A poser says what

I had the enjoyable experience of working with someone from another company recently. I was "loaned out" to assist with a highly technical audit.

The very first time I meet the dude he looks at my (ISC)2 lanyard and asks if I went to a conference. I tell him I have my CISSP and he promptly goes into this long discussion about how he brain dumped for the CISSP and it means nothing at all ever. My reaction was "ok, here is someone who is socially inept and I can handle that."

We started fieldwork and I swear I wanted to fall through the floor every time he opened his mouth. He was asking the client things like "What's a jump server?" "What's a DDOS attack?" "So Linux and Ubuntu are separate distros?" It went on and on and the client lost all confidence in our ability to do anything.

I finally confronted him at the end of the week (this was just after the What's a DDOS attack question) and I asked him if he felt like he was misrepresenting himself on his resume. He totally didn't get it. I told him that when he puts those letters on his resume then people are going to expect a certain body of knowledge to be part of the package, and here he was making an idiot of himself in front of the client because he didn't know the most basic things, and that I was embarrassed by his ignorance.

Does this happen a lot? How much brain dumping actually goes on? How do people get away with it? Who signed off on his CISSP application?! ARGH.
"It's so stimulating being your hat!"
"... but everything changed when the Fire Nation attacked."
«1

Comments

  • E Double UE Double U Member Posts: 1,685 ■■■■■■■■■□
    TE does not disappoint. I just so happened to have a bowl of popcorn next to me. I love it when things just come together. :D
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, etc

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    It happens too often. A certification is nothing more than a piece of paper and a lot of money to some company in the end. It comes down to hiring practices of companies, they need to interview, asses, and review candidates properly before putting them in those positions.
  • fullcrowmoonfullcrowmoon Member Posts: 172
    E Double U wrote: »
    TE does not disappoint. I just so happened to have a bowl of popcorn next to me. I love it when things just come together. :D

    'Twas a cunning plan.
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • ratbuddyratbuddy Member Posts: 665
    I would happily report the dirtbag to ISC2. In a perfect world, they would do an audit and revoke his cert. Probably not in this world, but it's worth a shot.
  • ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEP Member Posts: 444 ■■■■□□□□□□
    ratbuddy wrote: »
    I would happily report the dirtbag to ISC2. In a perfect world, they would do an audit and revoke his cert. Probably not in this world, but it's worth a shot.

    I agree with ratbuddy report him. He might not have worked hard but i studied so hard for my CISSP i had to take it twice lol. Darn 694
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • fullcrowmoonfullcrowmoon Member Posts: 172
    It's not so easy to report someone. You have to provide a signed affidavit and prove that there was some ethical wrongdoing. Basically all I have is "This guy was a wanker and made me look bad." I'd love to report him, though.
    "It's so stimulating being your hat!"
    "... but everything changed when the Fire Nation attacked."
  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project, CAPM, RMP Member Posts: 2,558 ■■■■■■■■■□
    Not worth it, but the story was enjoyable nonetheless.
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    It's not so easy to report someone. You have to provide a signed affidavit and prove that there was some ethical wrongdoing. Basically all I have is "This guy was a wanker and made me look bad." I'd love to report him, though.

    failure to adhere to (ISC)2 code of ethics? Admitting to braindumping it should be enough? shouldnt it?
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project, CAPM, RMP Member Posts: 2,558 ■■■■■■■■■□
    What does fullcrownmoon get from this? Sounds like all risk no reward, no thanks....
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    I don't think there are **** for ISACA or ISC2. Trust me, all my co-workers brag about what they used to pass exams from other vendors but I laugh in their face when they've failed the CISSP exam, some of them 3 or 4 times.

    They've even had the audacity to show me what **** they are using for the CISSP exam. I smile and tell them to keep doing what they're doing because those questions they bought online somewhere were stolen practice questions iv'e seen over at CCCure.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    CISSP cannot be braindumped, so you can safely assume that he was lying about dumping it. Ask him for his cert number and check on verification page of ISC2 website if he's really certified.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,995 ■■■■■■■■□□
    ratbuddy wrote: »
    I would happily report the dirtbag to ISC2. In a perfect world, they would do an audit and revoke his cert. Probably not in this world, but it's worth a shot.

    Wouldn't the person who signed off on his experience be in hot water as well?

    Personally if I cheated on an exam, I certainly wouldn't brag about it. It's like telling everyone who will listen, Yea I cheated on my Taxes, I printing my college degree in Photoshop, I'm married, but tell all the girls I'm not and available to date them. Seriously who does this?
    Ask him for his cert number and check on verification page of ISC2 website if he's really certified.

    Wonder how many people put down on there resume that they have XYZ certification, but really don't. I have a former co-worker in my Linkedin contacts that says he has a CISSP, but the certification number he lists brings up no matches. Either it's wrong or he made it up. There doesn't see to be a way to look up certification numbers by name or list by number. Is there another way to verify if someone is a CISSP holder?

    This is something I actually posted about before, there no security when certifications are listed. I just need to find someone with the same name as me (or create a legal alias) and I can instantly have a dozen certifications to add to my resume. I just need to identify someone smart and obtain their certifications listing and numbers. Want to verify my certs, sure here's the website, my name and number. See, says right there.
    Still searching for the corner in a round room.
  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    CISSP cannot be braindumped, so you can safely assume that he was lying about dumping it. Ask him for his cert number and check on verification page of ISC2 website if he's really certified.

    Huh? This is probably one of the most dumped exams out there.

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    TechGromit wrote: »
    Seriously who does this?
    Boggles the mind doesn't it icon_smile.gif when I read OP's post - I just smack my head. Makes you wonder about the the ethics and integrity of anyone like that. Not to mention their judgment in boasting about lack of integrity in the first place.
    TechGromit wrote: »
    Is there another way to verify if someone is a CISSP holder?
    JDMurray wrote a blog article on which is on TE on various verification methods - How Do I Verify That Someone Is Really Certified? - TechExams.net IT Certification Blogs

    For a CISSP - if you have name and number - you can verify it here - https://webportal.isc2.org/custom/certificationverification.aspx
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    TechGromit wrote: »
    Wonder how many people put down on there resume that they have XYZ certification, but really don't. I have a former co-worker in my Linkedin contacts that says he has a CISSP, but the certification number he lists brings up no matches. Either it's wrong or he made it up.
    Plenty. I always check these claims as a part of the hiring process and visit these "verify" pages on ISC2, EC-Council, Microsoft, etc. pages often. There were some cases...
    TechGromit wrote: »
    Is there another way to verify if someone is a CISSP holder?
    I don't think so. You have to know at least the number and the last name.
    TechGromit wrote: »
    This is something I actually posted about before, there no security when certifications are listed. I just need to find someone with the same name as me (or create a legal alias) and I can instantly have a dozen certifications to add to my resume. I just need to identify someone smart and obtain their certifications listing and numbers.
    Yep. I see them changing this in the future and tying certs to a key pair in addition to just name. Plus, it's going to be geeky stuff, which is cool!
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    DPG wrote: »
    Huh? This is probably one of the most dumped exams out there.
    I'd love to see some tangible proofs to that. Because there are none.
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    DPG wrote: »
    Huh? This is probably one of the most dumped exams out there.

    Yeah for sure you can purchase **** online (google it). I've seen quite a few of them from different **** websites because my co-workers will show them to me. They are just stolen questions from CCCure. There are no **** for this exam.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,995 ■■■■■■■■□□
    paul78 wrote: »
    For a CISSP - if you have name and number - you can verify it here - https://webportal.isc2.org/custom/certificationverification.aspx

    I have his First, Last name and number. I tried various combinations of the two, not it's always search not found. Now there's also method to do more extensive searches, but the holder has to opt in, since it provides addresses and phone numbers. Using this method, I found the same first and last name, but from a different state that's not close to where he works now. Definitely not the same person. Unless holder can opt out of the first verification method, my conclusion is he's lying he's a CISSP holder.
    Still searching for the corner in a round room.
  • Danielm7Danielm7 Member Posts: 2,294 ■■■■■■■■□□
    I'd have to agree on the CISSP **** issue. I had an old coworker who asked me about it after I passed and said he'll do it too but he **** everything. He showed me the questions he was studying, I recognized the first one he showed me straight out of the cccure practice questions. Sadly he didn't get around to trying it while I worked with him, might have been worth it to hear how he was "cheated" by some **** site he bought answers from.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    TechGromit wrote: »
    Unless holder can opt out of the first verification method, my conclusion is he's lying he's a CISSP holder.
    I just looked - you can't opt out of the verification. You can just opt-out of the member directory. Maybe he/she typoed the member ID.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,995 ■■■■■■■■□□
    Danielm7 wrote: »
    I'd have to agree on the CISSP **** issue. I had an old coworker who asked me about it after I passed and said he'll do it too but he **** everything. He showed me the questions he was studying, I recognized the first one he showed me straight out of the cccure practice questions. Sadly he didn't get around to trying it while I worked with him, might have been worth it to hear how he was "cheated" by some **** site he bought answers from.

    When there is money involved, someone will fill the need. Now the quality of these dumping sites is the real question. While some sites may actually have real questions from the exams, I'm sure there are a dozen others that will be happy to take your money and give you crap information. After all who you going to complain too? It's like the guy who purchases drugs and complains to the police his dealer misrepresented the quality of the drug he paid for.
    paul78 wrote: »
    I just looked - you can't opt out of the verification. You can just opt-out of the member directory. Maybe he/she typoed the member ID.

    Possible, I'm not going to be the guy that challenges the legitimacy his cert, now if he was applying to a job I had posted, I certainly would.
    Still searching for the corner in a round room.
  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    TechGromit wrote: »
    I have his First, Last name and number. I tried various combinations of the two, not it's always search not found. Now there's also method to do more extensive searches, but the holder has to opt in, since it provides addresses and phone numbers. Using this method, I found the same first and last name, but from a different state that's not close to where he works now. Definitely not the same person. Unless holder can opt out of the first verification method, my conclusion is he's lying he's a CISSP holder.

    The search has 2 requirements, last name and the cert number. You can always ask to see his cissp cert and get rhe number from there, maybe try to trick him. Or maybe have him show you his CISSP wallet card.
  • jelevatedjelevated Member Posts: 139
    I don't think ISC2 gets involved unless someone is misrepresenting their credentials in a very visible way.

    Unfortunately for liars and cheats there isn't much resource which is why the technical interview will always be required. I've seen it though, atleast in my organization, CISSP WILL get you through HR and the hiring manager will more than likely spend more than 1 minute looking at your resume. We ask for it in the job req as a nice to have and usually less than 5% of the applicants are 100% bonafide CISSPs. Around 50% of them (yes, I'm not kidding) use the CISSP keyword to get passed the filters. IMO the only time to you should have CISSP on your resume is when you pass the test. Actually passing the test puts you on a whole other level because so many people are out there trying to fake it. Some people put "Studying CISSP", "CISSP Exam Scheduled" etc.

    Another one is "Associate of ISC2 CISSP" which is ALL OVER linkedin.
  • jelevatedjelevated Member Posts: 139
    Saw someone the other day who recently put Associate of ISC2 as one of their certs on there. But they put CISSP right after their name. Hoping ISC2 will take care of that ;)

    Just reading that makes me angry!
  • jamthatjamthat Member Posts: 303 ■■■□□□□□□□
    Sounds awful..I had a senior linux admin recently ask me (verbatim) "What is a curl?"
  • bigdogzbigdogz Member Posts: 847 ■■■■■■■□□□
    ...can't resist....Curls are used in weights or movement of the 16 -20 oz variety.... YMMV. Curling shots is for the tough ones. icon_cool.gif
  • joshmadakorjoshmadakor Member Posts: 495 ■■■■□□□□□□
    Like other's have said, I didn't think it was possible to **** CISSP. The question bank is enormous. If you somehow were able to **** it, it would take the same amount of time and effort as if you actually studied for the exam. icon_lol.gif
    WGU B.S. Information Technology (Completed January 2013)
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,995 ■■■■■■■■□□
    TheFORCE wrote: »
    Or maybe have him show you his CISSP wallet card.

    He's a linkedin contact I haven't seen in years. Maybe I'll mug him in the parking lot and water board him for the truth. :)
    Still searching for the corner in a round room.
  • UncleBUncleB Member Posts: 417
    lucky0977 wrote: »
    Yeah for sure you can purchase **** online (google it). I've seen quite a few of them from different **** websites because my co-workers will show them to me. They are just stolen questions from CCCure. There are no **** for this exam.

    It took 2 minutes on Google to find sites that have a large number of **** for the ISC2 exams, mostly CISSP (one has 77 **** of an average 1,000 Q's each). I don't want to post links but if you don't believe me, drop me a PM and I'll send you the proof.

    I'm not advocating using them, just pointing out the harsh truth.

    Sorry to rain on your parade.
  • E Double UE Double U Member Posts: 1,685 ■■■■■■■■■□
    Just because websites claim to have CISSP **** doesn't mean those questions actually match the exams.
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, etc

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
Sign In or Register to comment.