This post was originally published here by (ISC)² Management.

It’s easy to feel stressed, or conversely feel stuck in a rut, when it comes to the topic of professional development. We all know “we should/must do it” but aren’t exactly sure on how to go about it. And compared to security domain specific knowledge, skills, and abilities (group A CPE credits for holders of (ISC)² credentials), it’s easy to delay thinking and planning your activities regarding those strange group B CPE credits. Here’s to changing that reality, and in the process your mindset about their place in your future.

Quick Review of Group B CPE Credits

The official (ISC)² CPE handbook refers to Group B activities as “Professional Development Knowledge Sharing.” It further clarifies that “Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the domains associated with the respective certifications.” And, in case you are thinking that your credential doesn’t require Group B CPE hours… while that might be technically correct, you would be doing yourself a disservice if you failed to develop that side of your professional self. Investing in your professional development is a must, now and for the rest of your life. And yes, that includes a lot of time and attention devoted to looking at things other than cybersecurity.

Being Uncomfortable is Key to Growth (seriously!)

A 2018 article by Harvard Business Review (HBR) made the point that traveling “to new places can boost your creativity” among many other benefits (problem solving). Another HBR article, from 2016, went a lot further, proclaiming that “if you’re not outside your comfort zone, you won’t learn anything.” But think about that for a second. That makes sense: we don’t grow (or don’t grow as much) by doing the same things over again. So, give yourself permission to feel uncomfortable, because that’s when growth happens!

If you’re interested in further developing your leadership skills, there are lots of books from executive coaches about stepping up your game and developing your own personal style of leadership. I was impressed with Leadership is Changing the Game by Brian Donovan, an Australia-based executive coach who’s worked in the technology area for decades and who is now spending more of his time helping those responsible for cybersecurity. What makes Brian’s book particularly valuable is that it’s written for technologists specifically — thus offering a unique angle. Ultimately find one that speaks to you and what you’re looking for.

Exploring Your Group B Options

In terms of possible Group B topics, we all know the sky’s the limit, and that’s part of the problem: what should I focus on? LinkedIn’s 2017 Jobs Report identified the most in-demand soft skills:

  • Adaptability
  • Culture Fit
  • Collaboration
  • Leadership
  • Growth Potential
  • Prioritization

Of course, the soft skills also vary by area, and LinkedIn’s report also provided soft skills for several emerging areas (such as big data developer, data scientist, etc.). A more recent LinkedIn report identified the top five soft skills as:

  • Creativity
  • Persuasion
  • Collaboration
  • Adaptability
  • Time Management

The same report also provides a list of in-demand hard skills, many of which have a connection to cybersecurity (e.g. analytical reasoning, business analysis, corporate communications). Or perhaps you’d like to get ready to change jobs or employers, so you might be more interested in interview questions that speak to your leadership potential.

The list of activities below isn’t meant to be an exhaustive list by any means. Instead, it’s about encouraging you to look at things in a new light, in an “I can do this” mindset. Note: depending on the topic chosen for each of these activities, they could also cover Group A credits (e.g. presenting at a conference on a security topic).


As security professionals, we are well accustomed to learning, as ours is a profession that requires continuous learning. But what have you learned in the past 2-3 years that wasn’t connected to the technical side of security? What about that human psychology course you had wanted to take in your younger days? What about that intro to digital marketing? Or perhaps you had earmarked a business class (leadership, management, negotiation skills) or a finance/economics course? What about that special workshop on how to write better emails, or the one that promised to expand your creative side with design thinking?

If you already have your fill of Group B credits, (ISC)² new Professional Development Institute (PDI) makes it a breeze for you to sign up for FREE professional development content from the comfort of home. Current topic offerings include GDPR, DevSecOps, and security culture.

Whether your learning plans are security focused or not, remember that showing up is usually the hardest part of starting something. Make a personal commitment to sign up for something new.


If you think for a second that you know it all, I have a challenge for you: teach it to someone else. Much like putting your software or network defenses to the test, teaching will reveal the cracks in both your plan and your implementation. Teaching a topic — especially one you know like the back of your hand — will force you to think about what your audience needs to know, how you’ve organized the topics (some call it content scaffolding), and will have you reflect on how to best reinforce the learning by doing (e.g. what kind of activity can you have students do to help them understand the concept of CIDR?).

Teaching has another benefit in that you can often see the change in your students, in a matter of days or weeks. You’re making a difference, you’re changing lives, you’re helping others grow — and in the process you are also growing yourself.  


For many of us, speaking isn’t quite something that we would say comes naturally. Then again, how are we supposed to get better at it if we don’t practice, practice, practice? How do you run a Marathon? You train, regularly, starting with that short run — however you might personally define a “short run.” So it is with public speaking; most of us aren’t quite ready to deliver a TED talk, but it doesn’t mean that we should continue to shy away from the podium.

There are many options once you’ve consciously decided to take that first step. Obviously, speaking at security conferences would be a good way to confirm that you’ve reached a certain level of public speaking. Another benefit of getting to that level is the access to the amazing conversations that happen with fellow speakers. If getting there feels like too big of a stretch for now, look for opportunities to speak up at work, perhaps during a lunch-and-learn event or a show-and-tell demonstration of your tech skills. Then consider other speaking opportunities within your professional network, such a nearby Toastmasters chapter, and of course, your local (ISC)² chapter.

Writing & the Importance of Finding Your Groove

If you had told me a decade ago that I would be writing for work and for fun, I would have asked you to stop joking. I was in a rut, in large part because I had not realized that writing could be fun, that I had something to share that others would want to read. And then something clicked, in large part due to a shift in mindset, that I didn’t have to follow the rather narrow path of traditional academic writing — do you remember those fun academic papers you had to read, or write? From that point on, the writing flowed… to the tune of having, in just four years, co-authored two books (both available for free, Take Back Control of Your Cybersecurity Nowand The #CyberAvengers Playbook), written over 100 articles for IBM’s SecurityIntelligence blog, and many other articles that would take too long to list here.

If you have expertise and are looking to write, reach out to a coworker, a friend, or even an old teacher, and start by getting their feedback about your ideas. What range of topics will you write about? What tone will your writing have (e.g. perhaps something lighter, more tongue-in-cheek)? Who will you be writing for, what audience? Then figure out what medium you should use. Writing is much like exercise… the more you do it, the better you get and the more naturally it will flow. The best part of writing is that it can be something you do for yourself, for a small circle of friends and fellow professionals, or the world at large.

Get Started Today on Your Group B Journey

Investing in Group B activities can have life-changing results, impacting both your own trajectory and that of others. Have patience and believe in yourself, believe in your ability to learn, to grow, to share, and to help others. Remember to look for a balance of learning AND doing, as the doing reinforces the learning.

Where should you start if you’re ready to start doing? Start with an honest assessment of your strengths and the areas that resonate strongly with you because you have a passion to be teaching, speaking, or writing about those areas. Ask a spouse, a trusted friend, a mentor, but avoid relying solely on co-workers for feedback — as that audience tends to have a viewpoint that’s going to be too similar to yours. Then take a free personality assessment to figure out your unique way of looking at the world, or for a small fee consider taking a test to figure out your particular strengths and focus on those. Make a list of topics that you’d like to teach, present, write, or simply learn about, then further refine that with some action steps or deadlines.

No matter what activity you’ve chosen, remember to take that step forward, the one leading you on your journey of professional development. Looking back, you’ll be glad you did.

As the (ISC)² CPE Handbook puts it, “You are part of an elite, global network of certified cyber, information, software and infrastructure security professionals who are making a difference, advancing the security profession and inspiring a safe and secure cyber world.” So, let’s start growing and sharing, one Group B activity at a time.



No posts to display