topic Re: Making the ISC2 Associate (CISSP) Work For me? in Career Discussions

Making the ISC2 Associate (CISSP) Work For me?

Nejji01 — Tue, 19 Jan 2021 11:26:54 GMT

Alright so I have 3 1/4 years of 4 (I can get the one year waver) for the CISSP. From my understanding, I can't really say that I passed the CISSP exam but I can only use "Associate of ISC2". How can I get that status to work for me when an organization ask for the CISSP? I can get the SSCP but not a lot of organization are looking for that.

Re: Making the ISC2 Associate (CISSP) Work For me?

CraginS — Tue, 19 Jan 2021 14:54:00 GMT

@Nejji01 wrote:
Alright so I have 3 1/4 years of 4 (I can get the one year waver) for the CISSP. From my understanding, I can't really say that I passed the CISSP exam but I can only use "Associate of ISC2". How can I get that status to work for me when an organization ask for the CISSP? I can get the SSCP but not a lot of organization are looking for that.

Neiji,

Congrats on the exam success!

i recommend careful wording that shows your accomplishment but avoids using CISSP or closely related words. Consider something like
"Associate of (ISC)2 with experience in information systems security."

Depending on the context, you might even state, "Certification expected within x months.

You might also include a resume section on Goals that says,

"Goal: achieve informaiton systems security certification by 2022."

[do not mention (ISC)2] in that line]

All the above refers to anything written or published online about yourself.

How you deal with it in conversations such as interviews is much easier, because you can make it clear you are not a CISSP but it is a goal achievable in a short time.

(ISC)2 has caused this mess by

(a) Creating the Associate of (ISC(2 status to indicate passing the CISSP exam without professional experience,

(b) Expanding the Associate status to cover anyone passing any of the certification exams without enough experience for the certification.

(d) Going overboard on "protecting" the CISSP name by forbidding anyone not certified from using the term when referring to themselves in resumes, biographies, etc.

Also you should know that the US Department of Defense revised their 8570 standards some years back to allow Associate of (ISC)2 to count for many positions that call for CISSP or CISM.

Good luck! I Am sure you will do great things.

Craig

Certified in information security 2002-2020 by (ISC)2

Re: Making the ISC2 Associate (CISSP) Work For me?

Emily5102 — Fri, 22 Jan 2021 06:32:27 GMT

I wonder if an employer would consider me if were an Associate of ISC2? Once I had a security job I don't think it would take long to earn full CISSP.fan of the SANS courses, which make you work on hands-on new skills.

Re: Making the ISC2 Associate (CISSP) Work For me?

CraginS — Fri, 22 Jan 2021 13:50:01 GMT

@Emily5102 wrote:
I wonder if an employer would consider me if were an Associate of ISC2? Once I had a security job I don't think it would take long to earn full CISSP.fan of the SANS courses, which make you work on hands-on new skills.

Emily,

We cannot really speculate about the decisions of "an employer." You would have to know the policies and practices off each particular organization. That said, if you like the looks of a job, go ahead and apply, no matter if your current qualifications fall short of the advertised "requirements." Especially in infosec/cybersec, job ads are famous for putting in ridiculously high requirements pushed by HR, when the actual hiring managers will properly vet the applicants against the true job skills needs.

I am also a BIG fan of SANS training. As I have said previously here, for years I have said that CISSP is a management certification, intended to help determine which SANS grads are needed for a given project or program. SANS teaches how to do hands on work; CISSP says you have learned how to organize and assign the work.

Good luck!

Craig