You're now a CISSP! That's great news, give yourself a pat-on-the-back and erase the torrid memories of those last minute revision sessions.

OK now what? Well, you could sit back for 3 years with a smug impression on your face then re-take the exam (not recommended by the way), or you can maintain your CISSP status by collecting CPE (Continuing Professional Education credits) points over the 3 years and avoid another 6-hour exam (recommended!)

Other than paying the $85 each year for being a member, you do need to collect 120 CPE credits over 3 years and a minimum of 20 points each year. These CPE credits are basically a way to prove that you're active and progressing within the Information Security Community. Some options to obtain CPE credits can be very expensive though below are some pointers and suggestions on how you can achieve CPE points.

Every Year: at least 20 Group A CPE Points. Pay AMF $85
Over 3 Years: 120 CPE Points (at least 80 Group A CPE Points and a maximum of 40 Group B points)

There are 2 categories of CPE points, Group A and Group B. Out of the 120 points required over the 3 years, at least 80 Group of them need to be group A points.

• Group A - Activities within one of the 10 Security Domains
• Group B - Educational Credits

In my previous article, I highlighted a free way to achieve CPE points by reading the ISC mags. You can reward yourself 2 CPE point by reading the mag then taking a 10 question, multiple choice quiz. The InfoSecurity mag is published on a quarterly basis so that's 24 CPE points over 3 years so you're 20% there already! Once you pass the quiz, you will then be provided with a URL where you can download the certificate of achievement (WOOOOO!!!). If you're really proud on your achievement, you could frame it then hang it up next to your diploma)

Another easy way to again 5 CPE points/yr is by registering for the InfoMagazine. It's free and it comes in either an electronic form via e-mail or a paper form which is delivered to your front door. You do need to enter your ISC number to receive the points and to protect yourself from being audited. So that's 15 CPE points/3 years. If the link above doesn't work, try here.

I managed to locate a number of webcast website that ISC^2 accept as CPE points. Under the 'Self-Studying via Computer-Based Training, Webcasts, Podcasts' section, you can submit CPE by watching from the following websites.

• ThinkTank Security Leadership Roundtable Webinars - here
• e-Symposium Seminar Series - here
• SecurityTALK - here

You are entitled to 1 group A CPE point for every white paper you read from a credited website (which means authentic/valid organizational website). When you've finished reading the white paper, login to the ISC^2 and write a review (>25 words). Make sure you download and archive the PDF format of the white paper to avoid any issues if you were to become audited. The one place you can download white papers is from the Info Security Magazine white paper download.

I've been revising for my next exam, which is the OCPJP 7 certification. This cannot be considered a certification that's related to one of the 10 domains, though I can claim for up to 30 'group B' CPE points/per certification. This is dependent on the number of hours used as preparation work. If the exam was associated to one of the domains, then you could claim this as 'group A' CPE points.

Some of the certifications that could be considered as a 'group A' CPE points

• Advanced Information Security for Technical Staff
• Certified Ethical Hacker Exam
• CompTIA Network+ Exam
• CompTIA Security+ Exam
• CCNA Security Exam
• Cisco Network Exam
• Forensic Specialist
• Fundamentals of Incident Handling
• Hardening Windows Operating Systems
• Introduction to IPv6
• Introduction to Networking
• IPv6 Security
• Managing Enterprise Information Security
• Network Vulnerability Assessment
• Vulnerability Assessment and Remediation
• Wireless Comms and Wireless Network Security

I submitted the application to join the community infragard. This community was initially created to bridge the gap between the FBI and the private sector. This non-profit organization is free to join and presents a number of webcasts you can participate in, which is considered under the section of 'Volunteering for and Attending Information Systems/Cyber Security Professional Association Chapter Meeting'. This can be classed as 1 CPE/1hr. Make sure you record your presents and where possible, retrieve the video to achieve just incase in the event that you're audited. If you manage to get on the board, then you can claim 40 CPE points/year (10CPEs per meeting and four meetings/year). Furthermore, getting yourself a seat at a board meetings provides you with enough CPE points for that year alone.

Even though some website mention that blogging is a great way to collect point, it is in fact not considered an acceptable way to collect CPE points. At first thoughts this is understandable as blogging about security cannot be considered accurate, valid, or even true. I guess blogging could also be considered a 'lazy' approach as it's much easier to talk about nonsense then submitting this through publication.

About the author