A poser says what

I had the enjoyable experience of working with someone from another company recently. I was "loaned out" to assist with a highly technical audit.

The very first time I meet the dude he looks at my (ISC)2 lanyard and asks if I went to a conference. I tell him I have my CISSP and he promptly goes into this long discussion about how he brain dumped for the CISSP and it means nothing at all ever. My reaction was "ok, here is someone who is socially inept and I can handle that."

We started fieldwork and I swear I wanted to fall through the floor every time he opened his mouth. He was asking the client things like "What's a jump server?" "What's a DDOS attack?" "So Linux and Ubuntu are separate distros?" It went on and on and the client lost all confidence in our ability to do anything.

I finally confronted him at the end of the week (this was just after the What's a DDOS attack question) and I asked him if he felt like he was misrepresenting himself on his resume. He totally didn't get it. I told him that when he puts those letters on his resume then people are going to expect a certain body of knowledge to be part of the package, and here he was making an idiot of himself in front of the client because he didn't know the most basic things, and that I was embarrassed by his ignorance.

Does this happen a lot? How much brain dumping actually goes on? How do people get away with it? Who signed off on his CISSP application?! ARGH.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

OctalDump

fullcrowmoon wrote: »

"What's a jump server?"

I learnt something today. I've not come across that term before, although I am familiar with the concept.

Something else that might be relevant from the (ISC)^2 website:

Code of Ethics Canons:
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principles.
Advance and protect the profession.

Looks like this guy broke at least the first 3. And you might need to do something yourself on 4 "protect the profession". Jokers like this need to be kept out of the profession.

OctalDump

DatabaseHead wrote: »

What does fullcrownmoon get from this? Sounds like all risk no reward, no thanks....

Well, he's already lost something from this guy's incompetence, so if he can stop him doing further damage to the CISSP brand and the IT profession it is in his (and everyone else's) interest.

Part of being a professional is behaving ethically. ISC2 has their code of ethics which certified people are expected to adhere to, part of that is protecting the profession. Ethics can be hard sometimes, but it's part of the territory.

Personally, even if I couldn't get ISC2 to do anything (not sure on the details of their procedures and the burden of proof), I'd certainly speak to the client and raise my concerns about the other guy, especially since the client already seems to have a bad opinion.

DPG

joshmadakor wrote: »

Like other's have said, I didn't think it was possible to **** CISSP. The question bank is enormous. If you somehow were able to **** it, it would take the same amount of time and effort as if you actually studied for the exam.

You would think so but there are much higher level certs that are also dumped on a regular basis.

bigdogz

The problem is it is hearsay. If he is the lead guy you may be in trouble as well.
You need witnesses other than yourself. If there are other employees that can help you have a better chance of success. You may want to ask around and see what the other co workers say about him.

Getting help from the customer may be tricky so you may want to stay away. You should talk to the customer on the side and let them know that you will always look out for their interests without making a direct comment about the poser.

Good Luck !!!

LaSeeno

DPG wrote: »

You would think so but there are much higher level certs that are also dumped on a regular basis.

CISSP questions are weighted and there is no **** for the exam. Not like the other vendors where it is word for word, etc.

IronmanX

jelevated wrote: »

Another one is "Associate of ISC2 CISSP" which is ALL OVER linkedin.

Associate of ISC2 CISSP is a real thing. It just means they passed the test but do not have the work experience required.

How to Become an (ISC)² Associate | CISSP, SSCP, CAP and CSSLP
https://www.isc2.org/how-to-become-an-associate.aspx

paul78

FWIW - one of the ways to combat false claims of certification is to issue Open Badges. ISC2 started to do that - although I'm not sure about the adoption rate since I've don't bother with them and I've never actually seen anyone use it - https://www.isc2.org/digital-badges/default.aspx

NetworkNewb

IronmanX wrote: »

Associate of ISC2 CISSP is a real thing. It just means they passed the test but do not have the work experience required.

How to Become an (ISC)² Associate | CISSP, SSCP, CAP and CSSLP
https://www.isc2.org/how-to-become-an-associate.aspx

You actually can't even state which exam you passed according to their rules:

Associates of (ISC)² are NOT certified and may not use any Logo or description other than“Associate of (ISC)²”. Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²certification.

https://www.isc2.org/uploadedfiles/(...guidelines.pdf

bigdogz

To IronmanX's point... the person can call themselves an Associate of (ISC)2 for x certification but cannot clam that certification in a resume.
Also, there is no certificate for becoming an Associate of (ISC)2. You do however have discounts for the AMF's and reduced amount for the CPE's.

cowill

I find a lotta people are willing to brain **** in the real world. I dont knock them tho. I personally dont want to be "this guy" tho...

IronmanX

NetworkNewb wrote: »

You actually can't even state which exam you passed according to their rules:

Associates of (ISC)² are NOT certified and may not use any Logo or description other than“Associate of (ISC)²”. Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²certification.

https://www.isc2.org/uploadedfiles/(...guidelines.pdf

"Under no circumstances may they identify which exam they have successfully passed"

So its right there in the guidelines but i can see why disclosing which exam it was for would make sense.
If they passed the CISSP exam then to move from “Associate of (ISC)²” to CISSP all they need is experience and as a potential employer I may hire some one knowing they will be a CISSP in X amount of time at my company.

However for example if they passed the CCSP exam and I'm really not interested in cloud security they I think I should know that as a employer.

jelevated

IronmanX wrote: »

Associate of ISC2 CISSP is a real thing. It just means they passed the test but do not have the work experience required.

How to Become an (ISC)² Associate | CISSP, SSCP, CAP and CSSLP
https://www.isc2.org/how-to-become-an-associate.aspx

I'm well aware of what the Associate of ISC2 Designation requires and entails, I was one for nearly three years. "Associate of ISC2 CISSP" is not a thing. It is not a certification, it is not a state of mind, it is just as incorrect as saying "Certified Ethical Hacker In Training" or "Cisco Certified Internetworking Junior Technician" to mean CCIE.

Associate of ISC2 is the designation and thats all there is to it. Anything more and ISC2 will reject your application for full CISSP certification (or just ask for an updated resume with this removed). Back in the day it was acceptable to put "Associate of ISC2 Working Toward CISSP" but it appears they reigned this in a bit as well.

WOW! So they've really really tightened the reigns over time. This is the official stance on it, I just chatted with them about it on the website.

Can't list anything other than Associate of ISC2
Can mention what test you passed in verbal interviews
Can't list anything other than associate on paper. (to reiterate).

OP sorry to thread jack, I can move it to a different thread if you want :P

nster

Braindumps suck, everyone I know with a cert braindumped, but at least they weren't THAT ignorant, I hope I won't run into people like that...

What I usually see is people studying for a cert without going into detail (videos, book as reference for stuff they don't understand, little bit of labbing only, so they are usually lost in the real world, and usually don't bother with technet articles and such), then use braindumps and study each question in the braindump (as in they try and understand why it's that answer). Guaranteed pass and they can usually get through the interview process without a hitch, but they seriously lack hands-on experience, they don't have home labs, and it's scary when they are alone managing anything in a production environment (they need supervision so they don't f%^& something up). I have a good while before I'll be ready for MCSA, yet I'll see a bunch with them who seem lost when doing the simplest troubleshooting or powershell command

TechGromit

E Double U wrote: »

Just because websites claim to have CISSP **** doesn't mean those questions actually match the exams.

I concur, if someone is paying for something, someone will fill the need. Be it drugs, prostitutes, brain ****, sports gambling. Now the quality of the merchandise may be misrepresented, the drugs could be fake, an escorts promise services and not deliver, the brain **** could be worthless questions/answer that have nothing to do with the exam, etc... When you dealing with the criminal element, buyer beware.

TechGromit

NetworkNewb wrote: »

Just for fun copy and past the following into LinkedIn's search (leaving the quotes where they are):

"Associate of ISC2" CISSP

I only get 11 hits.

TheFORCE

Found a couple with the title associate of isc2 CISSP also.
We should make fake LinkedIn accounts and call them out!

Danielh22185

sad... sad...

I know A LOT of people who **** certs. So far most of them are nothing beyond average. It's gratifying for me to have passed many of them by so long ago...

TechGromit

jamthat wrote: »

Sounds awful..I had a senior linux admin recently ask me (verbatim) "What is a curl?"

I'll have to admit had to look it up myself.

LaSeeno

TheFORCE wrote: »

Found a couple with the title associate of isc2 CISSP also.
We should make fake LinkedIn accounts and call them out!

What is this, mean girls?

LaSeeno

NetworkNewb wrote: »

Exactly, we all know that calling out someone who is blatantly lying and cheating is the same as bullying.

Since your a CISSP, I would think it is almost your duty to notify them when you see that someone is knowingly breaking their guidelines. I could make a legitimate argument that in not doing so your not following their Code of Ethics Canons.

Riiight, making fake Linkedin accounts? Come on, that's some high school girlie stuff.

gespenstern

Correct me if I'm wrong, but you can't send messages to random people on LinkedIn, you have to have a paid premium account.

If it wasn't like that I'd volunteer to send them a request to remove any mentions of the exam passed using my account, why would I hide. If they don't comply in a few months I'd report them.

TheFORCE

gespenstern wrote: »

Correct me if I'm wrong, but you can't send messages to random people on LinkedIn, you have to have a paid premium account.

If it wasn't like that I'd volunteer to send them a request to remove any mentions of the exam passed using my account, why would I hide. If they don't comply in a few months I'd report them.

Maybe you are right, maybe we should all do that for the betterment of the profession. Funny thing, some of these people where KPMG and Google employees. I would think at least KPMG would know about compliance.

gespenstern

TheFORCE wrote: »

I would think at least KPMG would know about compliance.

Just ask Arthur Andersen LLP on how to cook the books. The remaining four just haven't been caught big time.

leboratorical

E Double U wrote: »

I love it when things just come together.

Did you just do the A-Team?

TechGromit

NetworkNewb wrote: »

When she invites you back to her place and she turns out to be a he...

I would demand a discount.

jamthat

TechGromit wrote: »

I'll have to admit had to look it up myself.

Well, I'll do you one better..he was trying to test connectivity from one of his DMZ servers inbound (must have messed up the firewall rules, right?) and he couldn't 'ping port 2001'. I said..huh? and he sent me a screenshot of "ping -p 2001"

Mike7

jamthat wrote: »

he sent me a screenshot of "ping -p 2001"

To be fair, CISSP is security management. He should be more humble though.

TechGromit wrote: »

Is there another way to verify if someone is a CISSP holder?

There is ISC2 verification site. Besides certification numbers on LinkedIn, I link my certifications to Acclaim badges, so anyone can verify them.

NetworkNewb wrote: »

Saw someone the other day who recently put Associate of ISC2 as one of their certs on there. But they put CISSP right after their name. Hoping ISC2 will take care of that

A co-worker listed OSCP on his LinkedIn professional headline. When asked, he admitted that he signed up for the labs a year ago but never took the exam. And we know that he lacks the technical experience to pass OSCP. To each his own.

I kinda like digital badges and hope more certification bodies use them. They are a source of motivation. My precious,

fullcrowmoon

Quick update - He got fired for incompetence. I feel satisfied.

cowill

DatabaseHead wrote: »

What does fullcrownmoon get from this? Sounds like all risk no reward, no thanks....

Yea, I'm with this dude^^^ Telling on him does what exactly?

He already got fired. If somebody is faking jax, it will come to light. Let them play themselves out. Sometime being a tattle tell causes more problems.

This is a funny story tho..."Are Linux and Ubuntu different distros?"......LMAO...

He didn't belong anywhere near CISSP

Mike7

fullcrowmoon wrote: »

Quick update - He got fired for incompetence. I feel satisfied.

Source: https://giphy.com/gifs/happy-excited-applause-BQAk13taTaKYw