The end of the year is many things to many people, for those of us in the information technology field, it often signals the end of the continuing education requirements reporting cycle for high value certifications like the CISSP from (ISC)2 (International Information Systems Security Certification Consortium, pronounced ISC-Squared), the CISA (Certified Information System Auditor) and CISM (Certified Information Systems Manager) from ISACA (Information Systems Audit and Control Association) and the PMP (Project Management Professional) from the PMI (Project Management Institute.) To maintain these certifications, you need to get a certain number of related continuing education hours each year as part of a multi-year total. For instance, for the CISSP you need to get at least 20 hours per year and a total of 120 hours per 3 year cycle. Most of these hours (80) need to be specifically on computer security topics, but some (40 hours) can be what they call Type B credits, which are areas of use to any professional. The purpose of this is to ensure that people are continuing to keep up and build their education in the area of there certifications. There are a number of ways to accumulate credits, both free and for pay. My biggest problem is finding things that fit in with my work schedule.
In the last week of 2008, I found myself in a bind, I had drastically miscalculated how many hours I needed to complete that year and had essentially one day of available time in which to achieve 11 hours of continuing education. (I'd been counting against the (ISC)2 requirements, which are more inclusive than ISACA's, but I have certifications from both.) I also wanted to do it honestly, that is, I wanted to make sure I actually learned something, not just get hours to report. In the process, I revisited an old favorite for achieving continuing education hours and found a new one. The combination of the two made it easy, affordable, and educational for me to earn quick continuing education credits. First, the SANS Institute offers regular free webinars on computer security topics. Some of these are vendor sponsored webcasts about specific products but most of them count as general, non-vendor specific webinars. Not only do they offer webinars on a regular schedule, they also provide access to archived webinars, allowing you to study at any time. As an added bonus they keep track of your CEU's for you. While I have been known to meet all of my annual continuing education needs with SANS webinars, I knew that after an hour or two of webinars I would be likely to start dozing off and so I needed something more interactive. After searching, I found Gleim Publications. Gleim offers continuing education courses aimed at accountants and auditors, however many of their auditing courses apply equally well to information systems auditors. They also have a few specific information systems courses, and a number of business related courses that apply towards (ISC)2's Group B requirements. Gleim also provides CEU reporting to ISACA for you (although you still need to report them yourself, this means you won't have to show proof of completion if you are audited later.) Gleim's course consist of a pre-test, a 'knowledge transfer outline' or written course material, a post-test for your use and a final test for credit. Each test is 20 questions, and if you fail the final you can go back and retake the course. Each course provides 4 continuing education hours. Gleim does charge for their courses, but depending on how many courses you purchase at a time run as low as $6 per CEU. You can sign up for courses for a full year, and then have another year to actually take the courses, so if you plan your purchase and schedule correctly, you can get purchase 3 years worth of education requirements at one time. Like the SANS webinars, I found these courses well written and extremely educational. They are now a regular part of my continuing education planning.
Whether your time crunch is fitting education into your work schedule or , like me, getting it done by the deadline – or even if you don't have one, I highly recommend this combination of SANS webinars and Gleim courses to meet your continuing education needs for IT certification. And remember, different organizations and certificates have different requirements, so be sure to check your exact requirements before starting on a continuing education plan.
The SANS Institute
Gleim Continuing Professional Education
Disclosure: I have worked for the SANS Institute in the past, however my primary relationship with them is happy customer. My only relationship with Gleim is that I purchase continuing education products from them.