The CISSP certification is automatically renewed after three years as long as you have stay on top of the minimum Continuing Professional Education (CPE) credits and Annual Maintenance Fee (AMF). CPE’s are divided into two groups. Group A CPE’s cover “Direct Information Systems Security Activities” and align with one of the 10 Common Body of Knowledge (CBK) domains, while group B CPE’s cover “Professional Skills Activities.” ISC2 provides the following ideas for getting CPE’s.
- Attending educational courses or seminars
- Attending security conferences
- Being a member of an association chapter and attending meetings
- Serving on the board for a professional security organization
- Volunteering for a government, public sector and other charitable organizations, including (ISC)2 volunteer committees
- Completing higher academic courses
- Providing security training
- Publishing security articles or books
- Participating in self-study courses, computer-based training or Web casts
- Reading an information security book or subscribing to an information security magazine
1. Get a Degree
I know… college isn’t free. But I wanted to include it because getting CPE’s is just a free benefit of getting a degree that are were already pursuing. Going to College will quickly get you all the CPE’s you need. My school recommends full time students put in 36 hours per week. This includes study, reading, and class work. I don’t spend that much time on schoolwork so usually log 25 CPE’s per week. The best part of this is that you can take an information security related class for class A CPE, or another type of class for group B CPE’s.
2. Watch Videos at The Academy Pro
Videos at The Academy Pro are free as long as you register. The only problem I see with this site is that there isn’t a good way to store proof that you watched the videos in case your CPE’s get audited. There is a screen that shows you a list of “watched videos.” I would suggest you take screen shots of this page when you watch new videos. Also, some of the videos are very short and not worth an entire CPE. I would use common sense when recording the number of CPE’s here.
3. Watch a SANS Webcast
The webcast are free as long as you register for a SANS Portal account. You can view live or archived webcasts. You can also easily view your attendance history, and save a handy little certificate that shows the title, date, and number of CPE’s the webcast is worth. Update, while SANS no longer provides certificates, they still qualify as CPE’s.
4. Listen to Cyberspeak Podcasts
Interesting podcast that you can listen to even when you need a break from serious study. They don’t retain a record of which podcast you listen to, so make sure to take a screen shot of the description. Most of the podcasts will count as 1 CPE.
5. Listen to Manager Tools Podcast
The Manager Tools Podcast offers advice on management and career that you can listen to and get CPE’s for. Aside from CPEs the site also has great book reviews and forums. Its free and doesn’t require registration. A one hour show for 1 CPE each episode. They don’t track what podcast you have listened to, so make sure to grab a screen shot in case you get audited.
6. Speaking of Podcasts
Check out GetMon.com, Podcasts for IT Security Professionals. GetMon maintains up to date lists of lots of different security podcasts, current and archives. They even posted a nice reminder that “If you are a CISSP, remember to keep a log of the podcasts you listen to so you can earn a few CPEs”. Make sure you keep track of the podcasts in case you get audited.
7. Work for the Federal Government?
Software Engineering Institute’s Virtual Training Environment (VTE) has a ton of free online training programs (including one for the CISSP). Access is free as long as you meet their eligibility requirements. Generally, this means a .gov or .mil email address. I can’t say enough about the VTE. Its easy to navigate, includes videos, tests, slides, and labs. It tracks your courses and certificates of completion.
8. Try DHS/FEMA State Cybersecurity Training
I don’t have an account here, but I’ve heard great things about this training. Their description says, “The Adaptive Cyber-Security Training Online (ACT-Online) courses are now available on the TEEX Domestic Preparedness Campus. This DHS/FEMA Certified Cyber-Security Training is designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.The 10 courses are offered through three discipline-specific tracks targeting everyday non-technical computer users, technical IT professionals, and business managers and professionals.These courses are offered at no cost and students earn a DHS/FEMA Certificate of completion along with Continuing Education Units (CEU) at the completion of each course. ”
9. Browse Security Now Videos and Podcasts
I stumbled across this site while researching this post. I’ve glad I found it. 297 episodes and growing, very high quality audio and video. Free and without registration. Some sample topics include, SSL And Epsilon Breaches, Stuxnet, and hacking Bluetooth. Their description says, “Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Winner of the 2009 and 2007 people’s choice award for best Technology/Science podcast.”
10. Last But Not Least, Volunteer
If you’ve read this far, it’s because you have one of the most sought after certifications in the security industry. There may be more left for you to accomplish in life, but you are already more successful than many. At this point in your life, take some time to share your success with others.
Call your local police, schools and non-profits and ask about volunteer opportunities to educate the public about security. Join local business clubs, chambers of commerce, Rotary Club, and Toastmasters. Take advantage of speaking opportunities to educate small business owners and others about information security. Call on charitable organizations and volunteer to audit or maintain their networks, improve their network security, and help with other IT security issues.
Do you know about other Free CPE Opportunities? Let me know by commenting below and I’ll add them to the post.
No related posts.
Follow us on Twitter
Follow us on Facebook
Subscribe to RSS Feed
I really like the SANS webcast. I would watch them even if they didn’t give me CPE’s.
Though SANS webcast are great but currently no certificate available for completion of web cast. http://www.sans.org/faq/ “Certificates of attendance for webcasts are not currently available.”
Thanks Sunil, I updated the post to indicate certificates aren’t provided anymore.
I’m assuming the FAQ is a little out of date… You can still get certificates for SANS webcasts via the portal. Simply go to ‘My Webcasts’ under the dropdown by ‘Welcome, [your name]‘ and then select ‘Click For CEU Certificate’. I’ve emailed someone at SANS to see if they can update the FAQ. — Dallas
Once you get all of those CPEs, you can create a free account at http://www.mycpes.com to track them. MyCPEs.com gives reporting, dashboards, job opportunities, CPE recommendations, email reminders when deadlines are coming, and more. Check it out.
Can you earn CPEs by taking other security certs?
Excellent article.
Just responding to earlier comment:
Why use a third-party site, when you can maintain all the info in an excel sheet? (and customize it to the way you want).
I keep this sheet and all the relevant seminar attendance proof (PDF copies of the email registration and confirmation of attendance) at dropbox.
If you need the template sheet email me at khan.m.umar at gmail.
Cheers!
I truly love your blog.. Pleasant colors & theme.
Did you create this web site yourself? Please reply back as
I’m trying to create my own personal blog and want to know where you got this from or what the theme is called. Cheers!
Its the Genesis framework from Studio Press.