🎯Security Risk Advisors now allows cybersecurity workers to earn credits for participating in hands-on training sessions, which helps them keep their certifications up to date while learning how to fight cyber threats effectively.
What Happened
Security Risk Advisors (SRA) has announced that their Purple Team exercises are now eligible for Continuing Professional Education (CPE) credits, recognized by both GIAC and ISC2. This initiative aims to enhance the skills of cybersecurity professionals while allowing them to maintain their certifications effectively.
The Flaw
Unlike traditional CPE activities that often involve passive learning, SRA's Purple Team exercises engage participants in active scenarios where they test real, prioritized MITRE ATT&CK tactics, techniques, and procedures (TTPs). This hands-on approach not only enriches learning but also strengthens organizational detection and response capabilities.
What's at Risk
As cyber threats evolve, organizations face increasing pressure to improve their security posture. The lack of practical experience in dealing with these threats can leave teams vulnerable. By participating in SRA's Purple Team exercises, cybersecurity professionals can gain direct experience with techniques relevant to the current threat landscape, thereby mitigating potential risks to their organizations.
Patch Status
Participants in the Purple Team exercises can earn up to 15 CPE credits, which is significant for those holding GIAC certifications (like GPEN, GCIH, GCFA) or ISC2 credentials (such as CISSP, SSCP, CCSP). This contribution towards certification renewal requires no additional time or financial investment beyond the exercise itself.
Immediate Actions
Starting April 2026, SRA will issue certificates to participants that include essential details such as name, activity, engagement dates, and hours of participation. This documentation will facilitate the submission process for CPE reporting to GIAC or ISC2, ensuring that participants can efficiently claim their credits.
Additional Insights
SRA’s Purple Team engagements typically involve around 15 hours of execution time, which is structured to maximize learning outcomes. The exercises are designed to not only test tools and processes but also to identify detection strengths and gaps within an organization’s cybersecurity framework. Furthermore, attendance is monitored, requiring participants to attend at least 80% of the sessions to qualify for credits.
Conclusion
The recognition of SRA's Purple Team exercises for CPE credits marks a significant step in bridging the gap between theoretical knowledge and practical application in cybersecurity. As organizations strive to enhance their defenses against evolving threats, these exercises provide invaluable experience and certification maintenance for cybersecurity professionals.
This initiative not only helps professionals maintain their certifications but also ensures they are better prepared to handle real-world cyber threats through practical experience.
