I have over 20 years industry experience and recently (Apr 2017) received my CISSP. One thing that struck me in my seminar week was the number of people (almost half) who lost their certification due to lack of CPEs. Don't let this happen to you. Seriously. The last thing you want is to have to fork out the money to take the test all over again.
CPEs are important. They provide evidence that you are an active participant in the infosec community. They're easy to earn, but don't shrug them off or take them lightly. Earning CPEs will make you better at your job:
If you or your chapter has cool ways to earn CPEs, feel free to post up.
Don't forget about the Type B CPEs. They are easy to get at many employers through mandatory training, or other job related classes.
It's easy to earn CPEs, for me, I don't have to do something special, just keep reading, writing and training. I hold CISSP since 2004.
Amen. When I first got my CISSP I was a little concerned about keeping up with the CPEs. Attending the annual Congress helps. I just joined the Chicago chapter, and they have been doing a great job of offering short conferences and such that come with CPEs, as well. And with all of the online webinars and tutorials and periodicals offered (announced in emails and Twitter), right now I've got my three-years worth of CPEs done in two years... with a lot more on-line opportunities available yet to go.
I agree. I personally would not want to spend the money again.
I get most of my CPEs by listening to podcasts on the commute.
Some of the best I have found are:
Do you happen to have the numbers. I would be really interested in seeing the number of people who lost their certification for this reason.
I have no idea, though I think with enough effort, ISC2 could do it. IIRC, there were 20 people in my seminar and 8 had expired certs. And fewer than 8 showed-up for celebratory booze afterward. Those that did show up said that the test is way harder than it used to be.
I think the CPE situation is what keeps the Webcast Industrial Complex in business. So many SANS webcasts for CPEs... 🙂 Since the cash infusion lead by Ron Gula, Cybrary.it's content has gotten pretty good, too, and is a good source for CPE time.
You also might consider courses at
- edX ... courses for free, certificates from 50 € ... e.g. "Cyber Security Economics" (10 weeks with 2-4h work per week)
- coursera ... "audit" courses for free, 33 € per month, if you want to have access to tests and get a certificate
There are many other online course providers you can choose from.
This thread is a good read. I recently passed the CISSP and I’m waiting for official approval. Understanding the CPE requirement is important as discussed by others. I appreciate the information!