RESOURCES

Podcasts (1 hour of podcast audio = 1 CPE) *list is not exhaustive*

When submitting, choose ‘CISSP – Multiple Domains (Group A)’ and ‘Self-Study, CBT, Webcasts, and Podcasts’

Brakeing Down Security Podcast – RSS: http://www.brakeingsecurity.com/rss (shameless plug, it’s my show, we try to teach concepts, not strictly ‘news of the week’)

Defensive Security Podcast (Andy and Jerry are friends and we’ve been on each other’s shows) https://defensivesecurity.org/ (they have an RSS too)

Risky Business – Patrick Grey has been doing this show over 8 years, first one I started listening to, great content, non-US perspective — http://risky.biz (RSS available)

Silver Bullet Podcast – Gary is a great interviewer, and a legend in the infosec industry. Lots of great interviews https://www.cigital.com/podcast/ (RSS available)

Southern Fried Security Podcast – Martin Fisher is a CISO of a major Healthcare org in Atlanta, and has a cadre of great people on the show, including Evette Johnson and Steve Ragan from CSOOnline magazine http://www.southernfriedsecurity.com/

StepToe Cyberlaw podcast – I just started listening to this one, to better understand privacy and security laws RSS: http://www.steptoe.com/feed-Cyberlaw.rss

Paul’s Security Weekly – Another long running show, many well-known veteran’s of the industry. Paul Asadoorian, Jack Daniel, Carlos Perez, Joff Thyer, John Strand. Some news, educational topics, mixed drink knowledge, etc http://securityweekly.com/

SANS ISC StormCast – keep informed with recent findings about malware, viruses, new CVEs and news with this excellent show. https://isc.sans.edu/podcast.html

Infosec Cons – list is not exhaustive

B-Sides (numerous worldwide) Usually 1-2 days events, good for 8-16 CPEs, tickets are fairly cheap, good networking events http://www.securitybsides.com/

DerbyCon – Louisville, KY – 4 day event, excellent talks, great networking event www.derbycon.com (2017 dates are currently slated as 21-25 September 2017)

ShmooCon – Just occurred (13-15 January 2017 in Washington, DC) the best of the ‘small’ events. Tickets sell out fast, but lobbyCon is excellent for networking and discussion www.shmoocon.com

There are ISC2 events as well: https://www.isc2.org/isc2-local-secure-events/default.aspx

ISSA does events – http://www.issa.org/events/event_list.asp

RSA is usually in February, more of an ‘industry’ event, meaning a huge vendor pit, but there are some excellent talks given, some with a vendor selling bent, but not overly awful… tickets and hotel location are a bit pricey (https://www.rsaconference.com/events/us17)

SANS has several events, in addition to their excellent (if somewhat expensive) training. List of training opportunities are here: https://www.sans.org/security-training/by-location/north-america

And of course, there’s Black Hat (http://www.blackhat.com/) and Defcon (https://www.defcon.org/)… a bit more expensive, but just a glut of infosec people, hacker villages dealing IoT hacking, CTFs abound, SocEng events

CanSecWest, Source, Infiltrate, local defcon Chapters, Austin Hackers Anonymous (AHA), Hack in the Box, local hacker/makerspaces, and loads of others… so get on Twitter or check /r/netsec for add’l information.

Videos

IronGeek’s site – Adrian Crenshaw started recording B-Sides events, and it grew from there. He has probably the largest number of speaker videos from nearly a hundred events over the years… again, 1 hour video = 1 CPE). You can find talks from many infosec cons that you may have missed, or were not able to attend… and all free…. a most excellent site. http://www.irongeek.com/

Free Training:

www.cybrary.it – Free infosec training, even a CISSP study course. Even have certificate courses if you need to keep skills sharp, pentesting, SocEng, etc… All good stuff. (Full Disclosure: they did sponsor a couple of my shows, and I supported the kickstarter that got them where they are today, and there is a BrakeSec Forum)

Feel free to add add’l items to this list… if it gets big enough, maybe it’ll get a sticky. Just trying to help people who might be struggling for CPEs. The other good thing about infosec cons is they often hold training before, during, and after the event. B-Sides events are good for that.

SOURCE: https://www.reddit.com/r/cissp/comments/5r3wkr/sticky_cpe_resources_for_maintaining_your_cissp/