Thanks to the work of Didier Stevens, here is the official word on how the Security Catalyst (and other security podcasts) can help you meet your CPE requirements (he even wrote about it on his blog):

PS: You can also get CPE credits for writing an article that is published on the Security Catalyst website. If you’re interested, send me an email: se**************@gm***.com.

Here are the steps Didier follows:
I submit my podcasts CPEs under the ‘Self-Study, Computer-Based
Training [CBT] or Web Cast’ category.

(ISC)² didn’t tell me which category to use, here’s how I decided on
this category: look at this page (, and you’ll see that podcasts are put together with other online events like webinars
& webcasts.

I also do some administration for this: I keep a list of the podcasts I submit in a spreadsheet, I keep a copy of the mp3 files for auditing purposes.

Here is a copy of the official correspondence Didier got from ISC2 services:

This is the answer I got:
Yes, security podcasts are valid CPEs.

Thank you;
(ISC)² Services
P: 888.333.4458
F: 727.738.8522
Questions about CPE’s or AMF’s?  Visit the (ISC)² FAQ;

—–Original Message—–
Sent: Thursday, December 21, 2006 10:52 AM
To: ci********@is**.org
Subject: Does listening to Security Podcasts earn (ISC)² CPEs?


Podcasts are mentioned as CPE activities on the (ISC)² website:

Free/Economical CPEs
Searching for CPE Activities?
Participate in Webinars, Seminars, Pod Casts
Search the Internet for free Webinars, Pod Casts or seminars focusing
on security methodology, technology or practices offered by
hardware/software sellers and other vendors carrying security-related
products. IP Events ofer substantive, complimentary “virtual
conferences”, for example.

Can you clarify what is meant by a Podcast? I listen to several security related
Podcasts, a good example is Michael Santarcangelo’s Security Catalyst Podcast
( Michael is a CISSP, he produces a Podcast
about security. A Podcast is like a radio talk show: Michael talks about a
security subject, records this talk and makes the MP3 file available on his
website for free.

If listening to this kind of Podcast is considered as a CPE activity, then I
suppose I can submit 1 CPE per hour listened, but can you tell me if there is
there a limit to the CPEs I can submit?

Thanks for your help,


About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.