You have earned your CISSP. Now, it’s time to maintain it by earning continuing professional education (CPE) credits. A single ISC2 CISSP CPE credit is one hour, and you can earn them by doing all kinds of related (and some not related) to security.
How many CPEs do you need to keep the CISSP active? You need 120 credits over a 3 year cycle, with 40 credits annually at a minimum. To see the CPE requirements in great detail, check out their CPE Overview page (requires sign-in).
If you get over 40 credits in a year, it rolls over into the following year. Your annual CPE cycle starts the 1st of the month after your endorsement is approved and your AMF is paid.
Table of Contents
Ideas for CPEs
Their Earn CPEs page shows a few opportunities to earn CPEs, primarily through their offerings. Read more below to get some ideas of what else you can do.
To get an idea of how many CPEs these activities will earn, check out the ISC2 CPE Handbook for the most up to date count each activity can earn. There are caps in nearly every category as well.
As you go through each continuing educational opportunity, just keep a running list of activities with the name of the event, the date, and the total time. The more receipts, the better:
- Screenshots
- Certificates of completion
- Official meeting notes, rosters, attendance, or minutes
- Transcripts or Diplomas
Reading
Be prepared to write a 250 word summary on the topic you read to get credit. Publications with ISC2 partnerships can make things easier but are not required to claim CPEs.
- Books
- Magazines like Information Security magazine
- Whitepapers
Fiction
- CyberStorm: A Novel
- The Mezonic Agenda: Hacking the Presidency
- Stealing the Network (Cyber-Fiction Series)
Engage with the Community
- Volunteer at a local school STEM events.
- Join a local user group.
- Includes local ISC2 chapter and general information security meetup groups.
- Attend a local security event.
- All other local events like seminars and more.
Attend Conferences
- ISC2 Security Congress
- I went to SC in 2015 (holy cow, has it been over 4 years already!?). It was great. I’m looking forward to finally making my return as an ISC2 member.
- Up to 28 CPEs with an additional 2 for town hall meetings.
- Black Hat
- RSA
Education
- Take professional development opportunities in any field.
- A third of your CPEs (40) can be used for non security related topics.
- Have mandatory training requirements at your job? You can add these to your CPE list! Don’t slouch on bootcamps.
- Finish your degree or get that MBA.
- All college courses are eligible.
Online Courses
- Coursera
- Cybrary.it
- EdX
- Udemy
- LinkedIn Learning
Hands On Learning
- Participate in a public bug bounty program.
- Hack the Box Pen-Testing Labs.
Webinars
Webinars are great. You can easily find them on tools you use or topics related to your job. Catch one or a couple a week.
- ISC2 Webinars
- Infosecurity Magazine Webinars
- Brighttalk Webinars
- These are essentially vendor marketing channels, so join these, especially with a complete profile, at your own risk.
- Conversely, your CPEs automatically get submitted to ISC2.
- SANS Webcasts (free account required)
- ISACA Webinars
- Ultimate IT Security Webinars
- Beyond Trust Webinars
Online Videos
Podcasts
Keep track of what you listen to and provide a brief summary of each episode.
- 7 Minute Security
- Dont Panic from Unit 42 (Palo Alto)
- ISF
- OWASP (recently migrated; here’s the old link)
- SANS StormCast
- Software Engineering Institute
- Threatpost
Vendor Events
- Attend an ISC2 Certification Exam Development Workshop.
- Invite a security vendor or service provider to present at your company or group.
- This is basically a webinar in person.
Create Something
This is great if you already create stuff, as I do. However, they appear stingy with the CPEs rewarded with this type of work.
- Write blog posts
- Write magazine articles
- Author books
- Author online courses
- Give presentations
- Create workshops, curriculum, workbooks, etc.
Conclusion
The amount of CPEs it takes to keep going seems like a lot. It can be if you try to do everything at once, but if you keep track of what you’re already doing, you’ll be fine.
What if you don’t do this? Well, be prepared to retake the CISSP exam if you don’t maintain your status.
Let me know in the comments below which way you prefer to earn your CPEs. My favorite so far is attending conferences. I love connecting with new people and learning new information. Plus, it covers nearly an entire year of CPE requirements.
Let me know if you want additional information covered on this topic or if anything needs to be corrected above. Happy learning!
Interesting site, though there’s a typo in the headline, survival missing 2nd v. Apologies for being so pedantic!
Hi John,
Thanks for the correction! It’s much appreciated. I don’t find it pedantic. I fixed the title and a few other typos in the article. It’s probably time to review all of the older content anyway.