Philadelphia, United States / Pennsylvania, April 14th, 2026, CyberNewswire
In an exciting development for cybersecurity professionals, the Global Information Assurance Certification (GIAC) and ISC2 have officially recognized active participation in SRA Purple Team exercises as a legitimate activity for Continuing Professional Education (CPE) credits. This initiative aims to enhance the capabilities of organizations in detecting and responding to potential cybersecurity threats. By engaging in these exercises, teams can earn valuable CPE credits while simultaneously fortifying their defenses against evolving cyber threats.
Unique Approach to CPE Activities
The standard CPE activities often encompass passive methods such as webinars, conferences, and online courses, which typically involve little more than checking a box on a professional development list. The SRA Purple Team exercises, however, set themselves apart through an interactive approach. Analysts, engineers, incident responders, and Chief Information Security Officers (CISOs) work collaboratively to test real-world, prioritized techniques based on the MITRE ATT&CK framework. Instead of passively observing demonstrations, participants engage in executing safe, live attacks, critically assessing the efficacy of the tools and processes at their disposal.
Benefits of Participation
Teams that participate in SRA Purple Team exercises gain invaluable insights and experience. The key takeaways include:
-
Hands-on Experience: Participants engage directly with techniques mapped to the MITRE ATT&CK framework, making the training relevant to current threats.
-
Gap Analysis: Organizations gain a comprehensive understanding of their detection strengths and weaknesses, providing a clearer picture of areas needing improvement.
-
Structured Results: Documented outcomes in VECTR (Vulnerability Evaluation and Cyber Threat Reporting) facilitate ongoing reference and refinement of strategies.
- CPE Credits: Participants receive credits toward maintaining their GIAC and ISC2 certifications, making this exercise a dual benefit in both learning and professional validation.
The Numbers Game
SRA’s standard Purple Team engagements typically involve around 15 hours of execution time during the testing phase. This comprehensive effort allows each participant to earn up to 15 CPE credits. For professionals holding GIAC certifications—such as GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), and GIAC Certified Forensic Analyst (GCFA)—or ISC2 credentials like the Certified Information Systems Security Professional (CISSP), System Security Certified Practitioner (SSCP), or Cloud Control Security Professional (CCSP), these credits serve as a significant contribution toward their certification renewal without requiring additional time or financial commitments.
Documentation and Submission Process
Commencing in April 2026, SRA will issue a certificate to each active participant detailing essential information, which includes:
- Participant Name
- Activity Name
- Engagement Dates
- Hours of Participation
- A Short Justification Summary
This streamlined documentation facilitates an easy submission process through the standard CPE reporting workflow for both GIAC and ISC2.
For GIAC certification holders, CPE activities from Purple Team exercises are documented through standard reporting channels, while ISC2 members categorize these credits under Group A, ensuring they are counted as active learning experiences relevant to their certified domains. Each participant can claim one CPE credit for every hour of active engagement, with a cap of 40 credits per entry, allowing for incremental claim submissions in quarter-hour increments.
Additional Information and Support
SRA encourages current clients to reach out directly to their SRA contacts for further discussion regarding CPE documentation, ensuring that all members are adequately informed about the available resources. For organizations that are considering Purple Team services or wish to understand what an effective Purple Team program entails, SRA is ready to provide comprehensive walkthroughs of the processes, tools, and benefits involved.
It is important to note that participation requires attendees to be present for at least 80% of the sessions. SRA monitors attendance through periodic checks, confirming that each participant is fully engaged in the training.
About Security Risk Advisors
Security Risk Advisors has established itself as a premier cybersecurity consulting firm, specializing in innovative strategies tailored to enhance the security posture of organizations. With its rich expertise in Purple Team exercises, threat resilience, and detection engineering, SRA is committed to equipping teams with the knowledge and tools necessary to stay ahead of ever-evolving cyber threats.
Contact Information
For additional inquiries, Douglas Webster, the Marketing Manager at Security Risk Advisors, can be reached directly via email at [email protected].
This recognition by industry leaders, GIAC and ISC2, marks a significant step towards integrating practical experience into ongoing professional development for cybersecurity practitioners. Through active participation in SRA Purple Team exercises, professionals not only fulfill their CPE requirements but also enhance their readiness for the complex challenge of modern cyber threats.