Don Donzal, who created www.ethicalhacker.net and ChicagoCon, lists 10 ways for CISSPs to earn CPEs (Continuing Professional Education credits) and having fun doing it. Check out his entire article here. He wrote it in 2005, but it hasn’t aged much.
Here’s a summary of the 10 ways to earn CPEs:
- Read The Mezonic Agenda or other security books.
- Post in forums like www.ethicalhacker.net or SearchSecurity.com’s ITKnowledge Exchange.
- Watch SearchSecurity’s Security School webcasts.
- Volunteer at a local elementary or high school.
- Join a local users group – If you can’t find one, use Culminis’ IT Pro User Group Locator.
- Play video games. This one may require you to be creative on your CPE submission form.
- Take Basket Weaving 101 – OK, it’s not quite that easy, but 40 of your 120 CPEs can be professional development courses not related in any way to IT security. Let your mind go wild on this one.
- Invite a security vendor to make a presentation at your company.
- Get your MBA. All college courses meet the CPE requirement.
- Write a security article.
I met Don (CISSP, MCSE 2003, CEH, Security+ SME) at an Information Security Decisions conference in Chicago before he created http://www.certifiedsecuritypro.com (now defunct) and www.ethicalhacker.net. He’s a creative, high-energy, and nice guy.
Unlike other “hacking” security sites, Don’s ethicalhacker site is not only very active, but most of the forum contributors are security professionals or students of security, not script kiddies. Also, the site features experts like Ed Skoudis and his “h@ck1ng scenarios” (see Skillz). If you don’t visit this site regularly, you’re missing it.
Although I haven’t had a chance to go to ChicagoCon, I’ve heard great things about it. ChicagoCon features security-focused boot camps, exams on-site, and more. According to the website, you can learn “from the pros and network with peers in order to advance your InfoSec career. Not just another boot camp or hacker con, ChicagoCon adds value to your training dollars with top instructors and well known certifications.”
If you’ve been to ChicagoCon, let me know what you thought of it. Thanks.
More CPE Ideas
Once you a CISSP, ISC2 has free webinars (called e-symposia) that count for 3 CPEs that you can take on demand. So does ISACA. Yes, you have to be a member of these organizations, but they’ll help you maintain what you’ve earned. Both organizations accept each other’s webinars for CPEs.
The nice thing about have multiple, related certifications (like the CISSP, CIA, or CISA) is that you only have to do one set of CPEs for all the certs.
Read Marc D’Amato’s Social Engineering Master Class @ ChicagoCon! in his Compliance Does Not Equal Security blog.
For more suggestions and lots of details, see Richard R’s Become (and stay) a CISSP on a Budget.