I recently had someone contact me claiming he needed to validate my CISSP certification for a client of mine via the (ISC)² verification page. Apparently, this validation was needed for an audit he was doing. He said the Credly badge (ISC)² offers that I have on my website was not good enough without him having to perform a “risk assessment” on that company. 🙄
I wasn’t comfortable giving out my CISSP number to someone who blindly contacted me – especially when I had no simple way of vetting him. The guy was being a bit of a jerk about the situation but I wanted to help out my client. Still, I wasn’t sure what to do. There’s not much online about this particular topic so I reached out to (ISC)² to get their take on it. Four days later, I heard back from them with the following:
I am afraid we cannot answer your questions whether it is safe for you to share your member ID, this is the decision you have to make yourself, most members share their member ID with potential/current employers, universities etc. as without it they will not be able to verify memberships when using the online verification tool. This would be the only use of member ID officially. There might be occasions when a person (if they are not potential employer/employment agency) might want to use your member ID for their own gain, e.g. to use it to say this is their member ID instead, and this is the reason why you need to access the risk before giving your member ID to anyone.
Perhaps I was being too paranoid…I just wasn’t sure how giving out my CISSP number could potentially be used against me and wanted to do the right thing.
I’m posting this in hopes that it will save you some unnecessary hassle trying to perform an Internet search or from having to reach out to and wait on an answer from (ISC)².
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”