The majority of my CPEs has come from studying for other certifications. I all ready made all my CPEs for my recertification in a year, but they have the silly requirement of a minimum of 20 credits a year. My CPEs have mainly come from studying for other certifications, CEH, GCIH, and now GCIA. Unfortunately, my GCIA training is in December, so it does not count next year, but any reading or other prep I do will count. I also attend local security groups (ISSA and IfraGard), listen to the odd podcast here and there, and attend conferences. I am also lucky, my mentor at work hosts a lunch and learn security forum twice a week.
You can also pick-up a few easy CPEs by subscribing to magazines like Information Week, or reading the ISC2 magazine and taking their test.. (or something like that).
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP