Maintaining CISSP Certification Through Continuous Learning

Maintaining CISSP Certification Through Continuous Learning

As a Certified Information Systems Security Professional (CISSP) there is a requirement that I earn 120 "Continuing Professional Education" (CPE) credits in a 3 year span in order to maintain the CISSP certification. This equates to earning 40 CPE credits per year to complete that goal. Thus, regardless of anyone's opinions about the certification, the upside of earning the CPE requirements is that I get to continuously learn about the security field while maintaining my CISSP certification.

Earning CPE credits

There are multiple ways to earn CPE credits, but I think the simplest and most fun way to do so is by accessing the webinars available to ISC2 members from the ISC2 homepage. Therefore, in this post I would like to recommend just a few webinars that I found interesting and highly educational. If you hold the CISSP certification, and you have connected your account with your CISSP certification number, then once you watch the webinars you can earn an average of 1 CPE per webinar automatically, while at the same time you will also be learning something new about the world of cyber security. Here is a list of my top three favorite webinars:

Yahoo Breach

How the Heck Did They Miss It? Lessons to Learn from the Yahoo Breach by Chris Roberts, Chief Security Architect at Acalvio Technologies - This webinar does not pull any punches as it shoots straight to the point on what things went wrong at Yahoo with their approach to security.

Threat Modeling

Threat Modeling: Lessons from Star Wars - by Adam Shostack. This is a very fun webinar that walks the viewer through the ins and outs of threat modeling thorugh the lens of Star Wars themed Lego characters. Not only will you learn more about threat modeling, but you will also learn a thing or two about what Star Wars is really all about. :)

Becoming A Harder Target

How Not to Get Hacked by Paul Edlund. This is a webinar produced by Microsoft that delves into the nuts and bolts of how Microsoft conducts their day to day maintenance and development activities so that their systems essentially become harder targets for hackers. It is a good insight into how mature enterprises handle daily security activities at scale.

Bonus Talk

And here is one more of my favorite talks, nevertheless, I am not sure that it counts towards CPE credits as the content is hosted on a more mainstream medium (youtube), however, I still wanted to share it:
USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers by Rob Joyce, Chief, Tailored Access Operations, National Security Agency - Yes, this talk is deep and intriguing but it is also very useful in understanding how the big guns conduct themselves, and it offers a set of useful lessons from which any organization can benefit from. Consider this talk a rare insight into the world of Nation State Exploitation.


Life is all about continuous learning and improvement, no one is born an expert, and it takes time to obtain mastery in any subject. But with a bit of effort, we can all continue to learn more about how to stay secure and share our knowledge with each other. I hope that you find these webinars as helpful as I have, and that they help you in your quest to fulfill your CPE requirements. Perhaps you have a favorite security talk you would like to share? If so then please share it in the comments section.

Until next time, stay secure.