What If You Put CISSP (Passed) On Resume before 5yr Requirement

Hi all,

I know if you just passed the CISSP yesterday you're not yet certified till you meet your 5 years professional experience requirement. So what if you then put CISSP (Passed) on your resume and LinkedIn? Does that violate anything since you're specifically indicating that you just passed the test?

Find more posts tagged with

cissp

exam passed

Comments

iBrokeIT

If you don't meet the professional experience requirements for the CISSP credential then you are an Associate of (ISC)², not a "CISSP (Passed)". Don't take the chance that someone will misinterpret your claim to be a CISSP, find out you're not and then report you for a code of ethics violation.

cyberguypr

Obligatory read: https://community.infosecinstitute.com/discussion/135938/isc2-associate-status-is-a-scam

TLDR: As iBrokeIT said, you can't even mention passing the CISSP on your resume.

yoba222

Technically you risk getting your cert revoked and possibly being banned from future cert attempts. Though I'm pretty sure ISC2 doesn't have an armed police wing (unlike the Food and Drug Administration here in the land of the free) that would break down your front door and arrest you. It instead relies on legitimate CISSP holders to report offenders. CISSP holders have an incentive to keep the certificate valuable and I agree, though not meeting time in rank is much less of an offense than cheeting in my opinion. And it's not like you can bribe your way around time requirements (unlike the CEH).

That said, I definitely wouldn't put CISSP on your LinkedIn profile at all.

lucky0977

Just list that you are an Associate of ISC2. The cert has been around for a while now that the hiring managers know what an associate is.

cyberguypr

Except the little detail that the ATS will reject you if CISSP is required.

egrizzly

Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

"Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.

cyberguypr

This is interesting. Was it an automated email that you received? I checked the ISC2 community and someone from ISC2 said:

"The system-generated email contains a variable field for Certification type or Associate status. It is being populated with the entry in our Association Management System, which is either a Certification(s) or Associate of (ISC)² designation(s) held by each member. Since the system records each Associate designation with the respective exam passed (such as in this case: Associate CISSP), that is what was sent via the email. We understand the confusion on the recipient’s part and others. We are working to ensure the information is populated correctly in email and on the dashboard to align with our policy for how Associate and Certification designations are to be represented publicly.

For example, the official email should read “… has awarded you the Associate of (ISC)² designation” and not “…has awarded you the Associate CISSP Designation.” The same is true for the dashboard."

I also checked that the published logo policy still reads:

"Associates of (ISC)² are NOT certified and may not use any Logo or description other than "Associate of (ISC)²". Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)² certification. "

I'm still confused.

NetworkNewb

egrizzly said:

Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

"Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.

Thats definitely interesting since it goes against their policy. Why even have the 5 year experience requirement anymore than? Little disappointed since I'm going for it right now and this would water down this certification a ton. I thought the experience part was a big part of obtaining the certification... Cant imagine this cert is gonna hold its value very well anymore if this is the case. Just another general security cert anyone can get.

JDMurray

I understand that (ISC)2 is doing this hair-splitting to protect the quality of their brand of certs, but I don't see how they would take the time or expense to enforce it. It's likely (ISC)2 would only investigate reports of "cert brand abuse" and not actively search for it.

Does ISACA do this hair-splitting for their "only passed the cert exam" vs. "fully qualified for certification" candidates?

NetworkNewb

JDMurray said:

I understand that (ISC)2 is doing this hair-splitting to protect the quality of their brand of certs, but I don't see how they would take the time or expense to enforce it. It's likely (ISC)2 would only investigate reports of "cert brand abuse" and not actively search for it.

Does ISACA do this hair-splitting for their "only passed the cert exam" vs. "fully qualified for certification" candidates?

Obviously they wouldn't actively search for it, but it doesn't more than a couple seconds to look up someone to see if they have a certification for when it would be reported. Literally zero point in saying any experience is required if no one actually cares to enforce it.

And yes, ISACA has requirements you have to meet before you can get the certification... here is an example quote taken from the CISA certification page:

"It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements.

This practice is acceptable and encouraged although the CISA designation will not be awarded until all requirements are met."

You don't get to say you have the certification at all.

JDMurray

Ha! I remember a very popular former member of TE whose LinkedIn page was filled with cert exams that he had passed but he did not yet have the professional experience for the full certs. I wonder whatever happened to TE's top poster...

nisti2

Is it valid to put "working towards" in general?

cyberguypr

I stand by my solution: "Studied for CCSP" under "recent accomplishments" or whatever.

NetworkNewb

egrizzly said:

Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

"Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.

I decided to ask myself...

Image: https://us.v-cdn.net/6030959/uploads/editor/9q/t8isrcerab67.png

But... interesting enough the "badge" actually does say the person passed the CISSP. https://www.youracclaim.com/org/isc2/badge/associate-of-isc
(there are 7 different Associate of ISC2 badge links for each different cert for those wondering)

Yet, their policy "Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner"

I give up!

yoba222

Weird. Maybe someone at ISC2 was confused and didn't know what they were talking about regarding "Associate CISSP."

JDMurray

cyberguypr said:

I stand by my solution: "Studied for CCSP" under "recent accomplishments" or whatever.

You can also put "Completed Acme CISSP Bootcamp on MM/DD/YYYY" if you did take a CISSP training class. Gotta get that keyword on your resume any legit way you can!

UnixGuy

I read many CVs with: "Currently studying for CISSP".

Danielm7

I got a whole slew of goofy ways that people put CISSP on their resume last year, none of which actually took the exam. My favorite was "CISSP Qualified". I asked the recruiter wtf that was supposed to mean. They got back to me with, "they have enough experience, and feel that if they took the exam, they would pass"

That went from a resume that I would look at normally and not care if they had a CISSP or not, to one I moved to the side because they were trying to be tricky.

cyberguypr

Fresh from the (ISC)² overlords:
"The issue has been partially addressed. We should no longer be sending emails to Associates of (ISC)² that read "Associate CISSP" or any other certification they are pursuing based on the exam they passed. However, this still needs to be addressed on the member dashboard, where an associate status still displays the certification exam passed. This may cause confusion about how Associates of (ISC)² should publicly represent their designation, and it is being reviewed."

McxRisley

A simple solution to all of the confusion would just be to not let anyone take the exam until they meet the experience requirements. Since passing a ISC2 exam before having the experience is essentially like being a part of fight club, what's the point in even allowing unqualified people to take the exam other than it just being a way to get more money?

lucky0977

This is a private company so of course they're in it for the money. $700 to take an exam + $125 for the privilege of retaining your certification + over 100K CISSPs = $$$

You should be able to put on your resume that you are studying for or have passed the CISSP exam. This whole "associate" thing is BS. Same thing for a four year college degree. You could put your major and the expected graduation date to indicate you're pursuing and will eventually be attaining that degree.

NetworkNewb

lucky0977 said:

You should be able to put on your resume that you are studying for or have passed the CISSP exam. This whole "associate" thing is BS. Same thing for a four year college degree.

You can put on a resume that you are studying for it... Just not if you passed it. Other certification companies, example: ISACA, do not allow you to say you are certified unless you have the required experience as well.

Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement. Assuming these companies just don't want just a paper warrior getting the cert and want to try and have people that have real world experience.

JDMurray

NetworkNewb said:

Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.

Which can be trimmed down to four years experience by having an approved cert (e.g., Security+) or an approved college degree. Didn't there use to be a way to get it down to only three years?

DZA_

JDMurray said:

NetworkNewb said:

Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.

Which can be trimmed down to four years experience by having an approved cert (e.g., Security+) or an approved college degree. Didn't there use to be a way to get it down to only three years?

You can append post education and other security certificates to drop it down to 3 years then the rest is direct security experience in the domains.

JDMurray

DZA_ said:

You can append post education and other security certificates to drop it down to 3 years then the rest is direct security experience in the domains.

I do not see a 3-year experience option for CISSP certification on the (ISC)2 Website.

DZA_

Oops, my mistake, I confused it with the CISM where you can use education as a substitution.

1 Year substitution - Completion of an information security management program at an institution aligned with the Model Curriculum