Re: CISSP Endorsement request

[David Pirolo <webmaster () WARNERPACIFIC EDU>]

I'm with you on this one Keith.  It's disappointing to see that his peer
group in the educational field can be so brash towards a new candidate.
Whereas I don't at all agree in the methodology that was chosen to
request endorsement, I'd at least expect a level of civility to guide
him to the proper channels.

Tarun, congratulations on your first step.  As Roger states, you're
going to need to build credibility in the community.  I'd suggest
finding a local security group where you can get to know some of them
personally and professionally.

David Pirolo
Warner Pacific College

On Tue, 2012-07-17 at 16:16 +0000, Schoenefeld, Keith P. wrote:
> Tarun,
>
> Given this response, I would avoid contacting anyone at Northwestern for an endorsement.
>
> Roger,
>
> Seriously, relax your natural curmudgeonly attitude a bit and put yourself in a new CISSP's shoes.  This is often a 
> person who is relatively new in a dedicated security role and/or is entering or trying to set himself/herself up for 
> advancement.  Before you get upset about the 'new in a dedicated security role', let's be honest: A good and 
> experienced systems administrator that's trying to break in to security meets the experience requirements for a 
> CISSP, or did last time I evaluated the CBKs.  Either way, such an individual is using the CISSP to affirm his 
> knowledge or communicate to others that he has a base of knowledge that is consistent with security professionals.  
> Here was my rollercoaster ride after the CISSP test.
>
> - I left the test feeling fried.  I'd taken all of the practice tests I could find.  I was scoring > 90% on all of 
> the CBKs and completing full length sample tests in less than an hour.  The test itself took me almost 2 hours, as I 
> recall, and I was totally drained at the end.  I had zero confidence that I passed.
> - I waited for some number of weeks (don't recall how many) wondering whether I'd passed or not, stressing about 
> whether I'd wasted my employer's money and whether I'd have to pay for a retest -- because I was going to pass the 
> test.
> - I finally received an email message informing me of the results.  The first sentence in the body of that message 
> was "Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security 
> Professional (CISSP®) examination - the first step in becoming certified as a CISSP."  I went from "YES!" to "Well 
> crap!" in one sentence... what a downer.
> - I reviewed the information in the remainder of the email, including the referenced link [1] that states:
>
> "A candidate receiving a pass letter informing the candidate that he or she has passed the certification examination 
> will also receive a blank endorsement form. The form must be completed and signed by an (ISC)² certified 
> professional. The (ISC)² certified professional is anyone who:
>
> 1) Is able to attest to the candidate's professional experience
> 2) Is an active (ISC)2 credential holder in good standing."
>
> Given the endorsement process of contacting each supervisor, etc. it's easy for an endorser to perform step 1 without 
> any personal relationship.  The remainder of the endorsement form asks personal questions that inform professional 
> character, but they are not covered by requirements 1) and 2) as indicated on the website.
>
> The fact is that the instructions from ISC2 are vague, and I won't hold it against anyone if they stumble through 
> that process as I did.  I certainly wouldn't call them out via an email to a list of their colleagues and peers -- I 
> reserve that for seasoned professionals that claim to have made a carefully measured decision to be a jerk.
>
> -- KS
>
> [1] - https://www.isc2.org/endorsement.aspx
>
> Keith Schoenefeld
> Information Security Analyst
> Baylor University
> 254-710-6667