So i'm applying for new jobs, Am I allowed to mentioned on my CV that I am currently studying to pass CISSP? Or this against the ethics rules?
Just an advice on CV.
CV is just a limited "space" ( and time) to describe and draw attention to the recruiter and the hiring manager.
Recruiter and hiring manager will have limited time to scan through your cv and your CV should be concise and precise.
If I am a hiring manager, either I might be interest in your certification (which you have already obtained) or what you have done in your current and previous job/experience. Unless you really have nothing more to add ( even this is the case, still I won't suggest you to put this, it gives me negative impression).
If you are looking for junior role in security, I would suggest you to put more effort to describe your career achievement/aspiration.
If it's a senior role, I would expect to see certification rather than what you are studying.
You are allowed to say you are studying for anything. You just can't claim to possess the CISSP until you actually do. Some employers will ask for your ISC2 id and verify you are still a CISSP in good standing.
As someone who has experience in the hiring role, the statement that you are studying for the CISSP wouldn't be one of those "make or break" or "Oooh! Let's hire this person!" type of statements. If you are looking for a junior role and looking to start in information security, you wouldn't possess the experience needed to be a full fledged CISSP, just an Associate of ISC2. Which is a good start, but doesn't fulfill your desire of being a CISSP. This post isn't designed to make you not study for the CISSP, I just want you to understand some realities. One of the reasons the CISSP is held in higher regard than other certifications is because of the experience requirement. Once you become a CISSP you have proven to have experience in the field, not just the ability to memorize facts and pass a test.
If I were looking to hire you I would be appreciative that you are wanting to improve yourself, just don't assume that the statement "I am studying for the CISSP" to be the thing that gets you hired. If you are hoping that just including the word "CISSP" in some sort or fashion on your resume would help your resume make it past the computer word search screening function and get you to the interview process, let me offer this advice.
I have had some people who figured out the algorithm or key word search or "perfect" question answers of the application used to screen applicants and they made it to the interview stage. It became very obvious during the interview that the person was dishonest and did not have the desired skills and was in over their head. Yes, I have had people lie on their application screening and say they were an expert at server installations, yet were unable to give me a single make and model of a server they had "installed". These candidates never get hired. Even if we admired the ambitious nature of the applicant, the dishonest nature was an immediate turn off so they were ruled out as untrustworthy. This was especially harmful for their career when security clearances were required. And yes, hiring officials do talk and tell stories about their applicants, especially if they are in the same field.
Don't give up your dreams of becoming a CISSP. Study hard and get the experience required, if you don't posses it yet. Then schedule and take the exam. However, don't think like this: "If I can just get in front of the hiring official and tell them of what I am able to do so I will do whatever is necessary, including misrepresenting myself or my qualifications. Then they will hire me." I like ambitious people and hire them, but not if I find out they were dishonest.
To my knowledge, as long as you don't use the CISSP logo & / or claim to be holding the certification until you've actually obtained it, the Code of Ethics doesn't explicitly prohibit stating that you're 'studying for it' in your CV or a similar document.
(Also refer to this document, which provides the rules for utilizing the same.)
All the best obtaining the CISSP certification, which is definitely worth it...
Great feedback and opinions!
@harryc1127 there are study groups for each cert on here if you want to connect with others who are studying: https://community.isc2.org/t5/Study-Groups/ct-p/CertificationStudyGroups