What If You Put CISSP (Passed) On Resume before 5yr Requirement

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
Hi all,

I know if you just passed the CISSP yesterday you're not yet certified till you meet your 5 years professional experience requirement. So what if you then put CISSP (Passed) on your resume and LinkedIn?  Does that violate anything since you're specifically indicating that you just passed the test?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:

Comments

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    If you don't meet the professional experience requirements for the CISSP credential then you are an Associate of (ISC)², not a "CISSP (Passed)".  Don't take the chance that someone will misinterpret your claim to be a CISSP, find out you're not and then report you for a code of ethics violation.  
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Obligatory read: https://community.infosecinstitute.com/discussion/135938/isc2-associate-status-is-a-scam

    TLDR: As iBrokeIT said, you can't even mention passing the CISSP on your resume. 
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Technically you risk getting your cert revoked and possibly being banned from future cert attempts. Though I'm pretty sure ISC2 doesn't have an armed police wing (unlike the Food and Drug Administration here in the land of the free) that would break down your front door and arrest you. It instead relies on legitimate CISSP holders to report offenders. CISSP holders have an incentive to keep the certificate valuable and I agree, though not meeting time in rank is much less of an offense than cheeting in my opinion. And it's not like you can bribe your way around time requirements (unlike the CEH).

    That said, I definitely wouldn't put CISSP on your LinkedIn profile at all.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Just list that you are an Associate of ISC2. The cert has been around for a while now that the hiring managers know what an associate is.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Except the little detail that the ATS will reject you if CISSP is required. 
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

    "Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    This is interesting. Was it an automated email that you received? I checked the ISC2 community and someone from ISC2 said:

    "The system-generated email contains a variable field for Certification type or Associate status. It is being populated with the entry in our Association Management System, which is either a Certification(s) or Associate of (ISC)² designation(s) held by each member. Since the system records each Associate designation with the respective exam passed (such as in this case: Associate CISSP), that is what was sent via the email. We understand the confusion on the recipient’s part and others. We are working to ensure the information is populated correctly in email and on the dashboard to align with our policy for how Associate and Certification designations are to be represented publicly.

    For example, the official email should read “… has awarded you the Associate of (ISC)² designation” and not “…has awarded you the Associate CISSP Designation.” The same is true for the dashboard."

    I also checked that the published logo policy still reads:

    "Associates of (ISC)² are NOT certified and may not use any Logo or description other than "Associate of (ISC)²". Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)² certification. "

    I'm still confused. 


  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    egrizzly said:
    Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

    "Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.
    Thats definitely interesting since it goes against their policy.   Why even have the 5 year experience requirement anymore than?  Little disappointed since I'm going for it right now and this would water down this certification a ton.   I thought the experience part was a big part of obtaining the certification... Cant imagine this cert is gonna hold its value very well anymore if this is the case.   Just another general security cert anyone can get.   
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I understand that (ISC)2 is doing this hair-splitting to protect the quality of their brand of certs, but I don't see how they would take the time or expense to enforce it. It's likely (ISC)2 would only investigate reports of "cert brand abuse" and not actively search for it.

    Does ISACA do this hair-splitting for their "only passed the cert exam" vs. "fully qualified for certification" candidates?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    edited October 2019
    JDMurray said:
    I understand that (ISC)2 is doing this hair-splitting to protect the quality of their brand of certs, but I don't see how they would take the time or expense to enforce it. It's likely (ISC)2 would only investigate reports of "cert brand abuse" and not actively search for it.

    Does ISACA do this hair-splitting for their "only passed the cert exam" vs. "fully qualified for certification" candidates?
    Obviously they wouldn't actively search for it, but it doesn't more than a couple seconds to look up someone to see if they have a certification for when it would be reported.    Literally zero point in saying any experience is required if no one actually cares to enforce it.

    And yes, ISACA has requirements you have to meet before you can get the certification...  here is an example quote taken from the CISA certification page: 

    "It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements.

    This practice is acceptable and encouraged although the CISA designation will not be awarded until all requirements are met."


    You don't get to say you have the certification at all.  

  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    edited October 2019
    Ha! I remember a very popular former member of TE whose LinkedIn page was filled with cert exams that he had passed but he did not yet have the professional experience for the full certs. I wonder whatever happened to TE's top poster...
  • nisti2nisti2 Member Posts: 503 ■■■■□□□□□□
    Is it valid to put "working towards" in general? 
    2020 Year goals:
    Already passed: Oracle Cloud, AZ-900
    Taking AZ-104 in December.

    "Certs... is all about IT certs!"
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I stand by my solution: "Studied for CCSP" under "recent accomplishments" or whatever. :smiley:
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    edited October 2019
    egrizzly said:
    Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

    "Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.
    I decided to ask myself... 



    But... interesting enough the "badge" actually does say the person passed the CISSP.   https://www.youracclaim.com/org/isc2/badge/associate-of-isc
    (there are 7 different Associate of ISC2 badge links for each different cert for those wondering)

    Yet, their policy "Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner"

    I give up! 
    :D 


  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Weird. Maybe someone at ISC2 was confused and didn't know what they were talking about regarding "Associate CISSP."
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I stand by my solution: "Studied for CCSP" under "recent accomplishments" or whatever. :smiley:

    You can also put "Completed Acme CISSP Bootcamp on MM/DD/YYYY" if you did take a CISSP training class. Gotta get that keyword on your resume any legit way you can!
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I read many CVs with:  "Currently studying for CISSP".
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    edited October 2019
    Fresh from the (ISC)² overlords:
    "The issue has been partially addressed. We should no longer be sending emails to Associates of (ISC)² that read "Associate CISSP" or any other certification they are pursuing based on the exam they passed. However, this still needs to be addressed on the member dashboard, where an associate status still displays the certification exam passed. This may cause confusion about how Associates of (ISC)² should publicly represent their designation, and it is being reviewed."
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    A simple solution to all of the confusion would just be to not let anyone take the exam until they meet the experience requirements. Since passing a ISC2 exam before having the experience is essentially like being a part of fight club, what's the point in even allowing unqualified people to take the exam other than it just being a way to get more money?
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    edited October 2019
    This is a private company so of course they're in it for the money. $700 to take an exam + $125 for the privilege of retaining your certification + over 100K CISSPs = $$$


    You should be able to put on your resume that you are studying for or have passed the CISSP exam. This whole "associate" thing is BS. Same thing for a four year college degree. You could put your major and the expected graduation date to indicate you're pursuing and will eventually be attaining that degree.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    lucky0977 said:
    You should be able to put on your resume that you are studying for or have passed the CISSP exam. This whole "associate" thing is BS. Same thing for a four year college degree. 
    You can put on a resume that you are studying for it... Just not if you passed it.   Other certification companies, example: ISACA, do not allow you to say you are certified unless you have the required experience as well.  

    Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.   Assuming these companies just don't want just a paper warrior getting the cert and want to try and have people that have real world experience. 
  • JDMurrayJDMurray Admin Posts: 13,101 Admin

    Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.  

    Which can be trimmed down to four years experience by having an approved cert (e.g., Security+) or an approved college degree. Didn't there use to be a way to get it down to only three years?
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    JDMurray said:

    Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.  

    Which can be trimmed down to four years experience by having an approved cert (e.g., Security+) or an approved college degree. Didn't there use to be a way to get it down to only three years?
    You can append post education and other security certificates to drop it down to 3 years then the rest is direct security experience in the domains. 
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    DZA_ said:

    You can append post education and other security certificates to drop it down to 3 years then the rest is direct security experience in the domains. 

    I do not see a 3-year experience option for CISSP certification on the (ISC)2 Website.
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    Oops, my mistake, I confused it with the CISM where you can use education as a substitution. 

    1 Year substitution - Completion of an information security management program at an institution aligned with the Model Curriculum
Sign In or Register to comment.