CISSP Endorsement

swyble1swyble1 Junior MemberMember Posts: 4 ■□□□□□□□□□

Recently I passed the CISSP exam and am looking for another CISSP to endorse me. Is there one out there willing to do so?


  • contentproscontentpros Senior Member Member Posts: 115 ■■■■□□□□□□

    I think you may have an issue finding a random person to endorse you. It's nothing personal but you are asking somebody to vouch for you and your experience. This is a hard thing for any ISC2 member to do since they are attesting that know you personally and your work history/experience. I know that generally having an endorser helps to speed the process along versus using the ISC2 as your endorser but that is part of the reason they offer the option to have the ISC2 endorse you. I was in this position myself a while ago and it did take me about 2 weeks longer then average to get my congrats letter.

    Best of luck in your journey.
  • swyble1swyble1 Junior Member Member Posts: 4 ■□□□□□□□□□
    Yea ISC2 said it would take 4 to 6 weeks for them to do the endorsement. So taking a look at someone's resume and asking questions about what they did realted to information security isn't enough? Asking for references and contact information to talk to former coworkers wouldn't do? It's effectively the same thing that the ISC2 corporate CISSP would do. Just looking for someone willing to do a little leg work.
  • swyble1swyble1 Junior Member Member Posts: 4 ■□□□□□□□□□
    I just looked up what a certified CISSP would have to do to certify another. It's not much:

    To qualify for the CISSP credential, a candidate must:

    Demonstrate that they have the minimum requirement for certification which is five years of Professional and
    relevant work experience in two or more of the 10 domains of the CISSP CBK® or four years of work
    experience with an applicable college degree or a credential from the (ISC)²-approved list.

    Here's some of the things I've done over the years:

    I have been working in IT for approximately 18 years.
    Supported 9 token ring LANs for Discover Financial Services. Managed two Carriers (Sprint and AT&T) which interconnected the 9 token ring LANs via RSRB WANs.
    Replaced each of the 9 token ring networks with 9 Cisco Ethernet networks and replaced the Sprint RSRB WAN with ATM.
    After I did that, then I decided to get my CCNA, CCNP, and CCDP certifications. My Cisco ID for the certs is CSCO10054262.
    Managed a PIX firewall between DFS and our parent company Morgan Stanely for 5 years.
    Introduced, installed, configured, and supported CiscoSecure ACS for Windows starting in 1999 and continued to provided 3rd level support for it until 2008. We used it to provide AAA services to our Network administrators (TACACS+) at first, then used it to provide RADIUS services for the Cisco Wireless network we installled.

    In 2001 I joined the DFS Security Engineering team where some of my responsibilites were sitting on an Architecture Review Board for 2 1/2 years reviewing projects to ensure that they were following policies and standards and working with thier team members to improve security related issues.

    As a member of this team we built out a 4 zoned network model devided by checkpoint/ Nokia based firewalls using Provider -1. At first we had VPN-1 installed to provide our remote access solution, but recently replaced it with Juniper SA gateways. As part of this remote access solution, we rolled out 4,500 hard/ soft tokens using RSA Securid appliances. The appliances were also used to help make a subsidiary's remote access solution PCI DSS compliant by using RADIUS and introducing tokens for 2 factor authentication as well.

    The appliances also replaced the RSA ACE/ Server 5.2 Solaris-based servers we had in our management network that we also built out in 2001.

    As part of the security build out I installed, configured, and managed ISS Site Protector and RealSecure network Gigabit and fast ethernet network intrusion detection sensor and supported them until I left the company in 2008.

    Prior to all of the above I was an OS/2 LAN Server Adminsitrator where we created OS/2 workstation and server builds, Installed and custom configured applications to run on this operating system and provided user management as well as code releases for in-house built mission critical applications.

    I can provide a copy of my college diploma and resume to someone willing to endorsement along with refences and contact information.

  • JDMurrayJDMurray Certification Invigilator Surf City, USAAdmin Posts: 12,845 Admin
    Yes, but you need to realize what requirements the endorser has, as listed on the endorsement form. Speaking as an (ISC)2 member who has endorsed others for the CISSP cert, honestly performing these verifications is very difficult for someone who wasn't your manager or colleague to do.
    When acting as an Endorser you assume the responsibility of confirming the background and qualifications of the candidate you are endorsing. Below are a set of guidelines that you must consider and follow before you complete and sign the endorsement form. These guidelines may be used as a checklist throughout the endorser's review process and should be submitted along with the signed endorsement form.

    Demonstrate that they have the minimum requirement for certification which is five years of Professional and relevant work experience in two or more of the 10 domains of the CISSP CBK® or four years of work experience with an applicable college degree or a credential from the (ISC)²-approved list.

    Step 1 - Consistency Evaluation. A comparison shall be made of the job information provided on the resume to the requirement. Any discrepancies, or apparent discrepancies, shall be noted and recorded on the resume.

    Step 2 - Job Verification. Each job listed on the resume as professional information security experience (ignore any positions that do not involve or relate to the requirements for certification) must be validated.

    Step 3 - Determination if Jobs/Positions Constitute Professional Experience. Determining what jobs constitute professional experience (vs. those that are non-professional or para-professional) will involve a comparison between each job/position title and corresponding description of duties.

    At the end of the process, the total number of months denoted as “Valid Experience” must be totaled and must equal the number of years required for the specific certification (60 months for the CISSP, 24 months for the CAP, and 12 months for the SSCP) to determine if the minimum experience requirement has been met.
Sign In or Register to comment.