Great listing of free or low cost training for Security folk from NIST.
https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content
d
@dcontesti wrote:Great listing of free or low cost training for Security folk from NIST.
https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content
With the great abundance of quality, free, online, on-demand training directly related to our certification domains, consider the following excuses for difficulty in obtaining CPE:
Those statements all translate for me into a simple statement:
"I'm too lazy to learn what counts as CPE, or how to find any, and I am not interested in staying current in my field."
For a few, wisdom may come with age. For many, age brings us cynicism.
Craig
@CraginS Great advice.
I used to tell my employees "Before you ask me to send you to an ISC2 or SANS course (or any other paid course) make sure you have taken as much free training as you can beforehand. I have no problem sending you to that training, but when my boss asks me 'What other training have they done?'" I don't want my response to be. "Nothing." If I can tell them Sir/Maam, they have already taken x,y,and z free courses and they are ready for this more challenging paid course, they usually approve it. If my response was "nothing" they usually say "Are you sure they just don't want to go to Las Vegas (or other location that is offsite)? I got more denial for paid training when the employee hasn't done anything else and demanded I send their request along (versus taking the wise advice of their current supervisor) than I did when they listened to my advice. Also if you are demanding your supervisor sends your training request along don't be surprised if they say, when asked what have they done, the supervisor says "Well they haven't taken any of the free stuff I gave them..." and then the boss denies it.... just saying....
One of the first things I do when coming in as a new supervisor is give my employees a list I keep compiled of free training. I can use that as a gauge as to how well the employee will be in the future. My greatest employees have taken multiple courses from the list, my good employees usually took one or two, and the average/poor employees said "Thanks!" and then did nothing with it. Plus I tell them they are free to take these classes while at work, of course they can't spend 40 hours a week on these free courses but I usually allow 1-2 hours per day if they are so inclined.
I've held a CISSP since 2005, and since then also earned a CEH, CISA, CIS< CRISC and CCSP. I have a lot of CPE work to do to keep this all current and organized. It gets even more complicated with multiple certifying organizations. All is not lost however! My personal, "Go to" source of free CPE is SANS.org. They have a treasure trove of archived webcasts, and more on the way each week. As a bonus they provide a certificate of attendance, including the number of hours on the certificate. This certificate seems to please most certifying organizations. One catch on these certificates is that the date on the certificate is the date you save or print it! If you wait until the last date of your period and try to claim you viewed 45 hours of web casts in a single day, you may be headed for trouble.
Each January, I begin my annual CPE journey. I carefully select and view a minimum of 45 hours of webcasts. Having multiple certifications complicates things a bit, but it is certainly doable. After completing each webcast, I immediately get the certificate downloaded, and load it up to each organizations site. I keep a copy on my PC and another copy on another form of media...Just in case! I also check in on each certification quarterly, just to be sure that all is well. I have no plans on sitting for any of these tests again.
My backup is Steve Gibson's "Security Now", hosted on Twit TV. Again weekly free podcasts, although ec-council won't accept them, I still have pretty good luck with ISC and ISACA. Not having a certificate could pose a problem. I like Steve's style, and his current event type of podcast.
The major trick seems to be start early each year and document as you go. I'm almost always done by the end of March each year. Don't forget to check in quarterly...just in case.
Bill
Bill