Maintaining Various Certifications (CE's + Fees)

Hello TE,

The purpose of this thread is to have a discussion about maintaining various certifications such as CE's and yearly membership fees. I have been so focused on what cert to get next... that I completely forgot about the long-term "consequences" of maintaining these certifications in terms of TIME to obtain CE's and MONEY for yearly membership fees.

My Security+ almost expired in June 2015 but luckily I was able to fulfill the CE's by binging FedVTE (US Government Online Training Program) courses 2 weeks before expiration date. I don't ever want to be in a position like this ever again where I am doing CE's on the last second. Then I passed the CEH in September 2015 and once endorsement is approved I should also have the CISSP in July 2016.

I was thinking to tackle the CISM in September 2016 and then CCSP for Q1 2017. However, now I am debating to spread them out to next year to make it easier to balance CE's for the future? I will be only busier with life in the next coming years with most likely my own family by then, numerous hobbies (YOLO right?) a non-profit I plan to start and some other possible business ventures.

I would love to hear your input, tips, advice, experiences with maintaining multiple certifications. How should one optimize/spread out various certifications? Correct me if I'm wrong, but it appears like a trap by getting too many certs in a short period of time, in terms of quality of life for spare time spent maintaining numerous certifications. Don't get me wrong, I am a HUGE on learning/growing... I have read 17+ books for 2016 so far but maintenance of these certs seems like it will be almost like a side job in itself.

Appreciate any feedback!

Edit:

I am currently planning a 6 month visionary map and the following letters would indeed look sexy next to my name: CISSP, CISM, CCSP, CEH, Security+, ITIL-F... this would bring more ladies in my bed right?

Find more posts tagged with

Comments

ZzBloopzZ

Reserved, I may use this post for the future on yearly CE hours needed and membership fees totals with various cert combos.

Danielm7

For the CISSP there are a lot of things that qualify for CEUs, even security podcasts. In less than half a year I'm already almost covered just doing things I already did and recording it. I'm probably extra **** about recording things because it's more recent though, one of my coworkers has to scramble and cram to cover his each year but I know he does lots of things that should qualify.

ITSpectre

What I was told by someone that had multiple certs is lets say you have Sec+... So you can either A. Complete the CEUs to renew within the 3 year time frame and pay the 149.00 fee. Or B. Pay the fee to renew but then take a higher level cert during the last year your Sec+ is valid. For example if your cert expires in July of 2017 (like mine does).... the best time to take a new cert is next year.... but study for that cert before then. IMO I feel that is the best way to do it instead of hoarding up on certs one after the other. Also make a note of things you do at work... like any training or such because depending on the training it may qualify for CE credits. It does not take that long to get the CE credits anyway, 3 years is plenty of time.

ITSpectre

ZzBloopzZ wrote: »

I am currently planning a 6 month visionary map and the following letters would indeed look sexy next to my name: CISSP, CISM, CCSP, CEH, Security+, ITIL-F... this would bring more ladies in my bed right?

Well you know what they say.... Women love smart men. If you get those certs the women will be running to get with you

TheFORCE

More certificates, better certificates and hard certificates should correspond to more Dollars and better jobs, so the point about the fess should not be taken like a deal breaker. As an example, someone that was making 50k 2 years ago and now they have a CISSP and they make 70k shouldnt go crazy about the $85 a year to maintain the CISSP since the CISSP helped them get a 20k increase a year from the last position. That is a huge increase!

ISC2 and ISACA are pretty good with their CPE's they give you access to monthly newsletters and you take a few queizes to get CPE's. Also, webcasts and podcasts and vendor webex's help a lot. One of my vendors has monthly 1 hour webex's that count for 1 CPE. Not to mention that everytime you study for a certificate you can use the time you study towards your CPE's. Last year, i accumulated 120CPE's! That's the equivalent of 3 years of CPE's and i only needed 40. The tough part is to set aside the time to do all that, but like i mentioned if you spread it out in various activities, you wont even notice it.

ITSpectre

TheFORCE wrote: »

Not to mention that everytime you study for a certificate you can use the time you study towards your CPE's.

How do you document that???? So with my Sec+ im studying for RHCSA. Will my study time go towards my CE credits?

OctalDump

The only one I can speak to at the moment is CompTIA. The sensible thing with CompTIA is to just renew with higher level CompTIA certifications. One you have CASP, then CE is the better option - particularly if you pursue other vendors certifications. The AMF is not too bad. Possibly, you will get to a point where keeping CASP/Sec+ is not worth the AMF fee (although at that point you are hopefully earning so much that you won't be too worried about $50).

I'm not sure about EC-Council. I've heard noises about an AMF, but they've not asked me for money yet. I don't know how much it is. Possibly can make the CE requirements through other certifications (not much info on what ones they accept), if not then...

(ISC)2 is pretty good for maintaining certifications, from what I've heard. If you are working in the industry, it probably won't be too hard. 40 CPE per year, 120 over the 3 year cycle. $85/year. What is allowed is fairly broad. At least 80 hours of CPE must be related directly to the domains, but 40 CPE can be broader, general professional development (eg management courses, project management, other non-infosec technical skills, etc). The idea is that one CPE is one hour of activity, but there are variations.

ISACA is not too bad for AMF. The CE is probably reasonably easy to get if you are working in the area - or even if you are just enthusiastic. It's very broad in what is allowed. It's 120 hours over three years, with at least 20 hours per year. If you have a nice senior position, it shouldn't be too hard to get sent on a 3-5 day seminar every year. Or all those white papers you have to read, or nice fat new security book, or the 'mentoring' of juniors...

There does seem to be a lot of overlap between the ISACA and (ISC)2 requirements, so that you might be able to do the same 120hours for both.

OctalDump

ITSpectre wrote: »

How do you document that???? So with my Sec+ im studying for RHCSA. Will my study time go towards my CE credits?

Sort of. (ISC)2 and ISACA are different to CompTIA. But CompTIA does allow you to get credit for "Training Courses" or College Courses. Self Study doesn't seem to cut it for CompTIA. You can get some credit for "work experience", but not a lot.

RHCSA will give you 38 of the 50 credits required for renewing your Sec+. That just leaves 12 credits to get, which you could do through activities, or just get another certification within the three years (Cloud+ for 13 CEU, or CCNA R+S for 15, MCSA Win 10 for 8 etc).

Or if you do a higher level exam (CASP, in this case), you don't have to pay the annual maintenance fees at all. The lower level certifications will be renewed automatically when you pass the higher level one.

And there's always the option to just sit the exam again.

636-555-3226

I get new certificatons every year and use the training/exam pass to count for continuing education for my existing certs. that way i don't need to bother with the nickel and dime newsletters, podcasts, magazine readings, etc. for most orgs 1 new cert = 1 year of CEs

wd40

I used CISA and eJPT to fulfill the 50 Hours Security+ requirement.

This year I was sent to ITIL Training which was good for 20 ISACA Hours and I am attending ISACA's seminars on Brighttalk.com , each is good for 1 CPE Hour (you must be an active ISACA member to get the CPE Quiz).

As for timing, ISACA uses calendar years and not based on when you got certified, so that you know you must complete the CPE's by end of the year.

I am logging CPE hours as soon as I get them on isaca's portal to better track my progress.

ZzBloopzZ

Thanks for the responses. Looks like it's not as bad to maintain CompTIA, ISC2 and ISACA certs. How about when you throw OSCP in to the mix?

TheFORCE

ZzBloopzZ wrote: »

Thanks for the responses. Looks like it's not as bad to maintain CompTIA, ISC2 and ISACA certs. How about when you throw OSCP in to the mix?

I don't believe OSCP has maintenance fees and credit requirements. I beleive its a life certifications with no expiration.