The field of cybersecurity exists on a frontier in many ways. As a cybersecurity professional, you have to know how to work with the very latest in network technology. In addition, you’re on one side of a constant war–it’s you against cybercriminals, and as those cybercriminals grow and evolve their tactics, you need to stay one step ahead of them.
Therefore, the importance of keeping up-to-date on the latest developments in cyber technology is obvious. The organizations that issue cybersecurity-related certifications also know that it’s crucial to stay informed, and that’s why they usually require that you collect Continuing Education Units, or CEUs.
The concept of the CEU is neither trademarked nor specific to cybersecurity. Many professions that involve certification or licensing require them–from teaching to interior design to architecture to engineering.
So, what are CEUs, and how do they work?
The most general definition of a CEU is 10 hours of educational work beyond the completion of a course or the obtainment of a certification. In general, CEUs are obtainable through a variety of activities. Attending conferences, authoring papers, holding a job, and engaging in volunteer work are all valid ways to get your CEUs.
In practice, of course, each certifying organization has its own requirements and standards. Depending on the specific certification in question, the organization might refer to CEUs differently. For example, while CompTIA uses CEUs, ISACA and (ISC)2 use CPEs (Continuing Professional Units), and EC-Council uses ECEs (EC-Council Continuing Education). (Other organizations, like Cisco, simply require that you recertify at set intervals by retaking the certification test.)
In practice, all of these acronyms essentially mean the same thing. However, each organization has its own standards by which it evaluates what activities count towards recertification. In addition, different certifications will have their own requirements as far as how many CEUs you need to earn to recertify.
How do I get CEUs?
There are many different ways to get CEUs. We’ve compiled a list of some of the most common methods of earning you CEUs from various different certifying organizations.
Organizations will expect you to document all of these activities. Therefore, it’s highly important that, whenever you engage in an activity you think might earn you CEUs, you collect documentation proving both your participation and the activity’s relevance to the certification toward which you’re counting it.
- Earning other certifications: When you hold one or more certifications, earning another one will often net you a fair number of CEUs, especially if the new certification has relevance to those you already hold. The specific number will depend on both the certification you hold and the certification you’re obtaining. Your certifying organization likely has information on their website pertaining to this.
- Attending classes and training: From college courses to independent training courses to webinars to conferences, taking classes will net you CEUs as long as they’re closely related to the certification you hold. The number of CEUs you earn can be determined by the number of hours you spend on the course–often 1 CEU per hour, up to a specified maximum.
- Teaching: Teaching a class or training session will also earn you CEUs toward recertification as long as the majority of the material is relevant to the certification in question.
- Publishing: Authoring articles for publication is already a great way to get your name out there, build your reputation and prove your competence and knowledge to potential employers. But it can also earn you CEUs! In fact, even keeping a blog that’s related to subject areas in which you’re certified will contribute to your CEU count, as long as the posts adhere to certain requirements.
- Working: Even holding a job related to your certified area will add CEUs to your name, though typically not many–for example, CompTIA only allows you to collect up to three (3) work-related CEUs per year.
- Volunteering: Certain organizations allow volunteer work to count toward your CEU requirement. For example, ISACA gives CPE credit for volunteer work completed with ISACA or the volunteer organization One in Tech. The aim here is to encourage credential holders to engage with ISACA. Volunteering could involve outreach programs, mentoring, or other similar types of work.
- Contributing to the exam: ISACA also specifies that credential holders can earn CEUs by either submitting or reviewing exam questions for future exams.
- Contributing to the field: Some certifying organizations also leave a vague option to earn CEUs by “contributing to the field.” This may involve doing research, performing peer reviews, developing manuals, or more. Even my writing this article could earn me CEUs!
How many CEUs do I need?
Here, we’ve included a list of CEU requirements per organization and per certification, along with a short summary of how the organization goes about counting CEUs.
CompTIA
The easiest way to recertify with CompTIA is to bypass the CEU system entirely and take the relevant CompTIA CertMaster CE course (we know this is a mouthful!). This is a course that’s especially designed to make recertification quick and easy; essentially, it teaches you what’s changed since you last took the related certification exam.
Or, you can get a higher-level certification that covers material at least as advanced as the certification you’re renewing. You can do that with either a CompTIA certification or an approved non-CompTIA certification.
Otherwise, here is the breakdown for number of CEUs needed for each certification:
Data+: 20
A+: 20
Network+: 30
Security+: 50
Linux+: 50
Cloud+: 50
PenTest+: 60
CySA+: 60
CASP+: 75
ISACA
Compared to CompTIA, ISACA’s recertification requirements are a good deal stricter. There is no option to knock out the CEU requirement in one go; instead, you must accrue CPEs.
The requirements for all of ISACA’s certifications are the same: for each 3-year recertification period, you must accrue a minimum of 20 CPE hours per year, and a minimum of 120 CPE hours for the whole 3-year period.
In addition, three of ISACA’s certifications–CSX-P, ITCA, and CET–specify that a minimum of 10 of 20 CPE hours per year, and 30 CPE hours across the 3-year period, must take the form of “skills-based lab work or training.”
(ISC)2
(ISC)2 divides CPEs into two categories, rather plainly called “Group A” and “Group B.” Group A includes activities related specifically to the domain covered by the certification, and includes things like training, attending conferences, working on projects outside work, writing, and even reading. Group B, meanwhile, includes further educational activities outside of the certified field.
(ISC)2 specifies a required number of CPE hours per 3-year recertification period, but no annual number (though they do make suggestions within their CPE Handbook). These are the required numbers per 3 years:
CC: 45 hours, all Group A
CISSP: 120 hours, incl. at least 90 Group A
CSSLP, CCSP: 90 hours, incl. at least 60 Group A
CAP, HCISPP, SSCP: 60 hours, incl. at least 45 Group A
In addition, to recertify for a certain concentration within CISSP, at least 20 hours of those you earned for CISSP must be directly related to that concentration. If you hold multiple concentrations, then you must have 20 CPE hours related to each concentration.
EC-Council
EC-Council makes things simple for you: you must complete 120 ECE hours per 3-year recertification period. They only specify that those hours must be related to IT security.
EC-Council has its own schema for determining the number of ECE hours you can earn for any given activity. Authoring a book will earn you 100 credits, so better bust out the old typewriter!
What if I don't earn CEUs?
If you don't work to earn CEUs then you may be at risk of becoming out of compliance and lose your certification status. This means you will have to pay to re-test and earn the certification again. As an employer if your employees lose their certification status, you will want to check the requirements of any contracts that include the need for a certain number of certified professionals on staff. Luckily, with Cybrary the process to upskill and earn CEUs can be a "two birds with one stone" type initiative!
Conclusion
Getting certified in cybersecurity may seem like a one-and-done deal, but as a certified cybersecurity professional, you’re expected to maintain a level of continued self-education in order to stay qualified.
Cybrary has a number of options for getting your CEUs. For example, you can study for higher-level certifications with our free certification courses. Or, for a source of a few CEUs, you can check out our Threat Actor Campaigns or Common Vulnerabilities and Exposures Series, both of which are frequently updated to help you build your knowledge of the latest topics and issues within cybersecurity.
Any way you choose to get your CEUs, good luck out there, and stay on your toes!