What If You Put CISSP (Passed) On Resume before 5yr Requirement

egrizzly · October 2019

Hi all,

I know if you just passed the CISSP yesterday you're not yet certified till you meet your 5 years professional experience requirement. So what if you then put CISSP (Passed) on your resume and LinkedIn? Does that violate anything since you're specifically indicating that you just passed the test?

iBrokeIT · October 2019

If you don't meet the professional experience requirements for the CISSP credential then you are an Associate of (ISC)², not a "CISSP (Passed)". Don't take the chance that someone will misinterpret your claim to be a CISSP, find out you're not and then report you for a code of ethics violation.

cyberguypr · October 2019

Obligatory read: https://community.infosecinstitute.com/discussion/135938/isc2-associate-status-is-a-scam

TLDR: As iBrokeIT said, you can't even mention passing the CISSP on your resume.

yoba222 · October 2019

Technically you risk getting your cert revoked and possibly being banned from future cert attempts. Though I'm pretty sure ISC2 doesn't have an armed police wing (unlike the Food and Drug Administration here in the land of the free) that would break down your front door and arrest you. It instead relies on legitimate CISSP holders to report offenders. CISSP holders have an incentive to keep the certificate valuable and I agree, though not meeting time in rank is much less of an offense than cheeting in my opinion. And it's not like you can bribe your way around time requirements (unlike the CEH).

That said, I definitely wouldn't put CISSP on your LinkedIn profile at all.

lucky0977 · October 2019

Just list that you are an Associate of ISC2. The cert has been around for a while now that the hiring managers know what an associate is.

cyberguypr · October 2019

Except the little detail that the ATS will reject you if CISSP is required.

egrizzly · October 2019

Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

"Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.

cyberguypr · October 2019

This is interesting. Was it an automated email that you received? I checked the ISC2 community and someone from ISC2 said:

"The system-generated email contains a variable field for Certification type or Associate status. It is being populated with the entry in our Association Management System, which is either a Certification(s) or Associate of (ISC)² designation(s) held by each member. Since the system records each Associate designation with the respective exam passed (such as in this case: Associate CISSP), that is what was sent via the email. We understand the confusion on the recipient’s part and others. We are working to ensure the information is populated correctly in email and on the dashboard to align with our policy for how Associate and Certification designations are to be represented publicly.

For example, the official email should read “… has awarded you the Associate of (ISC)² designation” and not “…has awarded you the Associate CISSP Designation.” The same is true for the dashboard."

I also checked that the published logo policy still reads:

"Associates of (ISC)² are NOT certified and may not use any Logo or description other than "Associate of (ISC)²". Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)² certification. "

I'm still confused.

NetworkNewb · October 2019

egrizzly said:

Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

"Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.

Thats definitely interesting since it goes against their policy. Why even have the 5 year experience requirement anymore than? Little disappointed since I'm going for it right now and this would water down this certification a ton. I thought the experience part was a big part of obtaining the certification... Cant imagine this cert is gonna hold its value very well anymore if this is the case. Just another general security cert anyone can get.

JDMurray · October 2019

I understand that (ISC)2 is doing this hair-splitting to protect the quality of their brand of certs, but I don't see how they would take the time or expense to enforce it. It's likely (ISC)2 would only investigate reports of "cert brand abuse" and not actively search for it.

Does ISACA do this hair-splitting for their "only passed the cert exam" vs. "fully qualified for certification" candidates?

NetworkNewb · October 2019

JDMurray said:

I understand that (ISC)2 is doing this hair-splitting to protect the quality of their brand of certs, but I don't see how they would take the time or expense to enforce it. It's likely (ISC)2 would only investigate reports of "cert brand abuse" and not actively search for it.

Does ISACA do this hair-splitting for their "only passed the cert exam" vs. "fully qualified for certification" candidates?

Obviously they wouldn't actively search for it, but it doesn't more than a couple seconds to look up someone to see if they have a certification for when it would be reported. Literally zero point in saying any experience is required if no one actually cares to enforce it.

And yes, ISACA has requirements you have to meet before you can get the certification... here is an example quote taken from the CISA certification page:

"It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements.

This practice is acceptable and encouraged although the CISA designation will not be awarded until all requirements are met."

You don't get to say you have the certification at all.

JDMurray · October 2019

Ha! I remember a very popular former member of TE whose LinkedIn page was filled with cert exams that he had passed but he did not yet have the professional experience for the full certs. I wonder whatever happened to TE's top poster...

nisti2 · October 2019

Is it valid to put "working towards" in general?

cyberguypr · October 2019

I stand by my solution: "Studied for CCSP" under "recent accomplishments" or whatever.

NetworkNewb · October 2019

egrizzly said:

Ok, after all this anxiety I got an official letter from ISC2 saying I can use the designation "Associate CISSP" on my resume, business cards, and anywhere that indicates my professional status.

"Associate CISSP" is definitely wayyy better than "Associate of ISC2" as HR folks will understand Associate CISSP and not the other guy.

I decided to ask myself...

Image: https://us.v-cdn.net/6030959/uploads/editor/9q/t8isrcerab67.png

But... interesting enough the "badge" actually does say the person passed the CISSP. https://www.youracclaim.com/org/isc2/badge/associate-of-isc
(there are 7 different Associate of ISC2 badge links for each different cert for those wondering)

Yet, their policy "Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than "Associate of (ISC)²", in any manner"

I give up!

yoba222 · October 2019

Weird. Maybe someone at ISC2 was confused and didn't know what they were talking about regarding "Associate CISSP."

JDMurray · October 2019

cyberguypr said:

I stand by my solution: "Studied for CCSP" under "recent accomplishments" or whatever.

You can also put "Completed Acme CISSP Bootcamp on MM/DD/YYYY" if you did take a CISSP training class. Gotta get that keyword on your resume any legit way you can!

UnixGuy · October 2019

I read many CVs with: "Currently studying for CISSP".

Danielm7 · October 2019

I got a whole slew of goofy ways that people put CISSP on their resume last year, none of which actually took the exam. My favorite was "CISSP Qualified". I asked the recruiter wtf that was supposed to mean. They got back to me with, "they have enough experience, and feel that if they took the exam, they would pass"

That went from a resume that I would look at normally and not care if they had a CISSP or not, to one I moved to the side because they were trying to be tricky.

cyberguypr · October 2019

Fresh from the (ISC)² overlords:
"The issue has been partially addressed. We should no longer be sending emails to Associates of (ISC)² that read "Associate CISSP" or any other certification they are pursuing based on the exam they passed. However, this still needs to be addressed on the member dashboard, where an associate status still displays the certification exam passed. This may cause confusion about how Associates of (ISC)² should publicly represent their designation, and it is being reviewed."

McxRisley · October 2019

A simple solution to all of the confusion would just be to not let anyone take the exam until they meet the experience requirements. Since passing a ISC2 exam before having the experience is essentially like being a part of fight club, what's the point in even allowing unqualified people to take the exam other than it just being a way to get more money?

lucky0977 · October 2019

This is a private company so of course they're in it for the money. $700 to take an exam + $125 for the privilege of retaining your certification + over 100K CISSPs = $$$

You should be able to put on your resume that you are studying for or have passed the CISSP exam. This whole "associate" thing is BS. Same thing for a four year college degree. You could put your major and the expected graduation date to indicate you're pursuing and will eventually be attaining that degree.

NetworkNewb · October 2019

lucky0977 said:

You should be able to put on your resume that you are studying for or have passed the CISSP exam. This whole "associate" thing is BS. Same thing for a four year college degree.

You can put on a resume that you are studying for it... Just not if you passed it. Other certification companies, example: ISACA, do not allow you to say you are certified unless you have the required experience as well.

Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement. Assuming these companies just don't want just a paper warrior getting the cert and want to try and have people that have real world experience.

JDMurray · October 2019

NetworkNewb said:

Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.

Which can be trimmed down to four years experience by having an approved cert (e.g., Security+) or an approved college degree. Didn't there use to be a way to get it down to only three years?

DZA_ · October 2019

JDMurray said:

NetworkNewb said:

Part of the reason why the CISSP is highly sought after is because it has the 5 year experience requirement.

Which can be trimmed down to four years experience by having an approved cert (e.g., Security+) or an approved college degree. Didn't there use to be a way to get it down to only three years?

You can append post education and other security certificates to drop it down to 3 years then the rest is direct security experience in the domains.

JDMurray · October 2019

DZA_ said:

You can append post education and other security certificates to drop it down to 3 years then the rest is direct security experience in the domains.

I do not see a 3-year experience option for CISSP certification on the (ISC)2 Website.

DZA_ · October 2019

Oops, my mistake, I confused it with the CISM where you can use education as a substitution.

1 Year substitution - Completion of an information security management program at an institution aligned with the Model Curriculum

What If You Put CISSP (Passed) On Resume before 5yr Requirement

Comments