Re: CISSP Endorsement request

[David Gillett <gillettdavid () FHDA EDU>]

  Unless the rules have changed recently without my noticing, there are a couple of choices for endorser besides "a 
CISSP in good standing".  I did know several such personages at the time through our local ISSA chapter (which 
organized a helpful series of prep/study evenings for CISSP candidates), but I actually used the endorsement of our CIO 
because he was far more familiar with me and my recent work in the field than any of my ISSA contacts.

David Gillett, CISSP CCNP

________________________________________
From: Wayne S. Martin [MartinW () BRCC EDU]
Sent: Tuesday, July 17, 2012 9:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CISSP Endorsement request

Keith,

Your test experience mirrors mine. I was a System Admin who wanted to advance my career. I remember my struggle to find 
a CISSP in good standing for a recommendation. I second your conclusions.

-wm

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Schoenefeld, Keith P.
Sent: Tuesday, July 17, 2012 12:17 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CISSP Endorsement request

Tarun,

Given this response, I would avoid contacting anyone at Northwestern for an endorsement.

Roger,

Seriously, relax your natural curmudgeonly attitude a bit and put yourself in a new CISSP's shoes.  This is often a 
person who is relatively new in a dedicated security role and/or is entering or trying to set himself/herself up for 
advancement.  Before you get upset about the 'new in a dedicated security role', let's be honest: A good and 
experienced systems administrator that's trying to break in to security meets the experience requirements for a CISSP, 
or did last time I evaluated the CBKs.  Either way, such an individual is using the CISSP to affirm his knowledge or 
communicate to others that he has a base of knowledge that is consistent with security professionals.  Here was my 
rollercoaster ride after the CISSP test.

- I left the test feeling fried.  I'd taken all of the practice tests I could find.  I was scoring > 90% on all of the 
CBKs and completing full length sample tests in less than an hour.  The test itself took me almost 2 hours, as I 
recall, and I was totally drained at the end.  I had zero confidence that I passed.
- I waited for some number of weeks (don't recall how many) wondering whether I'd passed or not, stressing about 
whether I'd wasted my employer's money and whether I'd have to pay for a retest -- because I was going to pass the test.
- I finally received an email message informing me of the results.  The first sentence in the body of that message was 
"Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security 
Professional (CISSP®) examination - the first step in becoming certified as a CISSP."  I went from "YES!" to "Well 
crap!" in one sentence... what a downer.
- I reviewed the information in the remainder of the email, including the referenced link [1] that states:

"A candidate receiving a pass letter informing the candidate that he or she has passed the certification examination 
will also receive a blank endorsement form. The form must be completed and signed by an (ISC)² certified professional. 
The (ISC)² certified professional is anyone who:

1) Is able to attest to the candidate's professional experience
2) Is an active (ISC)2 credential holder in good standing."

Given the endorsement process of contacting each supervisor, etc. it's easy for an endorser to perform step 1 without 
any personal relationship.  The remainder of the endorsement form asks personal questions that inform professional 
character, but they are not covered by requirements 1) and 2) as indicated on the website.

The fact is that the instructions from ISC2 are vague, and I won't hold it against anyone if they stumble through that 
process as I did.  I certainly wouldn't call them out via an email to a list of their colleagues and peers -- I reserve 
that for seasoned professionals that claim to have made a carefully measured decision to be a jerk.

-- KS

[1] - https://www.isc2.org/endorsement.aspx

Keith Schoenefeld
Information Security Analyst
Baylor University
254-710-6667

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A 
Safian
Sent: Tuesday, July 17, 2012 10:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CISSP Endorsement request

I was very tempted to forward this message to ISC2 so they might consider this when they decide if they are going to 
grant you the CISSP.  I chose not to, but, I encourage you to carefully review the documents associated with the 
certificate.  It's not just a pass the test, and hang out your shingle.  I sincerely hope your casual attitude is not 
typical of the way you operate.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tarun 
Trivedi
Sent: Monday, July 16, 2012 10:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] CISSP Endorsement request

Hello,

I recently passed the CISSP exam, I would appreciate a reply from current CISSP certificate holder who is in good 
standing with (ISC)2 and willing to be my endorser. Once/If I hear from you I will send required documentation directly 
to you.

Thank you in advance for your time and consideration,




Tarun Trivedi

IT Security Engineer
Waubonsee Community College
Route 47 at Waubonsee Drive
Sugar Grove, IL 60554
Ph#630-466-5744
e-mail: ttrivedi () waubonsee edu
web site: www.waubonsee.edu

CONFIDENTIALITY NOTE: This message, including any attachment(s), is intended only for the use of the individual or 
entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure 
under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible 
for delivery of the message to the intended recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is prohibited. If you have received this message in error, please notify the Technical 
Assistance Center immediately by telephone at 630-466-4357 and then delete the message from your system. Thank you.