the job, but fake it to you make it. Push your work onto Jr. associate. I could do this task Mr. Jr associate, but why don't you take a shot at it, be good experience for you. Turn in work as "John Smith and team", could take 6 months before someone would figure out you really don't have a clue what your doing. After all be better making 150k for 6 months then $7.25 at Walmart for 6 months.
Finally did get a match on ISC2 for a Manger in my Company. Haven't been able to verify the former Co-Worker in question.
Still searching for the corner in a round room.
Comments
-
Options
bpenn
Member Posts: 499
I agree, I find it difficult to verify anything.
On a side note, I tried to say "Security Certification Verification Validation" 3 times fast and now my tongue is tied."If your dreams dont scare you - they ain't big enough" - Life of Dillon -
Optionseth0
Member Posts: 86 ■■□□□□□□□□
On OSCP you have to e-mail them with number + name, imo best way is just public website and person can enable this public view if want and by default public view disabled...
-
OptionsMike7
Member Posts: 1,107 ■■■■□□□□□□
Not only ISC2, EC council, ISACA, CompTIA, Microsoft requires certification number or verification code for online certification.
Some of us put the number on our LinkedIn profile, so that is one way to verify. If someone looks like me and share my last name, I guess he can steal my identity. -
OptionsLiindolade
Member Posts: 21 ■□□□□□□□□□
For CompTIA, there's https://www.certmetrics.com/comptia/public/verification.aspx . This results in a GET request with the cert number as a parameter and can then be linked from LinkedIn or via a URL shortener.
-
OptionsMike7
Member Posts: 1,107 ■■■■□□□□□□
Thanks for the CompTIA tip! I was misled by the info at https://certification.comptia.org/help/certificates-credentials-transcripts/credentials/provide-verification-of-your-comptia-certifications