A poser says what

I had the enjoyable experience of working with someone from another company recently. I was "loaned out" to assist with a highly technical audit.

The very first time I meet the dude he looks at my (ISC)2 lanyard and asks if I went to a conference. I tell him I have my CISSP and he promptly goes into this long discussion about how he brain dumped for the CISSP and it means nothing at all ever. My reaction was "ok, here is someone who is socially inept and I can handle that."

We started fieldwork and I swear I wanted to fall through the floor every time he opened his mouth. He was asking the client things like "What's a jump server?" "What's a DDOS attack?" "So Linux and Ubuntu are separate distros?" It went on and on and the client lost all confidence in our ability to do anything.

I finally confronted him at the end of the week (this was just after the What's a DDOS attack question) and I asked him if he felt like he was misrepresenting himself on his resume. He totally didn't get it. I told him that when he puts those letters on his resume then people are going to expect a certain body of knowledge to be part of the package, and here he was making an idiot of himself in front of the client because he didn't know the most basic things, and that I was embarrassed by his ignorance.

Does this happen a lot? How much brain dumping actually goes on? How do people get away with it? Who signed off on his CISSP application?! ARGH.

Find more posts tagged with

Comments

E Double U

TE does not disappoint. I just so happened to have a bowl of popcorn next to me. I love it when things just come together.

BlackBeret

It happens too often. A certification is nothing more than a piece of paper and a lot of money to some company in the end. It comes down to hiring practices of companies, they need to interview, asses, and review candidates properly before putting them in those positions.

fullcrowmoon

E Double U wrote: »

TE does not disappoint. I just so happened to have a bowl of popcorn next to me. I love it when things just come together.

'Twas a cunning plan.

ratbuddy

I would happily report the dirtbag to ISC2. In a perfect world, they would do an audit and revoke his cert. Probably not in this world, but it's worth a shot.

Clm

ratbuddy wrote: »

I would happily report the dirtbag to ISC2. In a perfect world, they would do an audit and revoke his cert. Probably not in this world, but it's worth a shot.

I agree with ratbuddy report him. He might not have worked hard but i studied so hard for my CISSP i had to take it twice lol. Darn 694

fullcrowmoon

It's not so easy to report someone. You have to provide a signed affidavit and prove that there was some ethical wrongdoing. Basically all I have is "This guy was a wanker and made me look bad." I'd love to report him, though.

DatabaseHead

Not worth it, but the story was enjoyable nonetheless.

jcundiff

fullcrowmoon wrote: »

It's not so easy to report someone. You have to provide a signed affidavit and prove that there was some ethical wrongdoing. Basically all I have is "This guy was a wanker and made me look bad." I'd love to report him, though.

failure to adhere to (ISC)2 code of ethics? Admitting to braindumping it should be enough? shouldnt it?

DatabaseHead

What does fullcrownmoon get from this? Sounds like all risk no reward, no thanks....

lucky0977

I don't think there are **** for ISACA or ISC2. Trust me, all my co-workers brag about what they used to pass exams from other vendors but I laugh in their face when they've failed the CISSP exam, some of them 3 or 4 times.

They've even had the audacity to show me what **** they are using for the CISSP exam. I smile and tell them to keep doing what they're doing because those questions they bought online somewhere were stolen practice questions iv'e seen over at CCCure.

gespenstern

CISSP cannot be braindumped, so you can safely assume that he was lying about dumping it. Ask him for his cert number and check on verification page of ISC2 website if he's really certified.

TechGromit

ratbuddy wrote: »

I would happily report the dirtbag to ISC2. In a perfect world, they would do an audit and revoke his cert. Probably not in this world, but it's worth a shot.

Wouldn't the person who signed off on his experience be in hot water as well?

Personally if I cheated on an exam, I certainly wouldn't brag about it. It's like telling everyone who will listen, Yea I cheated on my Taxes, I printing my college degree in Photoshop, I'm married, but tell all the girls I'm not and available to date them. Seriously who does this?

gespenstern wrote: »

Ask him for his cert number and check on verification page of ISC2 website if he's really certified.

Wonder how many people put down on there resume that they have XYZ certification, but really don't. I have a former co-worker in my Linkedin contacts that says he has a CISSP, but the certification number he lists brings up no matches. Either it's wrong or he made it up. There doesn't see to be a way to look up certification numbers by name or list by number. Is there another way to verify if someone is a CISSP holder?

This is something I actually posted about before, there no security when certifications are listed. I just need to find someone with the same name as me (or create a legal alias) and I can instantly have a dozen certifications to add to my resume. I just need to identify someone smart and obtain their certifications listing and numbers. Want to verify my certs, sure here's the website, my name and number. See, says right there.

DPG

gespenstern wrote: »

CISSP cannot be braindumped, so you can safely assume that he was lying about dumping it. Ask him for his cert number and check on verification page of ISC2 website if he's really certified.

Huh? This is probably one of the most dumped exams out there.

paul78

TechGromit wrote: »

Seriously who does this?

Boggles the mind doesn't it

when I read OP's post - I just smack my head. Makes you wonder about the the ethics and integrity of anyone like that. Not to mention their judgment in boasting about lack of integrity in the first place.

TechGromit wrote: »

Is there another way to verify if someone is a CISSP holder?

JDMurray wrote a blog article on which is on TE on various verification methods - How Do I Verify That Someone Is Really Certified? - TechExams.net IT Certification Blogs

For a CISSP - if you have name and number - you can verify it here - https://webportal.isc2.org/custom/certificationverification.aspx

gespenstern

TechGromit wrote: »

Wonder how many people put down on there resume that they have XYZ certification, but really don't. I have a former co-worker in my Linkedin contacts that says he has a CISSP, but the certification number he lists brings up no matches. Either it's wrong or he made it up.

Plenty. I always check these claims as a part of the hiring process and visit these "verify" pages on ISC2, EC-Council, Microsoft, etc. pages often. There were some cases...

TechGromit wrote: »

Is there another way to verify if someone is a CISSP holder?

I don't think so. You have to know at least the number and the last name.

TechGromit wrote: »

This is something I actually posted about before, there no security when certifications are listed. I just need to find someone with the same name as me (or create a legal alias) and I can instantly have a dozen certifications to add to my resume. I just need to identify someone smart and obtain their certifications listing and numbers.

Yep. I see them changing this in the future and tying certs to a key pair in addition to just name. Plus, it's going to be geeky stuff, which is cool!

gespenstern

DPG wrote: »

Huh? This is probably one of the most dumped exams out there.

I'd love to see some tangible proofs to that. Because there are none.

lucky0977

DPG wrote: »

Huh? This is probably one of the most dumped exams out there.

Yeah for sure you can purchase **** online (google it). I've seen quite a few of them from different **** websites because my co-workers will show them to me. They are just stolen questions from CCCure. There are no **** for this exam.

TechGromit

paul78 wrote: »

For a CISSP - if you have name and number - you can verify it here - https://webportal.isc2.org/custom/certificationverification.aspx

I have his First, Last name and number. I tried various combinations of the two, not it's always search not found. Now there's also method to do more extensive searches, but the holder has to opt in, since it provides addresses and phone numbers. Using this method, I found the same first and last name, but from a different state that's not close to where he works now. Definitely not the same person. Unless holder can opt out of the first verification method, my conclusion is he's lying he's a CISSP holder.

Danielm7

I'd have to agree on the CISSP **** issue. I had an old coworker who asked me about it after I passed and said he'll do it too but he **** everything. He showed me the questions he was studying, I recognized the first one he showed me straight out of the cccure practice questions. Sadly he didn't get around to trying it while I worked with him, might have been worth it to hear how he was "cheated" by some **** site he bought answers from.

paul78

TechGromit wrote: »

Unless holder can opt out of the first verification method, my conclusion is he's lying he's a CISSP holder.

I just looked - you can't opt out of the verification. You can just opt-out of the member directory. Maybe he/she typoed the member ID.

TechGromit

Danielm7 wrote: »

I'd have to agree on the CISSP **** issue. I had an old coworker who asked me about it after I passed and said he'll do it too but he **** everything. He showed me the questions he was studying, I recognized the first one he showed me straight out of the cccure practice questions. Sadly he didn't get around to trying it while I worked with him, might have been worth it to hear how he was "cheated" by some **** site he bought answers from.

When there is money involved, someone will fill the need. Now the quality of these dumping sites is the real question. While some sites may actually have real questions from the exams, I'm sure there are a dozen others that will be happy to take your money and give you crap information. After all who you going to complain too? It's like the guy who purchases drugs and complains to the police his dealer misrepresented the quality of the drug he paid for.

paul78 wrote: »

I just looked - you can't opt out of the verification. You can just opt-out of the member directory. Maybe he/she typoed the member ID.

Possible, I'm not going to be the guy that challenges the legitimacy his cert, now if he was applying to a job I had posted, I certainly would.

TheFORCE

TechGromit wrote: »

I have his First, Last name and number. I tried various combinations of the two, not it's always search not found. Now there's also method to do more extensive searches, but the holder has to opt in, since it provides addresses and phone numbers. Using this method, I found the same first and last name, but from a different state that's not close to where he works now. Definitely not the same person. Unless holder can opt out of the first verification method, my conclusion is he's lying he's a CISSP holder.

The search has 2 requirements, last name and the cert number. You can always ask to see his cissp cert and get rhe number from there, maybe try to trick him. Or maybe have him show you his CISSP wallet card.

jelevated

I don't think ISC2 gets involved unless someone is misrepresenting their credentials in a very visible way.

Unfortunately for liars and cheats there isn't much resource which is why the technical interview will always be required. I've seen it though, atleast in my organization, CISSP WILL get you through HR and the hiring manager will more than likely spend more than 1 minute looking at your resume. We ask for it in the job req as a nice to have and usually less than 5% of the applicants are 100% bonafide CISSPs. Around 50% of them (yes, I'm not kidding) use the CISSP keyword to get passed the filters. IMO the only time to you should have CISSP on your resume is when you pass the test. Actually passing the test puts you on a whole other level because so many people are out there trying to fake it. Some people put "Studying CISSP", "CISSP Exam Scheduled" etc.

Another one is "Associate of ISC2 CISSP" which is ALL OVER linkedin.

jelevated

NetworkNewb wrote: »

Saw someone the other day who recently put Associate of ISC2 as one of their certs on there. But they put CISSP right after their name. Hoping ISC2 will take care of that

Just reading that makes me angry!

jamthat

Sounds awful..I had a senior linux admin recently ask me (verbatim) "What is a curl?"

bigdogz

...can't resist....Curls are used in weights or movement of the 16 -20 oz variety.... YMMV. Curling shots is for the tough ones.

joshmadakor

Like other's have said, I didn't think it was possible to **** CISSP. The question bank is enormous. If you somehow were able to **** it, it would take the same amount of time and effort as if you actually studied for the exam.

TechGromit

TheFORCE wrote: »

Or maybe have him show you his CISSP wallet card.

He's a linkedin contact I haven't seen in years. Maybe I'll mug him in the parking lot and water board him for the truth.

UncleB

lucky0977 wrote: »

Yeah for sure you can purchase **** online (google it). I've seen quite a few of them from different **** websites because my co-workers will show them to me. They are just stolen questions from CCCure. There are no **** for this exam.

It took 2 minutes on Google to find sites that have a large number of **** for the ISC2 exams, mostly CISSP (one has 77 **** of an average 1,000 Q's each). I don't want to post links but if you don't believe me, drop me a PM and I'll send you the proof.

I'm not advocating using them, just pointing out the harsh truth.

Sorry to rain on your parade.

E Double U

Just because websites claim to have CISSP **** doesn't mean those questions actually match the exams.