Philadelphia, United States / Pennsylvania, April 14th, 2026, CyberNewswire
GIAC and ISC2 now recognize active participation in SRA Purple Team exercises as an eligible Continuing Professional Education (CPE) activity. Teams can earn CPE credits while strengthening organizational detection and response capabilities!
How?
Some CPE activities are pretty passive – webinars, conferences and online courses can check a box. An SRA Purple Team exercise is different. Analysts, engineers, incident responders and CISOs work together to test real, prioritized MITRE ATT&CK TTPs. Participants don’t watch demos, they execute and observe safe, live attacks and evaluate the effectiveness of their tools and processes.
With an SRA Purple Team, teams walk away with:
- Direct experiences with prioritized MITRE ATT&CK-mapped techniques relevant to the current threat landscape
- An understanding of the detection strengths and gaps in your tools and processes
- Documented, structured results in VECTR that can be referenced and built upon
- Credits toward GIAC and ISC2 certification maintenance
The Numbers
SRA’s standard purple team engagements involve approximately 15 hours of execution time during the testing window, which converts up to 15 CPE credits per participant. For anyone holding GIAC certifications (GPEN, GCIH, GCFA, etc.) or ISC2 credentials (CISSP, SSCP, CCSP, etc.), that is a significant contribution toward their renewal without any additional time or financial investments.
Documentation and Submissions
Starting in April 2026, SRA will provide a certificate to each active participant* that includes:
- Participant name
- Activity name
- Engagement dates
- Hours of participation
- A short justification summary
From there, the submission process follows each organization’s standard CPE reporting workflow for GIAC or ISC2.
For GIAC:
For ISC2:
- The activity is categorized as Group A credits within the Education category, under “Courses and Seminars – Other”. Members can claim 1 CPE per 1 hour of active learning directly relevant to the domains of their certification with a maximum of 40 CPE credits per CPE entry. CPEs can be claimed in increments of 0.25, 0.5, 0.75 as well.
- For more information, users can visit https://www.isc2.org/members/cpe-opportunities
SRA Contact Information
Current SRA clients can reach out to their SRA contact directly to discuss CPE documentation.
For those evaluating purple team services or seeking to understand what a purple team program would look like for an organization, SRA can provide a walkthrough of the approach, tooling, and potential benefits.
Note: Participants are required to attend at least 80% of the purple team sessions. Attendance will be monitored throughout the week through periodic spot checks.
About Security Risk Advisors
Security Risk Advisors is a leading cybersecurity consulting firm specializing in innovative solutions to strengthen organizations’ security posture. With expertise in Purple Team exercises, threat resilience, and detection engineering, SRA empowers teams to stay ahead of evolving cyber threats.
Contact
Marketing Manager
Douglas Webster
Security Risk Advisors
info@sra.io
