How have most of you achieved the endorsement?

One of the things that has held me back for so long on the CISSP is somehow achieving endorsement from another CISSP or the "audit" they perform on your experience. Unfortunately, I don't have anyone locally that who holds a CISSP (most people I know are network engineers).

Has anyone done the audit, sans a CISSP endorsement? If so, how difficult is it? CISSP is next up on my list and I just want to have the after-test figured out ahead of time...

Find more posts tagged with

Comments

Mrock4

I was working with someone who was a CISSP- so he endorsed me, but I was a full-time network engineer at that time.

If I didn't have anyone, my plan was to check out local security groups/meetups and network there, and hopefully land someone willing to endorse me. It was pretty darn quick with someone endorsing me- I think it was about 17 days from my "pass" to being good to go.

emerald_octane

Pass CISSP and you can ask (ISC)2 to find someone to audit for you.

I've heard many "old boys club" tales of people with zero to none info sec experience yet getting vouched for by their work buddies for a case of beer. Eh whatever, i'm not as fortunate however lol.

Audit is nothing to be afraid of. ISC2 will simply check that you meet the relatively rigid guidelines. As long as you meet the qualifications for experience then you should be good.

JDMurray

The (ISC)2's endorsement audit is simply the way the (ISC)2 vetted all CISSP (and SSCP) certification candidates prior to using (ISC)2 members as endorsers to speed up the endorsement process. It's nothing new or evil.

emerald_octane wrote: »

I've heard many "old boys club" tales of people with zero to none info sec experience yet getting vouched for by their work buddies for a case of beer. Eh whatever, i'm not as fortunate however lol.

Where did you hear this? Can you give a link or a reference?

emerald_octane

JDMurray wrote: »

Where did you hear this? Can you give a link or a reference?

I will see if I can find the thread on the yahoo cissp group as they were talking about it briefly a few months ago, and I have heard a few of my less savory coworkers talking about it. But i'm not saying that everyone's doing it. Given the difficulty of the test, and the cost, i'd be surprised if more than 2% of non IT folks were getting the cert through unscrupulous means.

f0rgiv3n

Thanks for the info all. I especially like the "it's not new or evil" portion

. I'll just plan on the auditing and keep movin' forward.

the_hutch

I didn't know any CISSPs in my organization, but since I work for the DOD, I just contacted our 8570 compliance representative to have her look up CISSPs in the local area. Then made a few calls and had the endorsement completed within a couple days.