I am pleased to announce that I have completed my CCP Certification!
I have spent the last two years as a Registered Practitioner (RP). When I originally chose the CMMC path I wanted to pursue – I immediately chose to follow the implementation/consultant role. I have spent the last 30+ years designing, implementing, testing, and assessing enterprise systems and Cybersecurity solutions for the DoD. I knew I wanted to use that experience to help my fellow Defense Contractors to prepare for their own CMMC assessments. So, logically, I chose the RP designation, right?? It was marketed by the CyberAB as the designation for consultants that were providing implementation services to the DIB. I figured that with my vast experience in Cybersecurity in the DoD, and my other Cyber Certs (CISSP and CASP+) that would be enough to show my experience and qualifications to potential clients and not need a formal CMMC certification. Unfortunately, the CyberAB did virtually nothing to market the RPs to industry…And worse, they made the designation so easy to obtain, that you really don’t need to know anything about CMMC to get it…and still be listed as a qualified resource on the official MarketPlace. The word in the market is that there have been a lot of “qualified” RPs providing consulting services to companies that turn out to be completely worthless solutions because they didn’t understand the specifics of CMMC. I am sure there a lot out there that do, heck I did. But it doesn’t take many negative examples for the whole barrel of RPs to get the stink. In the last few months, there has been an overwhelming feeling within the CMMC provider ecosystem that companies looking for assistance should only use Certified CMMC consultants – CCP and CCA, and avoid RP/RPA designations (which are NOT certifications). A friend of mine said something recently that I took to heart: “If you are going to be part of the ecosystem, put some skin in the game and get certified”. The certifications require in depth training, study and testing to obtain (not so for RP). I couldn’t agree with him more. So I did. And now I am a Certified CMMC Professional (CCP), and planning to continue on to get my Certified CMMC Assessor (CCA) certification. My clients deserve to have the best trained, most experienced, CMMC and Cybersecurity professionals, and I urge others to as well. RP RIP.
