Endorsement Question

blackholeblackhole Member Posts: 59 ■■□□□□□□□□
Just want to clarify .... in the email it says ......

2. YOUR RESUME/CV. Please provide a copy of your resume/CV along with your Endorsement in one email (Note: your resume/CV should be the same as the copy you give to your endorser).

do we need to scan endorsement form and send as an attachment ?
see the emphasize given on "in one email" above.

anyone ?

Comments

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    The endorsement form and your resume are separate attachments (files) in the same email you send to the (ISC)2.

    I found it easier to fill out the form by hand and fax it and my resume to the (ISC)2's office.
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    I thought Endorsement form will be mailed/faxed by the person who is endorsing you.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I've never done that for the people I have endorsed. I usually meet them for lunch, sign the paperwork, and they handle the actual delivery. I can't think of a reason why the endorser would be required to submit the paperwork. Where did you read that?
  • rwmidlrwmidl Member Posts: 807 ■■■■■■□□□□
    JD - there was something I read from ISC(2) as well that said/gave a strong impression that the endorser should send in the information. That being said, I can't find it now and everything I've read/re-read does not indicated one way or another.
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • cabrillo24cabrillo24 Member Posts: 137
    You're the one who's sending it, not the endorser. On a separate note, wouldn't you want to have control of what information is being sent directly to ISC2 with regards to your certification?
    Next Up...
    CCNA: Security (210-260)
    Date: TBD
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    thank you all ... I was put off by the wordings written on ENDORSER'S GUIDELINES

    Please send completed endorsement form and any candidate files, or records to: ..............
  • jayc71jayc71 Member Posts: 112 ■■■■□□□□□□
    I went through this about 1.5 months ago, i had the endorser electronically sign the form and send it back to me. I took both files and sent them in an email.
    CISSP, CCSP, CCSK, Sec+, AWS CSA/Developer/Sysops Admin Associate, AWS CSA Pro, AWS Security - Specialty, ITILv3, Scrummaster, MS, BS, AS, my head hurts.
  • famosbrownfamosbrown Member Posts: 637
    "Please have your endorser mail, fax or email these items to:
    **If you need endorsement assistance you may mail, fax, or email these items to:**"

    These are the instructions in the exam results email you receive. The portions are also bold by ISC2.

    I just filled out my section, digitally signed, then sent the endorsement form, resume, and other related documents to my endorser. He then filled out his portion and CC'd me when he emailed programs@ISC2.org.

    I'm sure it would be okay for the candidate to send in the documentation, but the instructions says to have the endorser send it in. Also may be some integrity issues if the candidate decides to change something before submitting after endorser reviewed and signed. Not likely, but it's still an item of concern...
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    famosbrown wrote: »
    Also may be some integrity issues if the candidate decides to change something before submitting after endorser reviewed and signed. Not likely, but it's still an item of concern...
    That's a good point. The only misuse case I can think of that this would prevent is changing the identity of the candidate that is actually being endorsed on the form. In hardcopy, the form is filled out in pen, so this would be nearly impossible to do cleanly. As an electronic form, it would be easy to do if the form is not signed with a public key that would indicate tampering.

    So far I've only used hardcopy and not played with electronic signing of endorsement forms. How secure the electronic form? Is it just signing a PDF, or is a public key required?
  • famosbrownfamosbrown Member Posts: 637
    JDMurray wrote: »
    That's a good point. The only misuse case I can think of that this would prevent is changing the identity of the candidate that is actually being endorsed on the form. In hardcopy, the form is filled out in pen, so this would be nearly impossible to do cleanly. As an electronic form, it would be easy to do if the form is not signed with a public key that would indicate tampering.

    So far I've only used hardcopy and not played with electronic signing of endorsement forms. How secure the electronic form? Is it just signing a PDF, or is a public key required?


    To allow the candidate to submit gives them the option on how to send (fax, mail, e-mail), so they can easily scan the information and modify via Adobe Pro or any other image editing tool. Changing the name would be something of a concern, but I'm sure the name would have to match up with the ID#, but that wouldn't stop someone from getting an endorser for someone else who's desperate...it all depends.

    My digital signature is PKI based, DOD, so if ISC2 wanted to verify, they could download the DOD Trusted root info and even individual public keys, which is pretty much available to anyone with need to have. I'm not sure how you'd digitally sign without public key for true integrity checking. The digital signature option is built into the endorsement form, so I'm not creating a signature block on my own. As with digital signing of the PDF, modifications made after the last signature is noted unless the person with that private key revalidates. Endorser signs last, so any modifications after endorser signature would be noticed by ISC2. Scanning of documents is still less than perfect, so scanning a document that's filled out in ink will less likely be caught for changes than a document form filled using the original features built into the PDF. YOu could easily white out or do whatever to somewhat cleanly replace what you want on the form whether you are faxing or scanning for email.

    Endorsement coming from the endorser helps eliminate the question of authenticity. I could come up with a few scenarios of how an endorser could be spoofed, but you'd really have to know them well...member number being one example since I'm sure ISC2 will check infor to ensure good standing.
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    famosbrown wrote: »
    Scanning of documents is still less than perfect, so scanning a document that's filled out in ink will less likely be caught for changes than a document form filled using the original features built into the PDF. YOu could easily white out or do whatever to somewhat cleanly replace what you want on the form whether you are faxing or scanning for email.
    I suppose someone could take the hardcopy, scan it, use a paint program to substitute a different candidate name/number/signature, and then email it to the (ISC)2.

    If I really trust the person I'm endorsing then I'm still inclined to allow then to send their own forms off. I would also expect to receive an "endorsement confirmation" email from the (ISC)2 asking if I truly endorsed the paperwork just submitted, but they don't have that practice.
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    only endorser gets mail or you also gets mail saying endorsement papers received?
  • famosbrownfamosbrown Member Posts: 637
    blackhole wrote: »
    only endorser gets mail or you also gets mail saying endorsement papers received?


    My endorser sent the email and CC'd me using my work email address. My confirmation came to the email address on file with ISC2, which is a personal email address. I do not think my endorser got an email because he didn't know I had to resubmit the endorsement form due to some missing information on the endorsement form. He resubmitted. I'm not sure if I'll receive another email after this one though icon_confused.gif:
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • famosbrownfamosbrown Member Posts: 637
    JDMurray wrote: »
    I suppose someone could take the hardcopy, scan it, use a paint program to substitute a different candidate name/number/signature, and then email it to the (ISC)2.


    Yeah, or they could just tape a blank piece of paper over the ink and do whatever they want. They don't really have to use software to edit. I think the easiest would be to just use whiteout or patch a written section with paper or something.
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • [Deleted User][Deleted User] Member Posts: 0 ■■■□□□□□□□
    The user and all related content has been deleted.
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    I faxed yesterday and still not received confirmation email !! should I worry or wait some more time ? if yes what is reasonable time frame before I call them and make sure that they received fax. anyone .....
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I don't remember receiving a confirmation email that they received my endorsement fax. But I'm sure an email query before close-of-business (EDT) today would be OK.
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    JD - got it finally ....

    FYI ........

    This email confirms that (ISC)² has received your endorsement documentation and placed it in queue to be reviewed. All submissions are reviewed for completeness and for satisfaction of the experience requirements for certification. If additional information is required to complete your endorsement, (ISC)² will contact you at the primary email address located in your candidate profile.

    Please allow (6 weeks) six weeks for your submission to be reviewed and processed.

    Sincerely,
    (ISC)² Programs Department
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Sweet! I'm glad they send those out those receipts. Maybe they're sent in a batch every day and not on an as-submitted basis.
  • famosbrownfamosbrown Member Posts: 637
    JDMurray wrote: »
    Sweet! I'm glad they send those out those receipts. Maybe they're sent in a batch every day and not on an as-submitted basis.


    Yeah, I agree. I'm thinking it's a batch as well. Yesterday, when I was missing something on my endorsement form, the email came from an actual person although below her response was some similar wording. I received another email today (after submitting the corrections yesterday) that was from a generic email account called "Endorsement" with the same wording as the above post.
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • rwmidlrwmidl Member Posts: 807 ■■■■■■□□□□
    famosbrown wrote: »
    Yeah, I agree. I'm thinking it's a batch as well. Yesterday, when I was missing something on my endorsement form, the email came from an actual person although below her response was some similar wording. I received another email today (after submitting the corrections yesterday) that was from a generic email account called "Endorsement" with the same wording as the above post.

    I submitted my paperwork via email on Thursday (e-signature of documents same way as Famosbrown did) and I haven't seen an acknowledgement yet. I'm guessing if I haven't seen an ack by Wednesday should I resubmit?
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I think you should inquire if they received you submission, but not re-submit it unless instructed to do so. A duplicate, unsolicited submission makes more bookkeeping work the the (ISC)2 to sort out.
  • rwmidlrwmidl Member Posts: 807 ■■■■■■□□□□
    JDMurray wrote: »
    I think you should inquire if they received you submission, but not re-submit it unless instructed to do so. A duplicate, unsolicited submission makes more bookkeeping work the the (ISC)2 to sort out.

    JD - I'm guessing give candidate services a call?
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • blackholeblackhole Member Posts: 59 ■■□□□□□□□□
    I wonder why don't they put status on individual profile.
  • rwmidlrwmidl Member Posts: 807 ■■■■■■□□□□
    I called ISC(2) this morning. The person I spoke with didn't have my name on their list of received documents. They said there is one other person who may have it, and they are sending out the "we got your documents" emails today from those that were sent last Thursday. She said if I don't have the email tonight/tomorrow am to resubmit the documents.

    Update: Just got my "we received your documents" email...
    CISSP | CISM | ACSS | ACIS | MCSA:2008 | MCITP:SA | MCSE:Security | MCSA:Security | Security + | MCTS
  • famosbrownfamosbrown Member Posts: 637
    blackhole wrote: »
    I wonder why don't they put status on individual profile.


    Yeah, that would be nice...
    B.S.B.A. (Management Information Systems)
    M.B.A. (Technology Management)
  • mrowtonmrowton Registered Users Posts: 8 ■□□□□□□□□□
    I have sent in my endorsement after I had someone else endorse me. I've also endorsed others and had them send in the form. Its probably a good idea to have the endorser send it in directly, but I don't think there will be any problems either way.

    Mitchell
  • lifecommlifecomm Member Posts: 32 ■■□□□□□□□□
    The guy that endorsed my stuff has endorsed many people, proctored tons of exams and has had his CISSP for 9 years. He sent it in for me. This is what my e-mail said:

    Please have your endorser mail, fax or email these items to...
Sign In or Register to comment.