ISC2 Associate Status is a scam.

[Rant] I am fine with a probationary status, but where you have to be very, very careful with what is put on a resume after passing their overpriced tests (Luckily my school program paid for this one.) and not meeting the experience requirements, is a scam. I have to pay $50 to be an Associate and not be able to say even what exam I passed? As if Certs in this day and age weren't finding enough ways to bleed more money out of us as it is. If there is going to be this kind of restriction then they should not let people who are outside of a year of the work experience required to even sit for the tests. I am probably a little less than two years shy of the work experience needed for full certification for the CCSP.

I figured I would be able to say passed CCSP exam or Provisionally passed on my resume, but nope you have to be very careful saying anything about the actually exam that was passed if you are not fully certified. I am fine with wanting to be seen as prestigious, but pretty much negating the accomplishment of passing the test with severe restrictions from adding it to a resume or linkedin is theft. No one cares if you are an Associate of ISC2. They want to know what exam you passed.

I understand many will disagree with me, but I hope you would understand why I feel this way. After spending all that time studying and stressing over the test to be told you can pretty much only put ISC2 Associate on your resume, instead of identifying the exam at least, is just wrong. What stinks, is for me to advance in my position, I need to get the CISSP down the road and I would rather not give more blood money to ISC2.

And no I did not go searching through all of ISC2's horribly designed website to know before taking the test that I couldn't even mention CCSP on my resume outside of very specific wording (there is a ISC2 forum discussion that talks about the proper wording). I figured, after reading the obvious requirements that, "Oh, okay I will be a CCSP Associate or something." Nope I am just an Associate and if I put "CCSP" anywhere around it, I could have my Associate status revoked and be banned from getting any other ISC2 certs. Sorry that is just ridiculous. Yes, I understand people could trick potential employers into thinking they are fully certified when they are not. That is why ISC2 should give Provisional Certs or something specific to the test taken that shows an individual has not quite met all the requirements for full certification, but has passed the exam. I would take a piece of paper that says, "Not Fully CCSP Certified, but Passed the Exam." over this "give us 50 bucks, so you can say you know ISC2....and that's it. Garbage restrictions. [End Rant]

Find more posts tagged with

CCSP

ISC2

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

PC509

I get your complaint, except for the last paragraph. That information is out there, asked weekly in various forums, and they are pretty up front about the Associate of ISC(2) if you don't have the experience.

They should allow you to put in the Associate of ISC(2) - CCSP. I can see why they don't (treat it the same as the full CCSP, with experience), but it's still a pain.

[Deleted User]

I completely understand not treating it as a full cert, but they should provide a method for letting potential employers, via resume, know an individual passed a specific exam. Colleges/Universities provide unofficial transcripts, ISC2 could do the same.

My rant is based on passing what I thought was a pretty impressive test for my experience, but my resume gets to remain CCSP free, because ISC2 won't come up with a better way of rewarding less experienced test takers. It just bites that in the competitive field of Information Technology where every little thing helps, I can't really even mention an industry exam that could give me a boost over the competition. Just frustrating, but yes I will survive and live another day, though slightly more salty about the world of computer certs.

JoJoCal19

How far off are you from gaining the requisite experience to be able to apply for full CCSP status? If it's a year or less, then just know that it's sitting there waiting for you once you're ready. If it's much more than that, I really don't understand the logic of testing for something you can't utilize for a long time. In that case I'd have gone for the CCSK instead. If you're looking to get some recognition for cloud knowledge on your resume quickly, I'd look into that.

NetworkNewb

selloursouls said:

And no I did not go searching through all of ISC2's horribly designed website to know before taking the test that I couldn't even mention CCSP on my resume outside of very specific wording (there is a ISC2 forum discussion that talks about the proper wording). I figured, after reading the obvious requirements that, "Oh, okay I will be a CCSP Associate or something." Nope I am just an Associate

Seriously... come on

Image: https://us.v-cdn.net/6030959/uploads/editor/mz/mvxzk57us27l.jpg

NetworkNewb

selloursouls said:

I completely understand not treating it as a full cert, but they should provide a method for letting potential employers, via resume, know an individual passed a specific exam.

That would pretty much defeat the purpose of requiring the experience.

cyberguypr

You studied for that CCSP right? ISC2 code of ethics says nothing about restrictions on listing what you studied for.

NetworkNewb

cyberguypr said:

You studied for that CCSP right? ISC2 code of ethics says nothing about restrictions on listing what you studied for.

Thats probably the sneakiest and best way I've heard of yet ^^

cyberguypr

I went to the EC Council School of Sneakyness. LOL!

stryder144

cyberguypr said:

You studied for that CCSP right? ISC2 code of ethics says nothing about restrictions on listing what you studied for.

I was going to suggest the very same thing. Also, if I am not mistaken, they do give you access to a digital badge that says Associate - (ISC)2 - CCSP that you can post to your LinkedIn page. I could most definitely be wrong on that one, so further research, or if another member here knows if that is right or wrong, would be needed.

PCTechLinc

cyberguypr said:

I went to the EC Council School of Sneakyness. LOL!

Certified Ethical Studier

internutzz

stryder144 said:

I was going to suggest the very same thing. Also, if I am not mistaken, they do give you access to a digital badge that says Associate - (ISC)2 - CCSP that you can post to your LinkedIn page. I could most definitely be wrong on that one, so further research, or if another member here knows if that is right or wrong, would be needed.

The Acclaim badge you can post on LinkedIn doesn't say the exam that was passed as part of the graphics, but if you click on it then it shows the certification name and details.
This is the CCSP one: https www youracclaim com /org/isc2/badge/associate-of-isc.4
(I'm too new to post links so you'll need to fill in the blanks)

UnixGuy

Umm I don't understand the problem, so you put ISC2 associate CCSP , why is that bad?

you still have the keyword , you have a proof that you have knowledge...and I can bet many (if not most) hiring managers don't know that difference between CCSP and associate CCSP, and those who do will appreciate that you have the knowledge. No stress.

Congrats on passing, you're overthinking it. I have all my 'expired' certs in my CV...no one asks me what's recent and whats not, including a CCNA from 2006 (granted i don't work as a network engineer, but the cert is still a proof that I have the knowledge).

cyberguypr

No, no. He can put "Associate of ISC2", that's it. No CCSP at all. Therefore my "Studied for CCSP" recommendation under "recent accomplishments" or whatever. That way the keyword hits.

shochan

I still think the whole associate status is dumb, if you passed the exam, you should be able to put it on your resume/web blog/wherever. If a person doesn't qualify for the exam due to experience or whatever, then they shouldn't get to sit for it.

the_Grinch

Are you currently working? If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion). Setup someone with VPN access? That's another domain. My experience if ISC2 is they're pretty generous in what counts towards experience.

mikey88

the_Grinch said:

Are you currently working? If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion). Setup someone with VPN access? That's another domain. My experience if ISC2 is they're pretty generous in what counts towards experience.

You are confusing SSCP with CCSP

internutzz

shochan said:

I still think the whole associate status is dumb, if you passed the exam, you should be able to put it on your resume/web blog/wherever. If a person doesn't qualify for the exam due to experience or whatever, then they shouldn't get to sit for it.

My opinion is that certifications should be used to validate experience, so I certainly don't disagree with you. However, we keep hearing about the skills shortage in our industry, and I guess the Associate programme is an answer to that. In theory the Associate designation encourages people into the industry who have the skills and capabilities to pass the exams but who don't yet have the experience to qualify for the certifications. As such, I can also see how that's (potentially) a good thing.

NetworkNewb

shochan said:

I still think the whole associate status is dumb, if you passed the exam, you should be able to put it on your resume/web blog/wherever. If a person doesn't qualify for the exam due to experience or whatever, then they shouldn't get to sit for it.

You should know you can't do it before even taking the exam... Its amazing that people complain about this AFTER the fact.

Its like people taking out a college loans and then after they are done with college complaining they have to pay back all that money. Or we've seen a bunch on this site some people complaining about what college courses they need to take AFTER they have been going for like 2-3 years!

"they shouldn't get to sit for the exam"??? They should know what is gonna happen before they do something. If someone wants the Associate title they can get it, if they don't they should wait til have all the requirements. ISC2 doesn't hide this fact or make it hard to understand. (even though the OP was trying use that excuse) We all gotta grow up and take some responsibility for our actions at some point.

the_Grinch

mikey88 said:

the_Grinch said:

Are you currently working? If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion). Setup someone with VPN access? That's another domain. My experience if ISC2 is they're pretty generous in what counts towards experience.

You are confusing SSCP with CCSP

Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the (ISC)² SSCP CBK:

Domain 1. Access Controls
Domain 2. Security Operations and Administration
Domain 3. Risk identification, Monitoring, and Analysis
Domain 4. Incident Response and Recovery
Domain 5. Cryptography
Domain 6. Network and Communications Security
Domain 7. Systems and Application Security

Active Directory = Access Controls
VPN = Network and Communications Security
Backups = Incident Response and Recovery

Unless I'm missing something?

mikey88

the_Grinch said:

if you've setup users in Active Directory for a year you have the required experience.

Is what I meant. SSCP=1yr vs CCSP=5yrs. Just making sure we're talking about the same cert here.

UnixGuy

cyberguypr said:

No, no. He can put "Associate of ISC2", that's it. No CCSP at all. Therefore my "Studied for CCSP" recommendation under "recent accomplishments" or whatever. That way the keyword hits.

If I were him I'd just put that I passed the CCSP exam

wd40

the_Grinch said:

Are you currently working? If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion). Setup someone with VPN access? That's another domain. My experience if ISC2 is they're pretty generous in what counts towards experience.

I had a similar experience when I passed the CISA exam, I though I didn't have the experience but my mentor told me to apply and see what happens.

So, I sent ISACA an e-mail saying I do backups and I am the Business Continuity Management coordinator.

They said tick the boxes, sign the form and pay the fees, so I did that and now I am a CISA.

VipreArmed

Hey everyone,

I've been working at a medical facility for the last 6+ years and am currently a Sr. Systems Admin. It's a small facility that has 3 other satellite locations and I've been pretty much their IT/Security/Compliance guy (you name it) during this time. I currently hold a CompTIA Security+ certification and some smaller heatlhcare certs but I'm looking to add on and part of my contract renewal I managed to get my employer to pay for future certifications and training.

I'm preparing to take the HCISPP exam so my question is how do they go about verifying experience? You need 2 years of experience (1 in healthcare) so I figure I check all the boxes but just curious to how they go about verification? Is it as simple as contacting your employer or what? I don't want to take this exam and have to be known as an Associate if I don't have to.

stryder144

VipreArmed said:

Hey everyone,

I've been working at a medical facility for the last 6+ years and am currently a Sr. Systems Admin. It's a small facility that has 3 other satellite locations and I've been pretty much their IT/Security/Compliance guy (you name it) during this time. I currently hold a CompTIA Security+ certification and some smaller heatlhcare certs but I'm looking to add on and part of my contract renewal I managed to get my employer to pay for future certifications and training.

I'm preparing to take the HCISPP exam so my question is how do they go about verifying experience? You need 2 years of experience (1 in healthcare) so I figure I check all the boxes but just curious to how they go about verification? Is it as simple as contacting your employer or what? I don't want to take this exam and have to be known as an Associate if I don't have to.

If it follows most of their other certifications, you will need to be endorsed by a current (ISC)2 certified member (can't remember if it has to be in the certification you are looking to pass or not). If there are none available, you can go through the formal endorsement process through their website, which will require that you show your dates of employment, who you were employed by, etc. They may decide to contact your employer for verification purposes. If you have verifiable employment in the healthcare field, it should be a piece of cake either way.

VipreArmed

stryder144 said:

VipreArmed said:

Hey everyone,

I've been working at a medical facility for the last 6+ years and am currently a Sr. Systems Admin. It's a small facility that has 3 other satellite locations and I've been pretty much their IT/Security/Compliance guy (you name it) during this time. I currently hold a CompTIA Security+ certification and some smaller heatlhcare certs but I'm looking to add on and part of my contract renewal I managed to get my employer to pay for future certifications and training.

I'm preparing to take the HCISPP exam so my question is how do they go about verifying experience? You need 2 years of experience (1 in healthcare) so I figure I check all the boxes but just curious to how they go about verification? Is it as simple as contacting your employer or what? I don't want to take this exam and have to be known as an Associate if I don't have to.

If it follows most of their other certifications, you will need to be endorsed by a current (ISC)2 certified member (can't remember if it has to be in the certification you are looking to pass or not). If there are none available, you can go through the formal endorsement process through their website, which will require that you show your dates of employment, who you were employed by, etc. They may decide to contact your employer for verification purposes. If you have verifiable employment in the healthcare field, it should be a piece of cake either way.

Thanks. Thats what I was hoping for. Wasn't sure how much of a vetting process it was as it would be my first (ISC)2 certification.

StrikingInfluencer

As someone who recently passed the CISSP and had the experience I understand your frustration, however there is a reason why the (ISC)2 certifications are highly sought after. I was initially offered (through my employer) the opportunity to take a CISSP boot-camp with the expectation that I would acquire the CISSP afterwards. At the time I only had 1 year of security experience and a few years of other related IT experience. I declined, because I knew I wouldn't be able to get a full-blown CISSP and I thought it would be better to just wait and gain more experience and other certs like the Security+. Two years later, I self studied for the exam and passed it, immediately becoming a full-blown CISSP.

I actually really appreciate the (ISC)2 verification and credentialing process of holding members to a higher standard with both experience and knowledge. As many on here have said, it's no surprise and their website isn't that difficult. They make it abundantly clear that if you don't have experience you cannot identify with their certifications.

JDMurray

If this is about getting a keyword on your resume, using this on your resume is what I would recommend:

Associate of (ISC)2 (passed exam_name exam on mm/dd/yyyy)

NetworkNewb

JDMurray said:

If this is about getting a keyword on your resume, using this on your resume is what I would recommend:

Associate of (ISC)2 (passed exam_name exam on mm/dd/yyyy)

Still against their guidelines doing that. I wouldn’t risk it personally, but I’m sure a bunch of people do that.

VipreArmed

Appreciate it everyone. I'm probably overthinking it because again, I feel like I have the experience to do it but it was a little disappointing when I started reading stories of people passing their exams and being unable to use the certification on a resume, LinkedIn, etc. I've been in IT for over 10 years and as I said the last 6 have been at medical facility.