Amen. When I first got my CISSP I was a little concerned about keeping up with the CPEs. Attending the annual Congress helps. I just joined the Chicago chapter, and they have been doing a great job of offering short conferences and such that come with CPEs, as well. And with all of the online webinars and tutorials and periodicals offered (announced in emails and Twitter), right now I've got my three-years worth of CPEs done in two years... with a lot more on-line opportunities available yet to go.
I get most of my CPEs by listening to podcasts on the commute.
Some of the best I have found are:
Do you happen to have the numbers. I would be really interested in seeing the number of people who lost their certification for this reason.
I have no idea, though I think with enough effort, ISC2 could do it. IIRC, there were 20 people in my seminar and 8 had expired certs. And fewer than 8 showed-up for celebratory booze afterward. Those that did show up said that the test is way harder than it used to be.
I think the CPE situation is what keeps the Webcast Industrial Complex in business. So many SANS webcasts for CPEs... Since the cash infusion lead by Ron Gula, Cybrary.it's content has gotten pretty good, too, and is a good source for CPE time.
You also might consider courses at
- edX ... courses for free, certificates from 50 € ... e.g. "Cyber Security Economics" (10 weeks with 2-4h work per week)
- coursera ... "audit" courses for free, 33 € per month, if you want to have access to tests and get a certificate
There are many other online course providers you can choose from.
This thread is a good read. I recently passed the CISSP and I’m waiting for official approval. Understanding the CPE requirement is important as discussed by others. I appreciate the information!