I'm a cybersecurity professional with about seven years in the UK government sector and I'm preparing for the CCP (Certified Cyber Professional) under NCSC. I already hold the CISSP and I'm trying to calibrate expectations — is the CCP harder, easier, or just different?
From what I understand the CCP is more UK-specific, covering things like HMG security policy framework, Cyber Essentials, and the NCSC guidance specifically, which isn't content the CISSP touches. The application pathway also seems much more assessment-based rather than just a multiple-choice exam, which is a different kind of challenge — you're demonstrating competence rather than just proving knowledge recall.
I'm currently in the practitioner tier and looking to move to senior practitioner. The evidence portfolio requirement is the part I'm most uncertain about. My employer supports the certification but I don't have a clear picture of what 'sufficient evidence' actually looks like for a successful submission at senior level.
Anyone who's gone through the senior practitioner assessment — how specific does the evidence need to be? I'm wondering if high-level project descriptions are acceptable or if they want detailed technical artifacts with measurable outcomes.
For senior practitioner, vague project descriptions don't pass. You need specifics — what the risk was, what you decided, what the outcome was, and what your personal role was versus the team. Quantify where possible: risk reduction, scope, timelines, approvals you gave. Treat it like a detailed case study, not a CV bullet.
The HMG policy framework content is genuinely unique to this credential. If you've worked in UK government you probably already live it, but it's worth explicitly mapping your experience to the framework tiers before writing your evidence. Assessors want to see you use the right terminology.
I went through the practitioner to senior transition last year. Three of my five evidence pieces were returned for more detail. The feedback was constructive but it took about four months longer than I planned. Build in buffer time and don't submit until you've had a peer with CCP senior review your portfolio.
The CCP is harder to game than CISSP because it's competency-based rather than knowledge-based. You can't just memorize your way through it. The assessors are looking for evidence that you can apply judgment in realistic scenarios, not just recall frameworks.
Related Discussions
- Passed CCP exam on second try — what finally clicked for me4 replies
- Going for GAF Master Elite certification — what's the process actually like?4 replies
- CCP exam — how much does construction experience actually help versus studying from scratch?4 replies
- CCP board exam - studying while working full perfusion shifts4 replies
- CCP exam - is it as clinical as the content outline makes it look?4 replies