LyryþMay 9, 2024

Open question to hiring managers and recruiters putting a CISSP requirement on a 0-4 YoE position:

Are you willing to accept candidates who passed the exam but don't have the experience yet (and as such will appear as an "associate of ISC2" when you go to verify them)? If so, how do you plan to verify that they passed the CISSP, rather than a different ISC2 certification? If not, what's the reason requiring a cert that requires 5 years of infosec experience on a position asking for less?

If you're not a recruiter, please keep it civil in the comments. I'm genuinely curious about the methodology here, not trying to attack a practice.

Show threadXavier Ashe May 9, 2024
@lyrptr I never put certs under requirements. For me, it's always a nice-to-have.
Show threadLyryþMay 9, 2024
@Xavier I appreciate that! Honestly despite holding 4 certs myself I feel that's the way it should be. Certs are only one way to demonstrate knowledge.
Show threadXavier Ashe 
@lyrptr exactly. And I've seen plenty of "cert-mart" folks that can tell me all the command line parameters of tcpdump, but didn't know how DNS worked.
May 9, 2024 at 7:51pmWeb