Some organisations already do this; its worth establishing a process with HR for when a new employee starts to request copies of all their certificates. If they have lied on the CV this could invalidate there employment. However, I do agree that following up with the individual you are considering hiring will speed up the process and prevent having to go back to market....
When you find someone using an (ISC)2 certification service mark (CISSP, ISSAP, ISSEP, ISSMP, CSSLP, etc) please inform (ISC)2. That's an ethics violation, and the (ISC)2 protects the value of members' credentials by ensuring that non-members don't abuse our brand.
It's a mandate of the Code of Ethics Canon 4 to protect the profession, and uncloaking a pretender is one way we can help ensure the value of our membership and distinction of certifications.
Just my $.02.
One thing I am seeing, usually from those entering the infosec field, is not understanding how certifications operate. I see shock and dismay from folks who, usually after getting their Sec+, that they now have to maintain said cert with annual fees and CPEs. Some even said they may not maintain them. Others seem to think that having to pay an annual maintenance fee is some kind of 'scam'. They don't seem to understand that in the work of professional certifications/licensing, that you need to maintain these with ongoing training and fees. I have to do this with my ISC2, ISACA, and GIAC certs, and even with my life insurance license.
Maybe the certifying groups need to do some education of folks to help them better understand this and what they get for their fees.
I recommend you use you (ISC)2 digital badge if asked for membership/certification validation from a legitimate agency. To learn more, take a look at: https://www.isc2.org/Certifications/Digital-Badges
I fully agree with your post on clarifying certificates versus certifications.
As for the recommendation for using the Acclaim badge, do we have any testimonials that any employers are paying attention to the badge?
Note the lack of response to the thread at
I agree that certificate does not equal certification. They are just not the same! I've seen good number of resume that listed out their "certification". When I question them during interview and found out it's just "certificate of completion" either from some training course, boot camp, or online education platform such as edx, the interview usually didn't go well after that. Lying on the resume just isn't the way. It's just a trick to bait HR thinking it's a prospective candidate and pass the initial screening.
As for listing out my credential, I think the acclaim badge on linkedin should suffice for initial screening (since the linkedin link is listed on resume). Or I'd listed out "CISSP since 2018", that means I received CISSP in 2018 and it's still current/active.
Another thing I see on resume, and this is a question for everyone in the community: How do you feel if candidate listed out a certification name and indicate "expected date"? For example, I've seen candidate listed " CISSP - expected December 2018". In my experience, it just means the candidate plan to take exam in December 2018. If the candidate passed the exam, submit endorsement and waiting for confirmation, I'm not sure if they are allowed to put "CISSP - expected..."
As an organization, we do not recommend adding an expected date of obtaining a certification to a resume. We suggest only adding the certification to your resume, social profiles or signature once you have fully obtained the certification (in regards to (ISC)², this means once you have successfully passed the endorsement process). We suggest that instead of this, that you bring it up during the interview process to let HR/the hiring manager know in person that you are studying for the test and expect to take it on a certain date, or that you have provisionally passed and are awaiting your endorsement to be finalized.