You have earned your CISSP. Now, it’s time to maintain it by earning continuing professional education (CPE) credits. A single ISC2 CISSP CPE credit is one hour, and you can earn them by doing all kinds of related (and some not related) to security.

How many CPEs do you need to keep the CISSP active? You need 120 credits over a 3 year cycle, with 40 credits annually at a minimum. To see the CPE requirements in great detail, check out their CPE Overview page (requires sign-in).

If you get over 40 credits in a year, it rolls over into the following year. Your annual CPE cycle starts the 1st of the month after your endorsement is approved and your AMF is paid.

Ideas for CPEs

Their Earn CPEs page shows a few opportunities to earn CPEs, primarily through their offerings. Read more below to get some ideas of what else you can do.

To get an idea of how many CPEs these activities will earn, check out the ISC2 CPE Handbook for the most up to date count each activity can earn. There are caps in nearly every category as well.

As you go through each continuing educational opportunity, just keep a running list of activities with the name of the event, the date, and the total time. The more receipts, the better:

  • Screenshots
  • Certificates of completion
  • Official meeting notes, rosters, attendance, or minutes
  • Transcripts or Diplomas


Be prepared to write a 250 word summary on the topic you read to get credit. Publications with ISC2 partnerships can make things easier but are not required to claim CPEs.


Engage with the Community

  • Volunteer at a local school STEM events.
  • Join a local user group.
    • Includes local ISC2 chapter and general information security meetup groups.
  • Attend a local security event.
    • All other local events like seminars and more.

Attend Conferences

  • ISC2 Security Congress
    • I went to SC in 2015 (holy cow, has it been over 4 years already!?). It was great. I’m looking forward to finally making my return as an ISC2 member.
    • Up to 28 CPEs with an additional 2 for town hall meetings.
  • Black Hat
  • RSA


  • Take professional development opportunities in any field.
    • A third of your CPEs (40) can be used for non security related topics.
    • Have mandatory training requirements at your job? You can add these to your CPE list! Don’t slouch on bootcamps.
  • Finish your degree or get that MBA.
    • All college courses are eligible.

Online Courses

Hands On Learning


Webinars are great. You can easily find them on tools you use or topics related to your job. Catch one or a couple a week.

Online Videos


Keep track of what you listen to and provide a brief summary of each episode.

Vendor Events

Create Something

This is great if you already create stuff, as I do. However, they appear stingy with the CPEs rewarded with this type of work.

  • Write blog posts
  • Write magazine articles
  • Author books
  • Author online courses
  • Give presentations
  • Create workshops, curriculum, workbooks, etc.


The amount of CPEs it takes to keep going seems like a lot. It can be if you try to do everything at once, but if you keep track of what you’re already doing, you’ll be fine.

What if you don’t do this? Well, be prepared to retake the CISSP exam if you don’t maintain your status.

Let me know in the comments below which way you prefer to earn your CPEs. My favorite so far is attending conferences. I love connecting with new people and learning new information. Plus, it covers nearly an entire year of CPE requirements.

Let me know if you want additional information covered on this topic or if anything needs to be corrected above. Happy learning!

Pin It on Pinterest