OffSec CPE Program and Annual Maintenance Handbook

  • Updated
Follow

Introduction

OffSec is introducing a new Continuous Professional Education (CPE) program to support certifications that expire, like the OSCP+ (Offensive Security Certified Professional Plus), OSTH (Offensive Security Threat Hunter), OSIR (Offensive Security Incident Responder), OSCC (Offensive Security Certified Contributor), and more to come. This handbook outlines how certification holders can maintain their OffSec certifications that expire via CPE credits.

'The OffSec CPE program introduces the OffSec Annual Membership, designed for learners who have earned OffSec certifications. This membership allows you to earn CPEs while continuing to develop practical cybersecurity skills, helping you stay compliant and maintain your certification throughout your professional journey.

What is CPE?

Continuous Professional Education (CPE) is a method by which professionals maintain and improve their knowledge and skills after obtaining their initial certification. For OffSec certification holders, CPE credits represent ongoing education and professional development in the field of cybersecurity.

CPE credits can be earned through various activities, including completing OffSec courses, labs, and modules, as well as through external learning opportunities and contributions to the cybersecurity community.

Certification Renewal Process

OffSec certifications that have an expiration date are valid for three years from the date of issue. To maintain your certification beyond this period, you must complete one of the following renewal methods:

  1. Earn the required 120 CPE credits and pay the Annual Maintenance Fee (AMF)
    • Complete the required number of CPE credits during your three-year certification cycle
    • Pay the Annual Maintenance Fee (included in the OffSec Annual Membership) each year
  2. Retake the certification exam
    • Successfully pass the certification exam again
    • Pay the Annual Maintenance Fee (included in the OffSec Annual Membership)
  3. Take a higher-level qualifying exam
Certification Category Certification Qualifying Certification Exams
Attack OSCP+ OSWA, OSEP, OSWE, OSED, OSMR, OSEE
 
Defend OSIR OSTH, OSDA
Defend OSTH OSIR, OSDA
 
100 Level OSCC-SEC OSCC-SJD, OSCP, OSWA, OSWP, OSDA, OSTH, OSIR, OSEP, OSED, OSMR, OSWE, OSEE
100 Level OSCC-SJD OSCC-SEC, OSCP, OSWA, OSWP, OSDA, OSTH, OSIR, OSEP, OSED, OSMR, OSWE, OSEE

OffSec Annual Membership

The OffSec Annual Membership provides access to CPE-eligible content and covers the Annual Maintenance Fee (AMF) for your OffSec certifications.

✅ Benefits of Annual Membership

  • Certification Maintenance Fee Coverage
    With an active Annual Membership, you won’t need to pay separate maintenance fees to keep your OffSec certifications valid.
    This applies to all certifications you hold, as long as they are within the eligible maintenance period (first three years after passing).
    No additional steps or payments are needed—your membership takes care of it.
  • Access to CPE-mapped content
    You’ll gain access to a library of content that is mapped to Continuing Professional Education (CPE) credits—designed to help you meet requirements for maintaining your OffSec certifications.
    Each certification is supported with content targeting approximately 40 CPE credits.
    The materials are self-paced and aligned with industry standards for professional development.
    To access the CPE-mapped content:
    Go to the Explore page, use the CPE filter, and select the expiring certification you'd like to review. This will display all the content mapped to that certification.Filtering CPE mapped contents.gif
  • Maintain your certification with ease through the CPE dashboard—track your progress, manage CPE credits, and complete renewal requirements, all from one centralized platform.

Pricing and Availability

  • Price: $145 per year
  • Availability: Currently offered to existing individual learners, including those who have joined via an invite from their organization’s admin, as well as sub-admin users through the Buy More page on the OffSec Platform. This membership is not available to those with full admin permissions at this time.
  • Special discount: Learners who received their expiring certification before the release of the Annual Membership may be eligible for a discount ranging from 10% to 50% based on how far in advance they earned their certification. To confirm eligibility and receive your discount, please contact orders@offsec.com

Purchasing the Annual Membership

You can purchase the OffSec Annual Membership if any of the following apply to you:

  • ✅ You hold an active OffSec certification that will expire in the future

  • ✅ You have attempted any OffSec certification exam (whether you passed or not)

  • ✅ You have previously purchased or been assigned any of the following products:

    • Course & Certification Exam Bundle

    • Learn Fundamentals

    • Learn One

    • Learn Unlimited

    • Learn Enterprise

🚫 Not Eligible: Learners who have only accessed free content or PG Practice subscription are not eligible to purchase the membership at this time.

Membership Validity and Expiry

If You Have an Expiring Certification:

  • The membership follows your certification anniversary year, not the date of purchase.
  • It is valid for one full certification year and expires the day before your next certification year begins.
  • You can purchase the membership any time within the first three years after passing your certification exam.

Example:

If you earned your OSCP+ on April 15, 2025, here’s how it works:

  • Your 1st year runs from April 15, 2025 to April 14, 2026
  • Your 2nd year runs from April 15, 2026 to April 14, 2027
  • Your 3rd year runs from  April 15, 2027 to April 14, 2028

If you purchase the membership on April 30, 2025, it will remain valid until April 14, 2026.

To get the most value, we recommend purchasing the Annual Membership as soon as you pass an expiring certification. This ensures you're covered for the full certification year.

🔁 If you hold multiple expiring certifications:

Only one membership is needed–it will cover all your active certifications. The membership aligns with the anniversary date of your first expiring certification.

🟦 If You Don’t Have an Expiring Certification:

  • The membership is valid for one year from the date of purchase.

Example:

If you purchase the membership on April 30, 2025, it will be valid until April 29, 2026. This  applies if you:

  • Have attempted any OffSec certification exam, regardless of the result (pass or fail)
  • Have accessed through eligible training products, such as Learn One, Learn Unlimited, or the Course & Certification Exam Bundle, even if:
    • You do not yet hold a certification, or
    • You hold a certification that that is not subject to expiration 

CPE Credits

Continuous Professional Education credits represent your ongoing education and skill development in cybersecurity. These credits help ensure you maintain the knowledge and skills needed to keep your certification active.

How to Earn CPE Credits

There are two primary ways to earn CPE credits:

  1. OffSec Content
    • Complete CPE-eligible modules, labs, and courses on the OffSec platform
    • Credits are automatically tracked when you complete eligible content
  2. External Submissions
    • Submit evidence of cybersecurity education or contributions outside the OffSec platform
    • Eligible activities may include industry conferences, publishing research, community contributions, etc.

Note: CPE credits can only be earned for OffSec content or external activities completed after the date the certification was achieved. Training or activities completed before the certification date may not be redeemed.

CPE Requirements by Certification

Each certification has specific CPE requirements. The CPE program covers the following certifications:

  • OSCP+ (Offensive Security Certified Professional Plus)
  • OSTH (Offensive Security Threat Hunter)
  • OSIR (Offensive Security Incident Responder)
  • OffSec CyberCore Certifications
    • OSCC-SEC (OffSec CyberCore Security Essentials)
    • OSCC-SJD (OffSec CyberCore Java Developer)

Each certification requires approximately 40 CPE credits per year, for a total of 120 credits over the three-year certification period.

CPE Content Pool

The OffSec platform includes a single pool of CPE-eligible content that covers multiple certifications. Each piece of content is tagged with the certifications for which it can provide CPE credits.

For example, a module like "Starting and Developing a Career in Cybersecurity" might provide CPE credits for OSCP, OSTH, and OSIR certifications, but not for OSCC-SEC/OSCC-SJD.

The CPE Dashboard will help you track your progress toward meeting the CPE requirements for each of your certifications.

Category CPE Credits Awarded Annual Limit 3-Year Cycle Limit Requirements/Criteria
Courses and Seminars 40 CPEs 40 CPEs 120 CPEs OffSec Courses: 80% completion of lab exercises. External Courses: Proof/letter of completion
Public Speaking 4 CPEs per event 40 CPEs 40 CPEs Includes prep work and presentation time
Published White Papers 4 CPEs per paper 8 CPEs 24 CPEs Original content, professionally relevant; 750-1000 words minimum. Writing time: 2-4 hours, varies with topic complexity and expertise.
OffSec Lab Submissions 20 CPEs per accepted lab 40 CPEs 120 CPEs Proof of acceptance required
Attending Cybersecurity Webinars 1 CPE per hour 40 CPEs 120 CPEs Documentation of attendance required

Key points about CPE activities:

  • For courses, each hour generally earns 1 CPE; OffSec awards 40 CPEs for complete courses
  • Speaking engagements include both presentation time and preparation time
  • Writing activities must be original and professionally relevant; a well-researched blog post typically takes 2-4 hours
  • Lab submissions earn the same credits regardless of difficulty (monetary rewards may differ by difficulty)
  • All activities must be directly relevant to cybersecurity and your professional development

Submission Process:

  • Submit your CPE activities through the OffSec platform
  • Each submission must include appropriate documentation as proof
  • Submit credits at least once annually to maintain accurate records
  • Activities must be relevant to your certification domain

Non-compliance and Expiry:

  • Failure to earn/submit sufficient CPE credits by your renewal date will result in certification expiry
  • A 90-day grace period after expiration allows you to catch up on missed CPE credits
  • The Annual Maintenance Fee (via membership) must also be paid to maintain certification

External CPE Submissions

In addition to completing OffSec content, you can earn CPE credits by submitting evidence of external cybersecurity learning and contributions.

Submission Process

To submit external CPE activities:

  1. Navigate to the CPE Dashboard.
  2. Click on "Submit CPEs"
  3. Complete the submission form with:
    • Activity date
    • Activity type
    • Description
  4. Submit the form for review. After submission, you will receive an email confirmation from no-reply@offsec.com and a submission ID.
  5. Send the supporting documentation along with your name and submission ID to challenges@offsec.com

Only activities completed after you earned your expiring certification are eligible.

Activities completed before the certification date will not count.

Approval/Rejection Process

Student Mentors review all external CPE submissions and make decisions based on:

  1. Relevance to your certification domain
  2. Quality and depth of the learning experience
  3. Verification of completion
  4. Appropriate time/effort calculation

You will receive an email notification when your submission is approved (from no-reply@offsec.com) or rejected (from challenges@offsec.com).

Reconsideration Process

If your submission is rejected, you can request reconsideration by:

  1. Creating a new submission
  2. Including the same information as the original submission
  3. Adding a note in the description that it is for reconsideration
  4. Addressing the reason for the initial rejection

Annual Maintenance Fee (AMF)

The Annual Maintenance Fee (AMF) is a requirement for maintaining your OffSec certification and is included in the OffSec Annual Membership.

Payment Schedule

  • The AMF is due annually on the anniversary of your first expiring certification
  • A single AMF payment (through the Annual Membership) covers all your OffSec certifications
  • You are NOT required to pay the AMF every year to maintain your certification's active status
  • However, you will need to pay for all previous years when renewing your certification

Frequently Asked Questions

Where can I purchase the OffSec Annual Membership?

The membership is currently offered to existing individual learners through the Buy More page on the OffSec Platform.

Do I need to pay the Annual Maintenance Fee if I renew my certification by retaking the exam?

If you want to extend your existing certification, then yes, you need to pay the AMF regardless of whether you earn CPE credits or retake the exam.

If you're simply seeking a new 3-year certification (not extending the existing one), you can recertify by paying for and passing the recertification exam ($799) without paying the AMF. This will result in a new certification with a new 3-year validity period rather than extending your current certification.

Can I make consecutive purchases to cover multiple years at once?

Yes, consecutive purchases will give you coverage for upcoming years. If you are missing prior payments, consecutive purchases in the same year will cover previous years, not going forward.

What if I have multiple certifications with different anniversary dates?

You only need to pay one AMF per year, preferably on the anniversary of your first certification. This single payment covers all your certifications.

What happens if I don't purchase the AMF and my certificate expires?

You will have a 90-day grace period after expiration to pay the missed AMFs and complete your renewal requirements. After that, the certification becomes permanently expired.

How many CPE credits do I need to earn each year?

You need to earn approximately 40 CPE credits per year, for a total of 120 credits over the three-year certification period.

Is there a limit to how many external CPE submissions I can make?

No, there is no limit to the number of submissions you can make.

What email address should I use for CPE-related communications?

For questions or concerns about CPE submissions, use challenges@offsec.com.

What happens If I don’t submit the Annual Membership Fee before my certification expires?

Year 1 & Year 2: No Immediate Consequences

Your Certification Remains Valid – Not paying the fee in the first or second year will not revoke or deactivate your certification.

No Changes to the Certification status – You will still have full access to your certification status and resources.

Reminders, No Grace Period – You’ll receive payment reminders, but no penalties will be applied yet.

Year 3: Certification Expiration

🚨 Your Certification Will Expire – If you go three consecutive years without paying the fee, your certification officially expires at the end of Year 3.

🚨 Inactive Status – Your certification will be marked as expired/inactive, and you will no longer be recognized as "certified" in the system.

90-Day Grace Period After Expiration

You Have 90 Days to Reactivate – After expiration, you get a 90-day grace period to make the payment and restore your certification.

⚠️ During This Time: Your certification remains expired, but you can still pay the fee and meet renewal requirements to extend it.

What If You Don’t Pay Within the 90-Day Grace Period?

❌ Permanent Expiration – If the fee is not paid within 90 days, your certification will be permanently expired. Once expired, you’ll have the option to purchase the recertification exam and retake it to regain your certified status.

How to Reactivate During the Grace Period?

To restore your certification before the 90-day window closes, you must:

✔️ Pay the Annual Membership Fee for the missed years.

✔️ Meet additional renewal criteria, such as earning CPE credits, retaking an exam, or passing a higher-level exam.

You’ll receive multiple reminders – OffSec will notify you before and during the grace period so you have every opportunity to renew your certification before it’s lost permanently.

How does the Annual membership Fee work for multiple certifications?

If you hold multiple OffSec certifications, you only need to pay one Annual membership Fee each year.

Your Annual fee is due on the anniversary of your first certification, regardless of when you earned additional certifications. For example, if you earned your first OSCP+ certification on November 10, 2024, your annual fee will be due every year on November 10, even if you obtain more certifications later.

Paying the fee ensures all your OffSec certifications remain active and in good standing. Plus, it gives you access to valuable membership benefits, such as CPE-mapped content.

How long is the Annual Membership valid?

Expiration & Renewal

  • Membership aligns with the first expiring certification date.
  • Membership expires annually on the anniversary of the certification.
  • If purchased without an expiring certification, the Annual membership fee runs for one year from the purchased date.

NOTE: You are NOT required to pay the fee each year to maintain your certification’s active status, nor are you required to pay the fee at all on an annual basis.

But if you want to renew your certification, you will need to pick up missing payments.

What certificates does it cover?

The annual fee covers all active expiring certifications.

  • It applies to individual certifications like OSCP+, OSTH, OSIR, OSCC-SEC, OSJD-SJD
  • Once paid, the fee ensures that all of the individual’s certifications remain in good standing for the coming year.

Contact Support

If you have questions or need assistance with the CPE program or Annual Maintenance, please contact:

For more information, visit the Help Center and ensure you have whitelisted no-reply@offensive-security.com and challenges@offsec.com  in your email settings to receive all CPE-related communications.

Related articles

Powered by Zendesk