Earning CPEs is pretty straightforward, though it can be harder to do during the work day, depending on how demanding your job duties are and how much time you are allotted for training. There are, however, tons of ways to get CPEs, so don't let it stress you out. Contact (ISC)2 for the full list, but some of them are:
So as you can see, there really are plenty of options, especially since training, vendor presentations and security groups/conferences count as one CPE per hour of attendance. Since you need to average 40 CPEs a year, try to set aside an hour a week for a webcast or a vendor presentation; that's all it takes.
Alternately, attending RSA or Black Hat/Defcon will also net you the necessary CPEs. If travel is not an option, the monthly ISSA chapter meetings are another option; they tend to last 3-4 hours.
The hardest part may well be remembering to record the CPEs so you get credit for them. When I was working for a Fortune 1000 company, I was averaging well over 40 claimable CPEs per month without counting special conferences or ISSA chapter meetings.
For more information:
This was first published in January 2009