Last week I completed Cybersecurity Maturity Model Certification (CMMC) CMMC Certified Professional (CCP) Course of Study. What’s that might you say?

DCMA’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) and the DOD IG identified through assessments that the cybersecurity requirements of NIST SP 800-171 were not being performed by DOD contractors despite being a contract condition. This was going on for several years.

CMMC assessments allow the DOD to verify the implementation of requirements. Assessments are carried out by CMMC Certified Auditors (CCAs) and CCPs. I’m becoming a CCP followed by becoming a CCA. 

The first step was to complete the required training which I just did. Next will be to study my ass off and pass the CCP exam. I’ll then have to go through a background check and ultimately reaching certification.

My background in cybersecurity and GRC will come in good use here. Short term, I’ll still pursue my career in Project Management. Once I get certified I’ll see how both career paths look. Actually Project Management and CMMC auditing will complement each other nicely.

Going forward, I’ll add and refine this post to make it more informative to new readers, and I’ll blog my progress a couple times a week