Many thanks to the people who took the time to write back, forward my note
to the right people, etc... Below, I have the equivalent of an official
answer:

----------
From: William Hugh Murray
In general, felony convictions are disqualifying for professional
credentials. This is not unique to the CISSP. For the CISSP, we do not
automatically disqualify anyone who has not applied. Applicants are required
to disclose any felony convictions. Most of those who have and disclose such
convictions have mitigating or extenuating circumstances and we have often
considered those favorably if they are not related to information technology.
We have never knowingly certified anyone who has a felony conviction for
computer crime. While we reserve the discretion to consider someone with
years to decades of good behavior after such a conviction, we would not
consider anyone with a recent conviction. This has less to do with the
individual than it does with our responsibility to protect the profession and
the certificate.

William Hugh Murray, CISSP
Chairman, Professional Practices Committee
----------

I'm told that no one is officially turned down before applying, but I
appreciate the up-front answer, and how quickly it was delivered. There
is an application fee, and Bill didn't know off the top of his head if any
of the fee was returned for a denied application. The standard for
schools, other certifications, etc.. is that no, the fee would not be
returned, so I wouldn't expect any difference here.

The quickest way for me to put to bed many of the questions I received
privately is to say that the person who wanted to know is Kevin Mitnick.
Since he cannot pursue his CISSP, he has given me permission to go ahead
and mention his name.

Some of the more interesting questions I got:
"Is he a coward? Why didn't he write himself?"
If you're familiar with his case, you may be aware that he could not send
e-mail himself. He had placed a couple of calls to the ISC2 contact
numbers, and had not received a reply. In addition, if he would have been
permitted to pursue a CISSP cert, he didn't want that information out
until at least after he passed.

"Is he aware that he will have a hard time getting a job in this industry
with a felony, anyway?"
He's aware of the issues, but in his case, they don't apply in quite the
same way. If he is approached for a job, the person asking is already
aware of his record, and has gone through the decision process.

Several people wrote about the questions asked at the top of the
application. Some seemed to hint that getting caught later about it would
be a problem. Kevin had no intention of trying to hide anything, again in
his case it's not really possible. I was vaguely aware that it asked if
the applicant was a felon, but it's not 100% clear that that is an
automatic dismissal (though I could guess as much.) I appreciate being
able to see the wording of the sections about felonies, and also hacking
activities. I'm told that there is also a section about aliases? I for
one wouldn't mind seeing a copy of the application on-line, if that's
possible.

Someone else related a story of an applicant who had some sort of hacker
dealings in his distant past, and who had to write a lengthy explanation.
After some time, they were finally approved. That much is evidence that
the disqualification isn't neccessarily automatic in much less extreme
cases.

His main concern was that he didn't want to pay for the review classes
(which he has the funds allocated for, and was planning to take) if he
would not be able to qualify afterwards. As many of you know, the tests
are not done that frequently in many places, so it's not like he could
walk into the testing center today and ask. Most of what he can study at
present is limited to books, pencil and paper, so he thought getting a
certification might be ideal while he is waiting.

I'm aware of what kind of reaction this may have within this particular
forum. I apologize for past, present, and likely future disruption.
Hopefully, this topic will go into the archives, and will serve as a quick
answer in the future should it come up again with someone else. If you
feel the need to send flames, send them to me off-list. I may even read
him some of the interesting ones.

                                        Ryan

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]