When I was off work earlier this year due to DOGE contract reductions, I searched for W2 work as many like me do/did. I also sought new opportunities, figuring now might be a good time to pivot to something new, or more in demand compared to project management.
Cybersecurity Maturity Model Certification (CMMC) has been in the news and on LinkedIn the last six months, and several prior coworkers were entering the new sector. I did some research and realized it would be a great fit as I already had Governance, Risk, and Compliance (GRC) experience (NIST SP800-53/RMF/CSF).
The issue with CMMC is it’s in between getting a degree and earning a professional certification – meaning, one must devote some time, effort, and money to earn the cert. For one, there’s actually two certs in the CMMC path to really make it in the field as an assessor. The Certified CMMC Professional (CCP) and then the Certified CMMC Assessor (CCA). Both require mandatory training courses, both require passing a difficult exam, and both require going through a background check. If you have a security clearance, the background check goes faster. One note, one must pass the CCP before going on to the CCA.
You are marketable after taking the CCP, but only slightly as to compared to the CCA. I decided to at least pursue the CCP figuring I’d rather regret taking the course and exam than to later realize I should have.
Well, as of today, I’m a certified CCP, and planning on taking the CCA exam in the next 3 weeks. In a perfect world, I may be a certified CCA by December. I already took the class.
About two months ago, the Department of Defense (DoD) formally enacted CMMC to be included in all DoD contracts involving CUI beginning November 10th (phased roll in). The opportunities for capitalizing on my certification is definitely looking good.
I’m extremely glad I took that chance and going forward. Whether I use the CMMC certification is unknown, but the training and studying will definitely help me going forward in my recent new role as an IT Systems Auditor as the subject matter ultimately comes from the same source (NIST SP 800-53) and other publications.
-Doug