Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Defender I

Acting Like a Professional: RTFM


We see recurring questions in several of the community fora regarding CPE: what counts ?must I have Type B?  how to calculate for input? what about rollovers?

In almost every instance the answers are clearly provided in the CPE Guidelines document at Obviously the person asking the question has not even glanced at that document. 

Recently my comments, instead of pointing to the pinned threads on CPE at the top of both CPE Opportunities and Member Support have moved to a simple




Former military know this one: Read The Field Manual!

(yea, that's the word, Field, yeah, that's what the F means, Field!)


What does this have to do with acting like a professional?

Quite a bit.


We are in a complex field, that is changing constantly. To do our jobs we have to know the content of laws, regulations, rules, frameworks, and system manuals. We cannot get by without reading those core documents that detail our tasks and procedures. 

Failure to keep up with the mandatory documentation of our major specialties, and to dive into teh needed ones on any given task is essential to being a true professional in infosec.

The certification is named Certified ... PROFESSIONAL.

If you are not willing to learn what the rules and procedures are, know where they are documented, and routinely use those documents, 



Try to answer your questions through research before leaning on the helpful crowd in the Community.


Oh, and I have said this before: If I were looking to hire an infosec specialist who claims a professional certification, and that individual does not even know what the relevant guideline documents are, much less use them, that one goes straight to the round file.



With best wishes and hopes for your career successes,




D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts
8 Replies
Advocate I

And stop attacking those who keep pressing standards as the reason we have standards in the first place.


I prefer quality over quantity when it comes to certifications. Certs are a nice to have but too much emphasis has been placed on examinations, particularly from colleges seeing certification as a way of confirming their education product. So what are we really telling students? Get certified, no matter what it takes.


- b/eads

Influencer II

I may disagree with every word this man has said, but I will defend, to the death, if
necessary, his right to say it!

====================== (quote inserted randomly by Pegasus Mailer)
For any x, what is the numeric value of (x-a)(x-b)(x-c)...(x-z)?


Other posts:

This message may or may not be governed by the terms of or
Influencer II

(Just to make it clear for those who did not get the joke, I do *NOT* disagree
with anything this man has said, and there is far too little searching going on
before people post questions.)

====================== (quote inserted randomly by Pegasus Mailer)
Last words are for fools who haven't said enough.
- last words of Karl Marx


Other posts:

This message may or may not be governed by the terms of or
Community Champion

Anyone know where can I record the type C CPEs I dearly hope to be able to submit for my armadillo wrangling and scientific pottery retreat...?

Contributor I

Hi Dr. Shelton,


Great to 'hear' from you. Very informative post, and well received.

Keep up the creative, professional, and guiding thought processes.


Dr. Jan Shuyler Buitron

Doctorate of Computer Science in Cybersecurity, minor in Management

Master of Science in Cybersecurity



Senior Cybersecurity Systems Engineer\Lead)

Contributor I

I would like to add my underwater basketweaving course, and my course on Cybersecurity in the Quechua Language. . . .


Dr. Buitron

(mentored by Dr. Tung en Cheak)

Contributor I

Always enjoy a good rant and Hopefully you are feeling better now that you got that out of your system 🙂


Seriously though its been going on for years. Not just on ISC2 but LinkedIn (how do I get a job in security, certs, etc.) and also in the workplace.


It's pretty much a sign of laziness, etc. 

It's an indication they are a taker (always asking/demanding/it takes too much time/etc.) vs a maker (initiative/trying/researching/etc.) 

And because the audience is vast there is a good chance they will continue on as long as they can.


What they don't realize is eventually they will get ignored, not offered assistance, or not progress in their career. 


What's interesting is that I also see the same type of behavior from individuals with Bachelors, Masters, and even Doctors degrees which kind of leads me to wonder if someone else did their homework for them.


Contributor I

Hi RRoach,


I conduct research all the time in my 'spare' time. Sites like researchgate, Microsoft Academic, Google Scholar, Oxford University Press, and of course, Carnegie Mellon University CERT site, which is FULL TO THE BRIM with good stuffs, including one of the premier Insider Risk research centers.


If any folks are looking for the 'easy way,' it doesn't work when it comes to the ISC2 exams. I set myself to studying for 8 hours per day when I was knuckling down for the CISSP exam in 2007. It worked, because I passed it on the first try after studying for 3.5 months.


The simple tip is, be CURIOUS, and be a Lifelong Learner!

Here is an interesting piece from Carnegie Mellon:


regards and stay well,


Dr. J. S. Buitron, DCS, MSIA, CISSP

Doctor of Computer Science\Cybersecurity

Masters in Information Assurance\Cybersecurity

Certified Information Systems Security Professional


Lead Cyber Engineer at L3Harris