Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Defender I

Listing Credentials on LinkedIn & Resumes

In a recent and very active thread over in Certifications, guarantee my life for cissp, Community members advised a novice in our field to remove the word CISSP from his LinkedIn profile, where he was actually showing completion of courses to study for the CISSP exam, but listing under the Certifications section of the profile, appearing to be claiming he held the CISSP. The advice was well placed, addressing both ethics and copyright aspects of appearing to claim CISSP without actually being certified.


To the original poster's credit, he understood and took the advice, changing his profile accordingly.


This note in the Career area is to point out broader advice on how to keep your LinkedIn profile and resumes as ethically sound and not subject to accusations of false claims.


Consider all forms of professional credentials commonly found on resumes: academic degrees, certifications, certificates (they are not the same), professional society memberships, awards & decorations, etc.


  • In every case, be sure the way you present your information does not give the impression of a claim you cannot support.
  • As in the above example, don't list a course you took such that it appears you are claiming a degree or credential you have not actually attained.  
  • Don't list courses you are planning to take but have not yet completed.
  • Don't list a degree you are currently pursuing such that it appears you are claiming (to a rapid reader) you actually have that degree. 

LinkedIn is a particular problem for current academic work and degrees. The form used for degree allows in-progress posting using the two date fields. However, using that form with simply the degree (e.g. MS, MA. PhD, etc.) makes it appear to claim the degree as completed, unless the reader carefully inspects all the details. I have observed a significant number of INFOSEC practitioners on LinkedIn who have made this error. I cannot tell if these errors were inadvertent of intentionally misleading, but in either case, they are a problem. If you want to show meaningful progress toward a degree, do so in an area other than the Degrees area. Also, list only courses successfully completed, not the complete degree plan you have in mind. I have seen that very misleading situation on LinkedIn, also. 


Next, never, ever, list degrees "awarded" by diploma mills or any school in the USA not accredited by one of the participating accrediting associations listed at If you are not familiar with the existence of both diploma mills and their accompanying "accreditation mills" see the articles linked at this CHEA page.


The above advice is particularly important if you are seeking endorsement to (ISC)2 for certification after passing an exam. Most of us who are willing to endorse applicants really do review and confirm the key information on the resume we receive. A coworker in my company I did not know personally once asked me to endorse him for CISSP after passing the exam. His resume listed a degree from a school I had never hear of, one that was not listed in his official HR records. When I asked him for more information on the school he went mysteriously silent. I later confirmed the school as a clear fraudulent diploma mill. 


Good luck on your professional development and your job searches and career progress. Keep the ethical standards of (ISC)2 certifications in mind as you progress.





D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts
27 Replies
Community Champion

Sage advice. Generally I think it’s sensible to take a less is more approach with linked-in, enough to say ‘I am here and you can find me here...’ rather than putting out a whole biography.


If if we are thinking infosec wise, it’s pretty good info to begin socially engineering the poster or those in their circle - set the privacy controls and be selective and don’t disclose everything to everyone and their dog’s scripts... if you did make a mistake, or a cert went invalid etc a sensible security stance would help in damage containment/limitation.

Newcomer II

Great advice. With LinkedIn and resumes like I would only list an item (degree, certification, honors, etc...) once the item has been completed and awarded. That is the simplest (and in my opinion best) way to stay on the right side of the ethical line.
Community Champion

Thanks Dr. Shelton,


I am in the endorsement process, so I do not claim the CISSP credential.


However, my LinkedIn profile keywords contain "InfoSec (ISC)2". As I have successfully passed the examination, I have also included "Currently preparing for CISSP (ISC)2 certification." I consider these to be statements of fact, as I have been consuming the CBK and have successfully passed the (ISC)2 examination.


Integrity is a vital life blood of the profession, and it is very important to adhere to not merely the letter of the rule but also to the spirit of the rule.


I very much appreciate your posting!

Viewer II

This is good advice for those writing their profiles anywhere, but those reading them should remember there are no quality controls and no profile should be expected to be trustworthy. Take everything you read with a grain of salt or just don't trust it outright.


What I really wanted to reply to was -


Most of us who are willing to endorse applicants really do review and confirm the key information on the resume we receive. A coworker in my company I did not know personally ...

 You really shouldn't be endorsing anyone you do not know and trust. ISC2 has an option to do the employment and education check for you if you do not know a CISSP personally. The endorsement process is a shortcut to that.


Community Champion

Very good point ... " You really shouldn't be endorsing anyone you do not know and trust." Thankfully, I know and have worked with several CISSP credential holders.


Due diligence and due care are very important in the endorsement process.

Community Champion

Even though I know and trust the person I endorsed, I verified every part of his body of work submitted.  I wanted to make sure they could hang their hat on every word submitted.



Newcomer II

A number of years ago when the LinkedIn breach happened, a number of Information Security practitioners were negative affected by it. I tend to be very careful with what I post on those type of boards and only list the certifications for which a digital badge has been awarded.

As privacy has taken a diminishing role within the social media realm, I believe that less is more, unless you are in marketing and sales where the need for hype is required. Even then, don't believe everything you read. Trust but verify.

Newcomer II

There is little that moves a candidate to the discard pile faster than claiming degrees or certifications that have not yet been earned. I've also reviewed resumes and linkedin profiles that have a (Q) or (Qualified) after a certification name... I'm still not sure what that means but I assume the candidate hasn't earned the the cert, otherwise they wouldn't have added the qualification 'Qualified'. 

Stating that you are studying for or planning a certification indicates a desired future direction but I don't give it any weight in a resume review. 

Sometimes honest errors happen... I remember submitting my resume to ISC2 as part of my endorsement package with a line stating  'passed the CISSP exam - awaiting ISC2 review and adjudication'. Weeks later I was contacted by ISC2 and was informed that I needed to remove that line from my resume. I removed the text and resubmitted it. I received the award email later that same day. ISC2 is very strict when it comes to the use of the designation. 

At the end of the day, most certifications earned demonstrate that you have drive, you studied hard, and can begin having an informed conversation related to a given set of domains. They do not convey expertise. Stay humble, hungry, and keep learning. In this field, we're all on a steep learning curve. Manage your work-life balance but add personal learning goals to your schedule. Mentor someone. Support diversity and inclusion in your work environment.

Best, Mark
Newcomer I

I agree your examples are indeed factual if placed correctly within LI profiles. I agree spirit of the rule is important but keep in mind that geographic and cultural differences aids confusion.  The problem listing courses or preparation statements is that certifications are the yardstick by which IT knowledge, skills, and abilities are assessed. 


By no means am I inferring this to be your case, but simply attending a class does not necessarily equate to knowledge or skills gained. Having taken both courses and teaching them, I can attest to many simply going through the motions and not retaining anything. Then again, preparing for and passing the exam does not by itself mean a candidate meets any established criteria for certification such as experience.


As some have already stated, delaying a profile modification until the activity (degree, certification, etc.) is complete and verifiable is the always the safest bet. The reality is that those folks actively running keyword searches (especially on LI) are often trying to fill positions which could help or hurt you should you be actively seeking opportunities. 



Jon Brandt