This note is to encourage all members of (ISC)2 to understand the nature of Associate status and give advice on how to avoid potentially misleading use of the term, especially in resumes, LinkedIn profiles, and communications with human resources staff.
Summary:
1. Associate of (ISC)2 is not a certification; it is a category of (ISC)2 membership for individuals seeking their first certification from the Consortium by passing one of the exams but still working toward the professional experience requirement.
2. There is no such thing as an “Associate CISSP’ or “Associate of CISSP” (or any other certification).
3. Imprecise use of the terminology by an Associate may be interpreted as an apparent claim to a certification not yet received, a violation of the Code of Ethics, resulting in the Associate being barred from certification.
Information here is based on
An Associate of (ISC)2 is a member of (ISC)2 who has passed any one of six certification exams (CISSP, SSCP, CCSP, CAP, CSLLP, or HCISPP) and paid dues to join the organization, but not yet accumulated sufficient work experience to seek endorsement to (ISC)2 for certification.
Certification applicants who already have the required professional experience before taking one of the exams do not pass through Associate status. They move straight into the endorsement process, and become members upon receiving their first certification from (ISC)2.
There is no such thing as “Associate CISSP,” or “Associate CSLLP,” or “Associate of CISSP.” All Associates of (ISC)2 have the same membership status. However, the (ISC)2 staff does keep records to identify which certification each Associate is working towards by having passed a specific exam. Thus, you may see references to an Associate of (ISC)2 leading to CISSP, or similar language.
Using language in a resume, profile, or biography that includes the name of a certification in a manner that could lead a non-member of (ISC)2 to infer you hold that certification may be a violation of the second canon of the Code of Ethics, “Act honorably, honestly, justly, responsibly, and legally.” Should a formal complaint to the Ethics Committee on such usage result in a finding of violation, the Associate may be barred for life from ever being certified by (ISC)2.
TIdbits from History
When founded, the International Information Systems Security Certification Consortium - (ISC)2 - had only about a half a dozen members: professional organizations who banded together to have one broadly accepted certification instead of each operating their own.
The organizations were the following: “the Canadian Information Processing Society, the Computer Security Institute, the Data Processing Management Association (two special interest groups), Idaho State University, the Information Systems Security Association, and the International Federation for Information Processing.” (https://www.isc2.org/About)
There were no individual memberships; the organizations were the members, not those certified by the Consortium.
Some years later the ISC)2 Board moved to convert the Consortium into its own professional organization, separate from the founding groups, with all certified CISSPs and SSCPs as members. At that time there were no other certifications managed by (ISC)2.
In the early 2000’s another professional organization, ISACA, created a new certification to work along with their longstanding Certified Information Systems Auditor (CISA) certification, the CIS Manager (CISM). The CISA is for line-level auditors. The CISM was designed for managers overseeing the work of CISAs. While there was no apparent intent by ISACA to poach on (ISC)2 territory, it was apparent that the qualifications for CISM were very close to those for CISSP. In fact, during the first year many CISSPs could attain CISM by a grandfathering process, without taking an exam. Reacting to the CISM, (ISC)2 created a new membership status of Associate of (ISC)2, which required passing the CISSP (not SSCP) exam, but not requiring any professional experience in the field. At the same time, eligibility to take the CISSP exam was changed removing the work experience requirement. The idea at the time was to capture young security professionals into the (ISC)2 CISSP pipeline before they had five years experience, ready to choose between CISSP, CISM, or both.
In the years since, (ISC)2 has introduced several additional certifications, now a total of six. The Board further broadened the concept of an Associate of (ISC)2 as a member pursuing a “Path to Certification” for a first certification from (ISC)2 any one of the six certifications. The name of the member status has remained the same as originally established, but now has a broader meaning to support all the available certifications. Nonetheless, posts in the Community of (ISC)2 forums by (ISC)2 staff make it apparent that the staff now maintains records to link each Associate with the certification being sought.
[https://cragins.blogspot.com/2018/08/understanding-associate-of-isc2-status.html[
Hi Slee047,
It would not be in appropriate to list the SSCP if you are still an Associate of (ISC)2. You can list the Associate of (ISC)2 designation and refer them to your digital badge that will validate the exam and date that you passed the exam.
Here's the URL to the webpage were you can claim you digital badge that will make it very easy for potential employers to validate you status:
https://www.isc2.org/Certifications/Digital-Badges
If an employer wants to learn about the Associate of (ISC)2 program, they can learn more at:
https://www.isc2.org/Certifications/Associate
Regards,
David Shearer
| CEO | www.isc2.org | dshearer@isc2.org |
The history was very interesting
And 'associate' status can be confusing for recruiters
For instance in the world of VMware, 'VCA' exists as an entry level qualification. The acronym of which expands to VMware Certified Associate...
Hi Hydorah,
I completely understand. We're trying to raise awareness of our Associate Program with recruiters and the market place.
Cheers,
David Shearer
| CEO | dshearer@isc2.org | www.isc2.org | iamcybersafe.org |
How do I apply for the ISC2 associate status after the exam? Is that a possibility? Had I known it would take 8+ weeks to get my certification adjudicated, I would have applied with my exam. As I have the experience necessary for full certification, I didn't think ISC2 Associate status was relevant. As it stands, I don't know what I can permissibly tell a potential employer.
Melleive Marce
@Melleive Thank you for reaching out to us. Here is my response to your question on a different thread on how to create the Associate of (ISC)² status. Once you create the status in your profile, you may list that you are an Associate of (ISC)² on your email signatures, resume, social media, etc... The endorsement process can take up to six (6) weeks for review. Once your endorsement has passed, your Associate status will be removed and you will gain the full CISSP certification.
If you have any questions, please don't hesitate to reach out to me directly at any time.
Best Regards,
Amanda Vance
avance@isc2.org
@Melleive wrote:How do I apply for the ISC2 associate status after the exam? Is that a possibility? Had I known it would take 8+ weeks to get my certification adjudicated, I would have applied with my exam. As I have the experience necessary for full certification, I didn't think ISC2 Associate status was relevant. As it stands, I don't know what I can permissibly tell a potential employer.
Melleive Marce
@Melleive, if you've met the CISSP requirements, given the fact that the endorsement will take just a bit longer than the awarding of an Associate of (ISC)2 status, I don't suppose the latter will do much good --- unless you've got to meet a potential employer urgently.
If that is the case, you could well explain to them that you've cleared the exam --- providing your report to validate this --- and that it's just pending endorsement. I can't say what is permissible / ethically correct if putting the status onto a CV / online form is a requirement, though...
I read this before I passed the SSCP exam recently and added Associate of (ISC)2 to my resume. When I got the email from ISC2 on passing the exam it had my name and address which im not putting as reads below:
Eloy Vasquez, Associate SSCP
So is that a viloation of their own rules or am i missing something?
The premise the original post in this thread is based on might well have been correct in the past, but has subsequently been proven to be incorrect by current, official interpretations of the guidelines and regulations.
Please read the following thread for details on the current, official interpretation:
https://community.isc2.org/t5/Certifications/SSCP-combining-with-associate-of-ISC2/td-p/19728
In summary, in the thread linked above, one of the admins of this site has stated you are only able to write that you are an Associate of ISC2 on a CV / resume, but are able to explain what that means if asked. i.e. able to state you are working towards, in your own case, SSCP.
The key word in the statement above is "you". To that effect, the guidelines and regulations only state what "you" are allowed / not allowed to do.
It doesn't say anywhere what ISC2 are allowed to say or do.
Thank you, CraginS for you very detail explanations. If you let me I want to take advance of this topic to settle couple sub-questions:
Once any person passed the CISSP or SSCP and hold status member of Associate, how long ISC2 wait for him/her for 5 years / 1 years (depending if CISSP or SSCP) to certify his/her cumulative professional experience in order to be a proper certification?
And, related SSCP cert path, what other alternatives do I have if the company which I work for, does not allow to work in related field, so I will not able to have needed experience to get certification?
Best Regards,
Many thanks in advance.