Blog: Security certifications
My team managers asked me what to look for in a security specialist CV. The quick and direct answer they got from me was: ‘A valid CISSP certification or possibly a CISA’.
[23. maj 2016] As you can imagine they looked like living question marks so I had to explain it a bit more. A CISSP certification is a very strong certification in the security market. It shows that you both have five years of full-time experience, and that you have the skills to manage to answer a very tough set of questions. Same goes for CISA.
Another thing that’s important is that it is very easy to verify that the certification is valid. By entering the candidates full name and certification number https://webportal.isc2.org/custom/certificationverification.aspx">here</a you get a quick reply on the candidate’s current certification status. As you hopefully are aware of a CISSP is only valid for three years, after that you need to either do the test again or show that you have spent enough time either giving back to the community or educated yourself. Many do take the certification but fails to do the work needed to keep it. Hence a verification should always be made.
If a candidate fails to give you their Certification number, you could bet he has lost their CISSP.
It is always possible to cram a certification so a newly acquired CISSP or CISA would need to have the candidate both explain the assignments that the certification is based on and, more importantly, who endorsed the certification. Someone has to endorse that the candidate has the required knowledge and experience. A CISSP could lose the certification if endorsing an unskilled candidate meaning that there is a self-pruning mechanism. So if it´s the candidates’ manager that endorsed the CISSP make sure to really verify the claims in the CV.