The Big List of Free Continuing Professional Education (CPE) Resources for InfoSec and CISSP

Don’t lose your certification because you’re missing CPE requirements.


Many Varonis employees have obtained (ISC)2 certifications. Heck, our VP of Marketing is a CISSP. So it’s no surprise that we’re all keenly interested in keeping our certifications up, which means earning Continual Professional Education credits.

The list below focuses on Group A CPE requirements. Group A requirements are on topics closely associated with IT and Infosec topics. Group B activities are professional, but not in the security domain (ex: Business classes).

Before getting started you should review the official CPE Guidelines for your specific certification.

A consistent CPE plan makes the process much easier and our suggestion is to try and earn one CPE per week. This approach is helpful as:

  1. You’ll miss a few weeks here and there.
  2. If your CPEs are audited and something rejected, you’ll still maintain your certification.
  3. CPE’s can rollover to count in additional credentialing periods.
  4. Much of the general CPE content is released serially, making it easy to keep up.

Security Podcasts

Podcasts fall under the “self-study” category of CPE requirements. One hour of study (listening to the podcast) is considered one CPE. We’d recommend keeping a document recording when you listened to each podcast episode, it’s length and potentially even a short (approx 25 word) summary. Like any form of media, the actual content of a podcast can vary from lightly entertaining to incredibly educational and sometimes both at the same time.

Our general recommendation is to take your continuing education seriously and seek out the podcasts that you find are best at expanding your knowledge.

The Inside Out Security Show
Discussion of the security topics of the day and how they fit into the larger IT ecosystem.

Brakeing Down Security
Talking about security, privacy, legal, and compliance topics

Data Driven Security
Discovery and decision making through data in information security.

Defensive Security
A cyber security podcast covering breaches and strategies for defense.

Developing Security Awareness

Digital Underground
Security threats, attacks, vulnerability research and trends with a variety of industry executives, researchers and experts.

Down the Security Rabbithole
A business perspective on the often insane world of information security.

Everything from network security, open source and forensics, to DIY modding and the homebrew scene.

Information Security from the group up

OWASP Podcast
Highlights from the Open Web Application Security Project community.

Risk Science Podcast
Experiments in Risk Science.
Experiments in Risk Science

The Business take on InfoSec.

Security Weekly
Latest information security news, research, hacker techniques, vulnerabilities, and technical how-tos

Southern Fried Security
An information security podcast that fills the gap between technical security podcasts and Security Now.

Standard Deviant
A security podcast for truth-seekers, mavericks and square pegs

Security Insider
Information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.

Security Now
Covers important issues of personal computer security

SANS Internet Storm Center Daily
A brief daily summary of what is important in cyber security.

Take 1 Security
Infosec news and analysis in just a few minutes, all in one take.

Trusted Sec
Keep up with interesting things we run into in the security industry – interview some awesome guests – and have fun with everything.

Virtualization Security Round Table
Discuss all things related to Virtualization, Virtual Environment, and Cloud Computing Security.

CERIAS Security Seminars

Seminars from one of the world’s leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.

Context Aware, Policy based approaches to Security
Focus on approaches to securing systems using approaches that have declarative policies that factor in dynamically evolving context
View Seminar

Resilient, privacy-preserving, revocable and user-centric authentication
Seminar on a new biometric authentication method – Biometric Capsule.
View Seminar

Robust Secure Computation
“Can secure computation be based on imperfect building blocks?”
View Seminar

Big Data Security and Privacy
An approach to performing computation tasks atop encrypted data.
View Seminar

A Secure Communication Protocol for Drones and Smart Objects
Proposal for a new secure communication protocl to enable secure communications for IOT and Drones in a resource constrained environment.
View Seminar

Applying Formal Verification Techniques for Checking Compliance of Computer Systems and Protocols
Demonstrative examples of using formal verification techniques for compliance checking in a variety of settings.
View Seminar

Virtual Android Malware Detection and Analysis (VAMDA)
Seminar of a new platform for analysis of mobile threats.
View Seminar

Practical Confidentiality Preserving Big Data Analysis in Untrusted Clouds
Discussion of Cryptsis, a system that allows execution of MapReduce-style data analysis jobs directly on encrypted data.
View Seminar

CERT Software Engineering Institute at Carnegie Mellon University

Presentations from the Carnegie Mellon University Computer Emergency Response Team.

Building Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations

Structuring the Chief Information Security Officer Organization

How Cyber Insurance Is Driving Risk and Technology Management

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework

Capturing the Expertise of Cybersecurity Incident Handlers


After reading a whitepaper, write a 25 word summary of the paper and upload it with the author details to the ISC2 website.

Ponemon Institute Study
Corporate Data: A Protected Asset or a Ticking Time Bomb?

Enterprise Search Report
Detecting Data Breaches in Real Time

User Behavior Analytics
Learn how to closely track user behavior and monitor how they are accessing unstructured file system data.

Online Videos

Online videos fulfill “self-study” requirements for earning CPEs.

6 Tactics for Preventing Insider Threats
Protecting against insider threats, whether malicious or accidental, is extremely difficult, especially when 71% of employees say that have access to information they aren’t supposed to see.

TechTalk: How to Detect and Clean Cryptolocker Infections
Learn what CryptoLocker does on your network and steps to limit the impact.


Self paced training courses count 1 to 1 hours to earned CPE.

Web Security Fundamentals
If you’re in any way responsible with information systems that touch the web, this course will give you an in-depth look at the top 5 risks you should be aware of and how to combat them.

Comprehensive Security Training for Developers

Sind Sie bereit, einen genaueren Blick auf Ihre Daten zu werfen?


Alle Varonis-Produkte können Sie kostenlos testen