How to Find Your (ISC)2 CISSP Sponsor

Earning your CISSP isn't as simple as passing an exam. In fact, it is quite a process to get to the finish line, but for good reason —  the CISSP separates its holder from the rest of the pack.

To earn the certification, test takers not only need work experience, but endorsed by a sponsor, as well. Below is a rough guide on how to find a sponsor for your CISSP, and why you would need one in the first place.

Why Do You Need a Sponsor for CISSP?

There are a few reasons for this, mainly because the CISSP is a qualification administered by a membership organization — the (ISC)2. Like any professional organization, they want to gain new members to grow and expand upon their mission.

Think about the many professions that require membership and certifications that aren't technology related — such as realtors, dentists, tradespeople, and even barbers. By becoming members, those professionals are able to keep updated with news and new techniques, allowing them to perform more competently as times change and industries evolve. CISSP membership does exactly the same things for security professionals.

Memberships are one thing, but why does the CISSP require its candidates to have a sponsor? Endorsement tells (ISC)2 and that your skills have been verified by other qualified CISSP candidates. This is part of the reason that the CISSP is such a trusted certification.

How Do You Find a Sponsor?

Ideally, you'll have one at work — a team member who will be best suited to vouch for your skills and experience. If you are the only person in your organization attempting to earn the CISSP, then you may have to reach out to your network — or even their network.

If you are still struggling to find somebody to endorse you, then you may have to turn to the online community. There are (ISC)2 resources that can help you get in touch with the right people, so don't give up hope.

No Sponsor? No problem, but prepare to be audited

In some cases, candidates might not be in a position to score a sponsorship from anyone. In these instances, (ISC)2 will endorse you, but prepare to be audited. It sounds scary, but here's a checklist to help you get through the process.

Compile your previous job descriptions. The (ISC)2 will look into your previous experience and may ask for job descriptions. They want these to compare against your resume and job titles. This helps them make a more accurate assessment.

Dump the one-page resume. When job hunting, your resume needs to be a lean, mean job-finding machine, meaning it cuts out the fluff and gets straight to the point. The (ISC)2 auditors will be a bit more thorough though. Don't leave out any of the important job roles and responsibilities that you undertook in previous job roles. All of it helps them in making their final decision.  

Make a detailed list of all the security-related tasks you accomplished at previous jobs. Remember you want to highlight the security aspects of your career. While it's fine to mention some of the daily tasks and job functions that you performed, always try to tie things back to your cybersecurity experience and knowledge.

Have a copy of your degree or cert ready. Keeping important paperwork safe is paramount if you are to stand any chance at getting endorsed. So be sure to take your original documents with you, including your CBT Nuggets certificates of completion.

Contact previous employers. A courtesy call (or email) to an old employer will help speed the process. You should let them know that they might be receiving a call from (ISC)2 regarding your work experience. If it's been a while, calling ahead of time will help to jog your ex-boss' memory. Not that you have anything to hide, but it's better that everyone is on the same page if an auditor calls out of the blue.

Contact previous co-workers. You're about to get your CISSP! Let your old coworkers know, and give them the good news that you are (likely) getting certified. Once you're a CISSP, then you can be a sponsor yourself — and help others avoid the audit.

Conclusion

Getting CISSP certified is not an easy task. The exam is tough, and the certification process is long. After all, there's no way to speed through five (or four) years of full-time work experience. With the right mental attitude, dedication, and resourcefulness, you can get there. Be sure to check in on the CISSP requirements from time to time. You'll want to be aware of any changes to the recertification process. Because that's a whole 'nother story.