This week I completed my first endorsement of a CISSP candidate and have a few observations.

If you are mentoring the candidate, I would recommend the following to save the candidate time in gathering the documentation. This allows the candidate a faster turnaround to get their endorsement to (ISC)2. It took my candidate four days to gather the needed data.

(In contrast, when I was endorsed, it took me over 20 working days to gather the data needed data. But I went back 22 years in my body of work from two companies and four supervisors. Yea, I know it was much more than needed.)

1. Before the candidate takes the test, have them contact any previous employer that they will use for the endorsement process and request a letter showing the period of time they worked at the company and the position(s) held. They will need to upload a PDF of this letter as part of the endorsement process.

2. For their current employer, they can contact Human Resources to request the same type of letter showing their position(s), start date and that they are currently employed by the company. They will need to upload a PDF of this letter as part of the endorsement process.

3. (Optional for those with over five years experience in two or more Domains) Proper documentation of a four-year college degree, regional equivalent, an advanced degree in information security or just one of the many certifications listed on the following web page link can reduce the five-year experience requirement to four years. Prerequisite Pathway for CISSP. They will need to upload a PDF of the diploma or certificate as needed.

4. The candidate should also make contact with all current and former supervisors that will be used to attest the candidate's body of work while they were employed with the former and current companies. Gather current and former supervisors email addresses and phone numbers to make it easy for the endorser to later validate the data. The candidate should let the current and former supervisors know that the person endorsing them will reach out to validate their body of work as it relates to the appropriate CBK Domains.

5. The candidate needs to have one narrative to show their body of work (related to the appropriate CBK Domains) for each supervisor to attest. This narrative must be under 2499 characters long and not contain a semicolon or an apostrophe. One wants to be thorough and complete when making these narratives but they must fit in the form provided.

When the candidate has all of the data, they can upload it to the link provided in the email from (ISC)2 that told the candidate they passed the test.

The person endorsing the candidate has the same length and character limitations.

To my friends at (ISC)2, please consider doubling the length limit to 5000 characters and using a Web Application Firewall WAF instead of blocking common SQL injection characters? https://www.owasp.org/index.php/Web_Application_Firewall

I hope this note will help future candidates and endorsers organize tasks and build a checklist to streamline their process to minimize rework and dwell time.

These steps should help cut down on the front end time needed to gather the data and get the endorsement process complete so (ISC)2 can do their work.

(ISC)2 takes up to six weeks to finish their work for the endorsement process. Yep, 42 days and I waited for 41 days. Then I had to wait 11 more days to earn my first CPE when the cycle started. This is an observation, not a criticism. I for one do not mind waiting to ensure that every candidate is held to the same high standards by (ISC)2.

Paul

P.S. While waiting for the endorsement process at (ISC)2, I recommend that the candidate listen to some music like "Tom Petty's - The Waiting" or the Beatles "Long and Winding Road"