ISC2 Associate Status is a scam.

[Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
[Rant] I am fine with a probationary status, but where you have to be very, very careful with what is put on a resume after passing their overpriced tests (Luckily my school program paid for this one.) and not meeting the experience requirements, is a scam. I have to pay $50 to be an Associate and not be able to say even what exam I passed? As if Certs in this day and age weren't finding enough ways to bleed more money out of us as it is. If there is going to be this kind of restriction then they should not let people who are outside of a year of the work experience required to even sit for the tests. I am probably a little less than two years shy of the work experience needed for full certification for the CCSP.

I figured I would be able to say passed CCSP exam or Provisionally passed on my resume, but nope you have to be very careful saying anything about the actually exam that was passed if you are not fully certified. I am fine with wanting to be seen as prestigious, but pretty much negating the accomplishment of passing the test with severe restrictions from adding it to a resume or linkedin is theft. No one cares if you are an Associate of ISC2. They want to know what exam you passed.

I understand many will disagree with me, but I hope you would understand why I feel this way. After spending all that time studying and stressing over the test to be told you can pretty much only put ISC2 Associate on your resume, instead of identifying the exam at least, is just wrong. What stinks, is for me to advance in my position, I need to get the CISSP down the road and I would rather not give more blood money to ISC2.

And no I did not go searching through all of ISC2's horribly designed website to know before taking the test that I couldn't even mention CCSP on my resume outside of very specific wording (there is a ISC2 forum discussion that talks about the proper wording). I figured, after reading the obvious requirements that, "Oh, okay I will be a CCSP Associate or something." Nope I am just an Associate and if I put "CCSP" anywhere around it, I could have my Associate status revoked and be banned from getting any other ISC2 certs. Sorry that is just ridiculous. Yes, I understand people could trick potential employers into thinking they are fully certified when they are not. That is why ISC2 should give Provisional Certs or something specific to the test taken that shows an individual has not quite met all the requirements for full certification, but has passed the exam. I would take a piece of paper that says, "Not Fully CCSP Certified, but Passed the Exam." over this "give us 50 bucks, so you can say you know ISC2....and that's it. Garbage restrictions. [End Rant]
Tagged:

Comments

  • PC509PC509 CISSP, CEH, CCNA: Security/CyberOps, Sec+, CHFI, A+, Proj+, Server+, MCITP Win7, Vista, MCP Server 2 Oregon, USPosts: 771Member ■■■■■□□□□□
    I get your complaint, except for the last paragraph. That information is out there, asked weekly in various forums, and they are pretty up front about the Associate of ISC(2) if you don't have the experience.  

    They should allow you to put in the Associate of ISC(2) - CCSP. I can see why they don't (treat it the same as the full CCSP, with experience), but it's still a pain. 
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    I completely understand not treating it as a full cert, but they should provide a method for letting potential employers, via resume, know an individual passed a specific exam. Colleges/Universities provide unofficial transcripts, ISC2 could do the same.

    My rant is based on passing what I thought was a pretty impressive test for my experience, but my resume gets to remain CCSP free, because ISC2 won't come up with a better way of rewarding less experienced test takers. It just bites that in the competitive field of Information Technology where every little thing helps, I can't really even mention an industry exam that could give me a boost over the competition. Just frustrating, but yes I will survive and live another day, though slightly more salty about the world of computer certs. 
  • JoJoCal19JoJoCal19 California Kid Posts: 2,795Mod Mod
    How far off are you from gaining the requisite experience to be able to apply for full CCSP status? If it's a year or less, then just know that it's sitting there waiting for you once you're ready. If it's much more than that, I really don't understand the logic of testing for something you can't utilize for a long time. In that case I'd have gone for the CCSK instead. If you're looking to get some recognition for cloud knowledge on your resume quickly, I'd look into that.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • NetworkNewbNetworkNewb Posts: 3,251Member ■■■■■■■■■□
    And no I did not go searching through all of ISC2's horribly designed website to know before taking the test that I couldn't even mention CCSP on my resume outside of very specific wording (there is a ISC2 forum discussion that talks about the proper wording). I figured, after reading the obvious requirements that, "Oh, okay I will be a CCSP Associate or something." Nope I am just an Associate 
    Seriously... come on  

  • NetworkNewbNetworkNewb Posts: 3,251Member ■■■■■■■■■□
    I completely understand not treating it as a full cert, but they should provide a method for letting potential employers, via resume, know an individual passed a specific exam. 

    That would pretty much defeat the purpose of requiring the experience.   
  • cyberguyprcyberguypr Senior Member Posts: 6,806Mod Mod
    You studied for that CCSP right? ISC2 code of ethics says nothing about restrictions on listing what you studied for. 
  • NetworkNewbNetworkNewb Posts: 3,251Member ■■■■■■■■■□
    You studied for that CCSP right? ISC2 code of ethics says nothing about restrictions on listing what you studied for. 
    Thats probably the sneakiest and best way I've heard of yet ^^ 
  • stryder144stryder144 Posts: 1,578Member ■■■■■■■■□□
    You studied for that CCSP right? ISC2 code of ethics says nothing about restrictions on listing what you studied for. 
    I was going to suggest the very same thing.  Also, if I am not mistaken, they do give you access to a digital badge that says Associate - (ISC)2 - CCSP that you can post to your LinkedIn page.  I could most definitely be wrong on that one, so further research, or if another member here knows if that is right or wrong, would be needed.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • PCTechLincPCTechLinc CISSP, CHFI, CEH, MCSA Server 2008, Project+, Security+ce, Server+, Network+, A+ King City, CAPosts: 616Member ■■■■■□□□□□
    I went to the EC Council School of Sneakyness. LOL!
    Certified Ethical Studier
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • internutzzinternutzz Posts: 3Member ■■□□□□□□□□
    I was going to suggest the very same thing.  Also, if I am not mistaken, they do give you access to a digital badge that says Associate - (ISC)2 - CCSP that you can post to your LinkedIn page.  I could most definitely be wrong on that one, so further research, or if another member here knows if that is right or wrong, would be needed.
    The Acclaim badge you can post on LinkedIn doesn't say the exam that was passed as part of the graphics, but if you click on it then it shows the certification name and details.
    This is the CCSP one: https   www youracclaim com /org/isc2/badge/associate-of-isc.4
    (I'm too new to post links so you'll need to fill in the blanks)

  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, eJPT, CCNA Posts: 4,015Mod Mod
    Umm I don't understand the problem, so you put ISC2 associate CCSP , why is that bad?

    you still have the keyword , you have a proof that you have knowledge...and I can bet many (if not most) hiring managers don't know that difference between CCSP and associate CCSP, and those who do will appreciate that you have the knowledge. No stress.

    Congrats on passing,  you're  overthinking it. I have all my 'expired' certs in my CV...no one asks me what's recent and whats not, including a CCNA from 2006 (granted i don't work as a network engineer, but the cert is still a proof that I have the knowledge).
    Goal: MBA, August 2020
  • cyberguyprcyberguypr Senior Member Posts: 6,806Mod Mod
    edited August 9
    No, no. He can put "Associate of ISC2", that's it. No CCSP at all. Therefore my "Studied for CCSP" recommendation under "recent accomplishments" or whatever. That way the keyword hits.
  • shochanshochan Senior Member Posts: 856Member ■■■■■□□□□□
    I still think the whole associate status is dumb, if you passed the exam, you should be able to put it on your resume/web blog/wherever.  If a person doesn't qualify for the exam due to experience or whatever, then they shouldn't get to sit for it.  
    2019 goals -> CySA+ (Sept)
    "It's not good when it's done, it's done when it's good" ~ Danny Carey
  • the_Grinchthe_Grinch Posts: 4,154Member ■■■■■■■■■■
    Are you currently working?  If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion).  Setup someone with VPN access?  That's another domain.  My experience if ISC2 is they're pretty generous in what counts towards experience.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Posts: 462Member ■■■■■□□□□□
    Are you currently working?  If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion).  Setup someone with VPN access?  That's another domain.  My experience if ISC2 is they're pretty generous in what counts towards experience.

    You are confusing SSCP with CCSP
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • internutzzinternutzz Posts: 3Member ■■□□□□□□□□
    shochan said:
    I still think the whole associate status is dumb, if you passed the exam, you should be able to put it on your resume/web blog/wherever.  If a person doesn't qualify for the exam due to experience or whatever, then they shouldn't get to sit for it.  
    My opinion is that certifications should be used to validate experience, so I certainly don't disagree with you. However, we keep hearing about the skills shortage in our industry, and I guess the Associate programme is an answer to that. In theory the Associate designation encourages people into the industry who have the skills and capabilities to pass the exams but who don't yet have the experience to qualify for the certifications. As such, I can also see how that's (potentially) a good thing.

  • NetworkNewbNetworkNewb Posts: 3,251Member ■■■■■■■■■□
    edited August 9
    shochan said:
    I still think the whole associate status is dumb, if you passed the exam, you should be able to put it on your resume/web blog/wherever.  If a person doesn't qualify for the exam due to experience or whatever, then they shouldn't get to sit for it.  
    You should know you can't do it before even taking the exam...  Its amazing that people complain about this AFTER the fact.     

    Its like people taking out a college loans and then after they are done with college complaining they have to pay back all that money.    Or we've seen a bunch on this site some people complaining about what college courses they need to take AFTER they have been going for like 2-3 years!  

    "they shouldn't get to sit for the exam"???   They should know what is gonna happen before they do something.  If someone wants the Associate title they can get it, if they don't they should wait til have all the requirements.  ISC2 doesn't hide this fact or make it hard to understand. (even though the OP was trying use that excuse)  We all gotta grow up and take some responsibility for our actions at some point.
      
  • the_Grinchthe_Grinch Posts: 4,154Member ■■■■■■■■■■
    mikey88 said:
    Are you currently working?  If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion).  Setup someone with VPN access?  That's another domain.  My experience if ISC2 is they're pretty generous in what counts towards experience.

    You are confusing SSCP with CCSP

    Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the (ISC)² SSCP CBK:

    • Domain 1. Access Controls
    • Domain 2. Security Operations and Administration
    • Domain 3. Risk identification, Monitoring, and Analysis
    • Domain 4. Incident Response and Recovery
    • Domain 5. Cryptography
    • Domain 6. Network and Communications Security
    • Domain 7. Systems and Application Security
    Active Directory = Access Controls
    VPN = Network and Communications Security
    Backups = Incident Response and Recovery

    Unless I'm missing something?
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Posts: 462Member ■■■■■□□□□□
    edited August 9
    if you've setup users in Active Directory for a year you have the required experience.
    Is what I meant. SSCP=1yr vs CCSP=5yrs. Just making sure we're talking about the same cert here.
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, eJPT, CCNA Posts: 4,015Mod Mod
    No, no. He can put "Associate of ISC2", that's it. No CCSP at all. Therefore my "Studied for CCSP" recommendation under "recent accomplishments" or whatever. That way the keyword hits.
    If I were him I'd just put that I passed the CCSP exam
    Goal: MBA, August 2020
  • wd40wd40 CISA, eJPT, MCP, MCTS, CompTIA x 6 Posts: 988Member ■■■■□□□□□□
    edited August 10
    Are you currently working?  If so, if you've setup users in Active Directory for a year you have the required experience (in my opinion).  Setup someone with VPN access?  That's another domain.  My experience if ISC2 is they're pretty generous in what counts towards experience.

    I had a similar experience when I passed the CISA exam, I though I didn't have the experience but my mentor told me to apply and see what happens.

    So, I sent ISACA an e-mail saying I do backups and I am the Business Continuity Management coordinator.

    They said tick the boxes, sign the form and pay the fees, so I did that and now I am a CISA.
  • VipreArmedVipreArmed Posts: 5Registered Users ■■□□□□□□□□
    Hey everyone,

    I've been working at a medical facility for the last 6+ years and am currently a Sr. Systems Admin.   It's a small facility that has 3 other satellite locations and I've been pretty much their IT/Security/Compliance guy (you name it) during this time.  I currently hold a CompTIA Security+ certification and some smaller heatlhcare certs but I'm looking to add on and part of my contract renewal I managed to get my employer to pay for future certifications and training.  

    I'm preparing to take the HCISPP exam so my question is how do they go about verifying experience? You need 2 years of experience (1 in healthcare) so I figure I check all the boxes but just curious to how they go about verification?  Is it as simple as contacting your employer or what? I don't want to take this exam and have to be known as an Associate if I don't have to. 
  • stryder144stryder144 Posts: 1,578Member ■■■■■■■■□□
    Hey everyone,

    I've been working at a medical facility for the last 6+ years and am currently a Sr. Systems Admin.   It's a small facility that has 3 other satellite locations and I've been pretty much their IT/Security/Compliance guy (you name it) during this time.  I currently hold a CompTIA Security+ certification and some smaller heatlhcare certs but I'm looking to add on and part of my contract renewal I managed to get my employer to pay for future certifications and training.  

    I'm preparing to take the HCISPP exam so my question is how do they go about verifying experience? You need 2 years of experience (1 in healthcare) so I figure I check all the boxes but just curious to how they go about verification?  Is it as simple as contacting your employer or what? I don't want to take this exam and have to be known as an Associate if I don't have to. 
    If it follows most of their other certifications, you will need to be endorsed by a current (ISC)2 certified member (can't remember if it has to be in the certification you are looking to pass or not).  If there are none available, you can go through the formal endorsement process through their website, which will require that you show your dates of employment, who you were employed by, etc.  They may decide to contact your employer for verification purposes.  If you have verifiable employment in the healthcare field, it should be a piece of cake either way.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • VipreArmedVipreArmed Posts: 5Registered Users ■■□□□□□□□□
    Hey everyone,

    I've been working at a medical facility for the last 6+ years and am currently a Sr. Systems Admin.   It's a small facility that has 3 other satellite locations and I've been pretty much their IT/Security/Compliance guy (you name it) during this time.  I currently hold a CompTIA Security+ certification and some smaller heatlhcare certs but I'm looking to add on and part of my contract renewal I managed to get my employer to pay for future certifications and training.  

    I'm preparing to take the HCISPP exam so my question is how do they go about verifying experience? You need 2 years of experience (1 in healthcare) so I figure I check all the boxes but just curious to how they go about verification?  Is it as simple as contacting your employer or what? I don't want to take this exam and have to be known as an Associate if I don't have to. 
    If it follows most of their other certifications, you will need to be endorsed by a current (ISC)2 certified member (can't remember if it has to be in the certification you are looking to pass or not).  If there are none available, you can go through the formal endorsement process through their website, which will require that you show your dates of employment, who you were employed by, etc.  They may decide to contact your employer for verification purposes.  If you have verifiable employment in the healthcare field, it should be a piece of cake either way.
    Thanks.  Thats what I was hoping for.  Wasn't sure how much of a vetting process it was as it would be my first (ISC)2 certification.  
  • StrikingInfluencerStrikingInfluencer CISSP, PCNSA, Sec+, Linux+, Storage+, Net+, A+, Project+, LPIC-1, CIW JSS, CIW - Web Design, MCP Posts: 22Member ■■■□□□□□□□
    As someone who recently passed the CISSP and had the experience I understand your frustration, however there is a reason why the (ISC)2 certifications are highly sought after.  I was initially offered (through my employer) the opportunity to take a CISSP boot-camp with the expectation that I would acquire the CISSP afterwards.  At the time I only had 1 year of security experience and a few years of other related IT experience.  I declined, because I knew I wouldn't be able to get a full-blown CISSP and I thought it would be better to just wait and gain more experience and other certs like the Security+.  Two years later, I self studied for the exam and passed it, immediately becoming a full-blown CISSP. 

    I actually really appreciate the (ISC)2 verification and credentialing process of holding members to a higher standard with both experience and knowledge.  As many on here have said, it's no surprise and their website isn't that difficult.  They make it abundantly clear that if you don't have experience you cannot identify with their certifications. 


  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,381Admin Admin
    If this is about getting a keyword on your resume, using this on your resume is what I would recommend:

    Associate of (ISC)2 (passed exam_name exam on mm/dd/yyyy)
  • NetworkNewbNetworkNewb Posts: 3,251Member ■■■■■■■■■□
    JDMurray said:
    If this is about getting a keyword on your resume, using this on your resume is what I would recommend:

    Associate of (ISC)2 (passed exam_name exam on mm/dd/yyyy)
    Still against their guidelines doing that.   I wouldn’t risk it personally, but I’m sure a bunch of people do that.  
  • VipreArmedVipreArmed Posts: 5Registered Users ■■□□□□□□□□
    Appreciate it everyone.  I'm probably overthinking it because again, I feel like I have the experience to do it but it was a little disappointing when I started reading stories of people passing their exams and being unable to use the certification on a resume, LinkedIn, etc.   I've been in IT for over 10 years and as I said the last 6 have been at medical facility.  
Sign In or Register to comment.