I'm having a discussion with a colleague regarding whether we can count training that is directly related to our job. We support a security product, and there is a lot of formal training as well as webinars and e-learning about the product and how you can use it to detect and mitigate threats. In my mind, it is legitimate to count training attended as CPEs.
My colleague is under the impression that if the training is directly related to our job that we should not count it. I've searched through the ethics and CPE documents, and cannot find anything supporting his position. Am I missing something, or can I point him to this post and let him know he owes me a coke (which are free)?
this sounds like the training, e-learning and webinars are part of your day-to-day job (which of course includes getting new knowledge to be able to continue to support your product).
The CPE guideline available at https://www.isc2.org/-/media/ISC2/Documents/cpe_guidelines.ashx contains the following text on page 3
It is important that members should understand, in most instances, they cannot earn CPE credits for work they do in the regular day-to-day performance of their jobs. However, members may earn CPE credits for engaging in unique projects and activities in their workplace which are outside of their normal job functions that require them to expand their knowledge base and/or skill set.
In my opinion the ongoing training required to support your product(s) is more part of your normal job rather than outside of your job --- and therefore does not qualify for CPEs. We can argue about this though 🙂
FYI: I am not part of the ISC(2) staff and the answer above only reflects my opinion and should not be confused with any official ISC(2) statement on this.
"E" in CPE is for education... If I attend a class that improves my knowledge in the security area, I will submit it as CPE whether it is related to work or not...
I wouldn't attend a class if it is not related to what I do anyways... if I work as a security consultant covering wide range of topics, am I supposed to take poetry classes so that the training is not related to my work?
Just my 2 cents...
I appreciate you both taking time to answer my question.
Thanks for the quote and link Wolfgang. I get where you and my colleague are coming from. I'm not a lawyer. Does each sentence stand alone? The red line below makes me thing I should count the hours. The green line confuses the issue. Blue further muddies the water back in the direction to count the hours.
CPE credits are earned for participating in activities where members gain knowledge from the experience. Typically, work done as part of one’s normal job will not generally qualify for CPE credits. Please note that if you are receiving training or attending conferences, you can claim those CPEs in the respective categories regardless of if they were completed or attended during work hours.
If I was a security trainer, taking a class I was going to teach or a prerequisite, then I 100% agree those hours shouldn't count.
The training isn't mandatory. I can do my job without attending the classes, but attending them increases my knowledge not only of my product, but also for current threats and ways to detect and mitigate them with my product as well as others. It helps me do my current job as well as prepare me for my next role. I work with several youth organizations, and I am able to share information with the kids as well as their parents.
I do find it interesting if I make money as an author, I can count my hours creating a book/blog/article. Shouldn't that be counted as day-to-day performance of my job?
I wish that paragraph was a little more clear. Maybe someone from ISC2 will chime in.
@BubbaFromGA Thank you for your inquiry! Please know, you may list any training for CPEs as long as it is either domain related, or professional development. Even though your company is providing the training, you may still submit 1 CPE per hour of attendance.
What about if I am the one giving the trainings? is nto part of my day to day role, but as I am the only CISSP in my office, they asked me to provide a training to other employees which I did, more realted to Security in the Cloud Computing, how should I report it?