In a recent and very active thread over in Certifications, guarantee my life for cissp, Community members advised a novice in our field to remove the word CISSP from his LinkedIn profile, where he was actually showing completion of courses to study for the CISSP exam, but listing under the Certifications section of the profile, appearing to be claiming he held the CISSP. The advice was well placed, addressing both ethics and copyright aspects of appearing to claim CISSP without actually being certified.
To the original poster's credit, he understood and took the advice, changing his profile accordingly.
This note in the Career area is to point out broader advice on how to keep your LinkedIn profile and resumes as ethically sound and not subject to accusations of false claims.
Consider all forms of professional credentials commonly found on resumes: academic degrees, certifications, certificates (they are not the same), professional society memberships, awards & decorations, etc.
LinkedIn is a particular problem for current academic work and degrees. The form used for degree allows in-progress posting using the two date fields. However, using that form with simply the degree (e.g. MS, MA. PhD, etc.) makes it appear to claim the degree as completed, unless the reader carefully inspects all the details. I have observed a significant number of INFOSEC practitioners on LinkedIn who have made this error. I cannot tell if these errors were inadvertent of intentionally misleading, but in either case, they are a problem. If you want to show meaningful progress toward a degree, do so in an area other than the Degrees area. Also, list only courses successfully completed, not the complete degree plan you have in mind. I have seen that very misleading situation on LinkedIn, also.
Next, never, ever, list degrees "awarded" by diploma mills or any school in the USA not accredited by one of the participating accrediting associations listed at CHEA.org. If you are not familiar with the existence of both diploma mills and their accompanying "accreditation mills" see the articles linked at this CHEA page.
The above advice is particularly important if you are seeking endorsement to (ISC)2 for certification after passing an exam. Most of us who are willing to endorse applicants really do review and confirm the key information on the resume we receive. A coworker in my company I did not know personally once asked me to endorse him for CISSP after passing the exam. His resume listed a degree from a school I had never hear of, one that was not listed in his official HR records. When I asked him for more information on the school he went mysteriously silent. I later confirmed the school as a clear fraudulent diploma mill.
Good luck on your professional development and your job searches and career progress. Keep the ethical standards of (ISC)2 certifications in mind as you progress.
Sage advice. Generally I think it’s sensible to take a less is more approach with linked-in, enough to say ‘I am here and you can find me here...’ rather than putting out a whole biography.
If if we are thinking infosec wise, it’s pretty good info to begin socially engineering the poster or those in their circle - set the privacy controls and be selective and don’t disclose everything to everyone and their dog’s scripts... if you did make a mistake, or a cert went invalid etc a sensible security stance would help in damage containment/limitation.
Thanks Dr. Shelton,
I am in the endorsement process, so I do not claim the CISSP credential.
However, my LinkedIn profile keywords contain "InfoSec (ISC)2". As I have successfully passed the examination, I have also included "Currently preparing for CISSP (ISC)2 certification." I consider these to be statements of fact, as I have been consuming the CBK and have successfully passed the (ISC)2 examination.
Integrity is a vital life blood of the profession, and it is very important to adhere to not merely the letter of the rule but also to the spirit of the rule.
I very much appreciate your posting!
This is good advice for those writing their profiles anywhere, but those reading them should remember there are no quality controls and no profile should be expected to be trustworthy. Take everything you read with a grain of salt or just don't trust it outright.
What I really wanted to reply to was -
Most of us who are willing to endorse applicants really do review and confirm the key information on the resume we receive. A coworker in my company I did not know personally ...
You really shouldn't be endorsing anyone you do not know and trust. ISC2 has an option to do the employment and education check for you if you do not know a CISSP personally. The endorsement process is a shortcut to that.
Very good point ... " You really shouldn't be endorsing anyone you do not know and trust." Thankfully, I know and have worked with several CISSP credential holders.
Due diligence and due care are very important in the endorsement process.
Even though I know and trust the person I endorsed, I verified every part of his body of work submitted. I wanted to make sure they could hang their hat on every word submitted.