Kevin Beaver's Security Blog

Is it safe to give out your CISSP number?

I recently had someone contact me claiming he needed to validate my CISSP certification for a client of mine via the (ISC)² verification page. Apparently, this validation was needed for an audit he was doing. He said the Credly badge (ISC)² offers that I have on my website was not good enough without him having to perform a “risk assessment” on that company. 🙄

I wasn’t comfortable giving out my CISSP number to someone who blindly contacted me – especially when I had no simple way of vetting him. The guy was being a bit of a jerk about the situation but I wanted to help out my client. Still, I wasn’t sure what to do. There’s not much online about this particular topic so I reached out to (ISC)² to get their take on it. Four days later, I heard back from them with the following:

I am afraid we cannot answer your questions whether it is safe for you to share your member ID, this is the decision you have to make yourself, most members share their member ID with potential/current employers, universities etc. as without it they will not be able to verify memberships when using the online verification tool. This would be the only use of member ID officially. There might be occasions when a person (if they are not potential employer/employment agency) might want to use your member ID for their own gain, e.g. to use it to say this is their member ID instead, and this is the reason why you need to access the risk before giving your member ID to anyone.

Perhaps I was being too paranoid…I just wasn’t sure how giving out my CISSP number could potentially be used against me and wanted to do the right thing.

I’m posting this in hopes that it will save you some unnecessary hassle trying to perform an Internet search or from having to reach out to and wait on an answer from (ISC)².

Cheers!