The Big List of Free Continuing Professional Education (CPE) Resources for InfoSec and CISSP

Don’t lose your certification because you’re missing CPE requirements.

Background

Many Varonis employees have obtained (ISC)2 certifications. Heck, our VP of Marketing is a CISSP. So it’s no surprise that we’re all keenly interested in keeping our certifications up, which means earning Continual Professional Education credits.

The list below focuses on Group A CPE requirements. Group A requirements are on topics closely associated with IT and Infosec topics. Group B activities are professional, but not in the security domain (ex: Business classes).

Before getting started you should review the official CPE Guidelines for your specific certification.

A consistent CPE plan makes the process much easier and our suggestion is to try and earn one CPE per week. This approach is helpful as:

  1. You’ll miss a few weeks here and there.
  2. If your CPEs are audited and something rejected, you’ll still maintain your certification.
  3. CPE’s can rollover to count in additional credentialing periods.
  4. Much of the general CPE content is released serially, making it easy to keep up.

Security Podcasts

Podcasts fall under the “self-study” category of CPE requirements. One hour of study (listening to the podcast) is considered one CPE. We’d recommend keeping a document recording when you listened to each podcast episode, it’s length and potentially even a short (approx 25 word) summary. Like any form of media, the actual content of a podcast can vary from lightly entertaining to incredibly educational and sometimes both at the same time.

Our general recommendation is to take your continuing education seriously and seek out the podcasts that you find are best at expanding your knowledge.

The Inside Out Security Show
Discussion of the security topics of the day and how they fit into the larger IT ecosystem.
https://www.varonis.com/the-inside-out-security-show/

Brakeing Down Security
Talking about security, privacy, legal, and compliance topics
http://brakeingsecurity.blogspot.com/

Data Driven Security
Discovery and decision making through data in information security.
http://datadrivensecurity.info/podcast/

Defensive Security
A cyber security podcast covering breaches and strategies for defense.
https://www.defensivesecurity.org/category/podcast/

DevelopSec
Developing Security Awareness
http://developsec.libsyn.com/

Digital Underground
Security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.
https://itunes.apple.com/us/podcast/digital-underground-podcast/id315355232?mt=2

Down the Security Rabbithole
A business perspective on the often insane world of information security.
http://podcast.wh1t3rabbit.net/

Hak5
Everything from network security, open source and forensics, to DIY modding and the homebrew scene.
http://www.hak5.org/

In-Security
Information Security from the group up
http://in-security.org/

OWASP Podcast
Highlights from the Open Web Application Security Project community.
https://www.owasp.org/index.php/OWASP_Podcast

Risk Science Podcast
Experiments in Risk Science.
Experiments in Risk Science

Risky.Biz
The Business take on InfoSec.
http://risky.biz/netcasts/risky-business

Security Weekly
Latest information security news, research, hacker techniques, vulnerabilities, and technical how-tos
http://securityweekly.com

Southern Fried Security
An information security podcast that fills the gap between technical security podcasts and Security Now.
http://www.southernfriedsecurity.com/

Standard Deviant
A security podcast for truth-seekers, mavericks and square pegs
http://www.thestandarddeviant.com/podcast/

Security Insider
Information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
https://itunes.apple.com/us/podcast/security-insider-podcast-edition/id314864961?mt=2

Security Now
Covers important issues of personal computer security
https://www.grc.com/securitynow.htm

SANS Internet Storm Center Daily
A brief daily summary of what is important in cyber security.
https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=304863991

Take 1 Security
Infosec news and analysis in just a few minutes, all in one take.
https://danielmiessler.com/podcast/

Trusted Sec
Keep up with interesting things we run into in the security industry – interview some awesome guests – and have fun with everything.
https://www.trustedsec.com/podcast/

Virtualization Security Round Table
Discuss all things related to Virtualization, Virtual Environment, and Cloud Computing Security.
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=tc

CERIAS Security Seminars

Seminars from one of the world’s leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.

Context Aware, Policy based approaches to Security
Focus on approaches to securing systems using approaches that have declarative policies that factor in dynamically evolving context
View Seminar

Resilient, privacy-preserving, revocable and user-centric authentication
Seminar on a new biometric authentication method – Biometric Capsule.
View Seminar

Robust Secure Computation
“Can secure computation be based on imperfect building blocks?”
View Seminar

Big Data Security and Privacy
An approach to performing computation tasks atop encrypted data.
View Seminar

A Secure Communication Protocol for Drones and Smart Objects
Proposal for a new secure communication protocl to enable secure communications for IOT and Drones in a resource constrained environment.
View Seminar

Applying Formal Verification Techniques for Checking Compliance of Computer Systems and Protocols
Demonstrative examples of using formal verification techniques for compliance checking in a variety of settings.
View Seminar

Virtual Android Malware Detection and Analysis (VAMDA)
Seminar of a new platform for analysis of mobile threats.
View Seminar

Practical Confidentiality Preserving Big Data Analysis in Untrusted Clouds
Discussion of Cryptsis, a system that allows execution of MapReduce-style data analysis jobs directly on encrypted data.
View Seminar

CERT Software Engineering Institute at Carnegie Mellon University

Presentations from the Carnegie Mellon University Computer Emergency Response Team.

Building Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=450642

Structuring the Chief Information Security Officer Organization
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=449557

How Cyber Insurance Is Driving Risk and Technology Management
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=446869

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=445056

Capturing the Expertise of Cybersecurity Incident Handlers
http://www.cert.org/podcasts/podcast_episode.cfm?episodeid=443570

Whitepapers

After reading a whitepaper, write a 25 word summary of the paper and upload it with the author details to the ISC2 website.

Ponemon Institute Study
Corporate Data: A Protected Asset or a Ticking Time Bomb?
https://info.varonis.com/hs-fs/hub/142972/file-2194864500-pdf/ponemon-data-breach-study.pdf

Enterprise Search Report
Detecting Data Breaches in Real Time
http://info.varonis.com/enterprise-search-report

User Behavior Analytics
Learn how to closely track user behavior and monitor how they are accessing unstructured file system data.
https://info.varonis.com/user-behavior-analytics

Online Videos

Online videos fulfill “self-study” requirements for earning CPEs.

6 Tactics for Preventing Insider Threats
Protecting against insider threats, whether malicious or accidental, is extremely difficult, especially when 71% of employees say that have access to information they aren’t supposed to see.
https://info.varonis.com/web-recorded-webinar-insider-threats-en

TechTalk: How to Detect and Clean Cryptolocker Infections
Learn what CryptoLocker does on your network and steps to limit the impact.
https://info.varonis.com/web-recorded-techtalk-cryptolocker-en

Courses

Self paced training courses count 1 to 1 hours to earned CPE.

Web Security Fundamentals
If you’re in any way responsible with information systems that touch the web, this course will give you an in-depth look at the top 5 risks you should be aware of and how to combat them.
https://info.varonis.com/web-security-fundamentals

Hacksplaining
Comprehensive Security Training for Developers
https://www.hacksplaining.com/

Request a demo

Interested in finding out how Varonis can help with your compliance initiatives?

Request a demo

Or contact sales at 877-292-8767