Background

Many Varonis employees have obtained (ISC) certifications. Heck, our Chief Marketing Officer is a CISSP. So it’s no surprise that we’re all keenly interested in keeping our certifications up, which means earning Continual Professional Education credits.

The list below focuses on Group A CPE requirements. Group A requirements are on topics closely associated with IT and Infosec topics. Group B activities are professional, but not in the security domain (ex: Business classes).

Before getting started you should review the official CPE Guidelines for your specific certification.

A consistent CPE plan makes the process much easier and our suggestion is to try and earn one CPE per week. This approach is helpful as:

Security Podcasts

Podcasts fall under the “self-study” category of CPE requirements. One hour of study (listening to the podcast) is considered one CPE. We’d recommend keeping a document recording when you listened to each podcast episode, it’s length and potentially even a short (approx 25 word) summary. Like any form of media, the actual content of a podcast can vary from lightly entertaining to incredibly educational and sometimes both at the same time.

Our general recommendation is to take your continuing education seriously and seek out the podcasts that you find are best at expanding your knowledge.

Discussion of the security topics of the day and how they fit into the larger IT ecosystem.
https://www.varonis.com/the-inside-out-security-show/

Talking about security, privacy, legal, and compliance topics.
http://brakeingsecurity.blogspot.com/

Discovery and decision making through data in information security.
http://datadrivensecurity.info/podcast/

A cyber security podcast covering breaches and strategies for defense.
https://www.defensivesecurity.org/category/podcast/

Developing Security Awareness.
http://developsec.libsyn.com/

Security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.
https://itunes.apple.com/us/podcast/digital-underground-podcast/id315355232?mt=2

A business perspective on the often insane world of information security.
http://podcast.wh1t3rabbit.net/

Everything from network security, open source and forensics, to DIY modding and the homebrew scene.
http://www.hak5.org/

Information Security from the group up.
http://in-security.org/

Highlights from the Open Web Application Security Project community.
https://www.owasp.org/index.php/OWASP_Podcast

The Business take on InfoSec.
http://risky.biz/netcasts/risky-business

Latest information security news, research, hacker techniques, vulnerabilities, and technical how-to’s.
http://securityweekly.com

An information security podcast that fills the gap between technical security podcasts and Security Now.
http://www.southernfriedsecurity.com/

A security podcast for truth-seekers, mavericks and square pegs.
https://www.stitcher.com/podcast/the-standard-deviant-podcast

Information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
https://itunes.apple.com/us/podcast/security-insider-podcast-edition/id314864961?mt=2

Covers important issues of personal computer security.
https://www.grc.com/securitynow.htm

A brief daily summary of what is important in cyber security.
https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=304863991

Infosec news and analysis in just a few minutes, all in one take.
https://danielmiessler.com/podcast/

Keep up with interesting things we run into in the security industry – interview some awesome guests – and have fun with everything.
https://www.trustedsec.com/podcast/

Discuss all things related to Virtualization, Virtual Environment, and Cloud Computing Security.
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=tc

CERIAS Security Seminars

Seminars from one of the world’s leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.

Focus on approaches to securing systems using approaches that have declarative policies that factor in dynamically evolving context.
View Seminar

Seminar on a new biometric authentication method – Biometric Capsule.
View Seminar

“Can secure computation be based on imperfect building blocks?”
View Seminar

An approach to performing computation tasks atop encrypted data.
View Seminar

Proposal for a new secure communication protocl to enable secure communications for IOT and Drones in a resource constrained environment.
View Seminar

Demonstrative examples of using formal verification techniques for compliance checking in a variety of settings.
View Seminar

Seminar of a new platform for analysis of mobile threats.
View Seminar

Discussion of Cryptsis, a system that allows execution of MapReduce-style data analysis jobs directly on encrypted data.
View Seminar

CERT Software Engineering Institute at Carnegie Mellon University

Presentations from the Carnegie Mellon University Computer Emergency Response Team.

Building Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations.
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=450642

Structuring the Chief Information Security Officer Organization.
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=449557

How Cyber Insurance Is Driving Risk and Technology Management.
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=446869

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework.
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=445056

Capturing the Expertise of Cybersecurity Incident Handlers.
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=443570

Whitepapers

After reading a whitepaper, write a 25 word summary of the paper and upload it with the author details to the ISC2 website.

Corporate Data: A Protected Asset or a Ticking Time Bomb?
https://info.varonis.com/hs-fs/hub/142972/file-2194864500-pdf/ponemon-data-breach-study.pdf

Detecting Data Breaches in Real Time.
http://info.varonis.com/enterprise-search-report

Learn how to closely track user behavior and monitor how they are accessing unstructured file system data.
https://info.varonis.com/user-behavior-analytics

Online Videos

Online videos fulfill “self-study” requirements for earning CPEs.

Protecting against insider threats, whether malicious or accidental, is extremely difficult, especially when 71% of employees say that have access to information they aren’t supposed to see.
https://info.varonis.com/web-recorded-webinar-insider-threats-en

Learn what CryptoLocker does on your network and steps to limit the impact.
https://info.varonis.com/web-recorded-techtalk-cryptolocker-en

Courses

Self paced training courses count 1 to 1 hours to earned CPE.

If you’re in any way responsible for information systems that touch the web, this course will give you an in-depth look at the top 5 risks you should be aware of and how to combat them.
https://info.varonis.com/web-security-fundamentals

Comprehensive Security Training for Developers.
https://www.hacksplaining.com/