BladeSec IA Logo


CLAS Consultancy
CESG Certified Professionals <
CESG Certified Cyber-Security Consultancy

Company Information

Company profile
Certifications and qualifications
News and comment
Why choose BladeSec IA?

Products and Services

Typical work
Specific highlights

Domestic Travel Advice


Contact us
Terms and conditions
Privacy statement


The UK needs more skilled people in the cyber security profession both now and for the future.

CESG, as the UK's National Technical Authority for Information Assurance, is playing a pivotal role in addressing the skills gap and building the UK's cyber security capability.

The CESG Certified Professional (CCP) scheme has been developed to address the growing need for specialists within the cyber security profession and is building a community of recognised professionals in both the UK public and private sectors. CCP has been acknowledged as HMG's standard for cyber security professionals.

What sets CCP apart is that it is not simply a qualification. It is a certification which is awarded to those who demonstrate their sustained ability to apply their skills, knowledge and expertise in real-world situations.

Certification is provided by three Certification Bodies approved by CESG.

The framework, on which CCP is based, has been developed in consultation with government departments, academia, industry, the Certification Bodies and members of the CESG Listed Advisor Scheme (CLAS).

The framework includes a set of role definitions and a certification process. At present there are seven defined roles - the most recent addition being the Penetration Tester role - and several levels of competence for each role against which candidates are required to provide evidence.


CCP identifies a number of specialisms within Information Assurance field. These roles are:-
  • Accreditor;
  • IA Auditor;
  • IA Architect;
  • Security and Information Risk Advisor;
  • The IT Security Officer family of roles;
  • The Communications Security Officer family of roles; &
  • Penetration Tester.
Each of the above roles have a headline definition that describes their function within information assurance.


Each of the roles described in 1.4.2 describes at least three levels of ability. Generally, these are considered to be "Practitioner", "Senior Practitioner" and "Lead Practitioner".

The Penetration Tester role defines a further level of, "Principal" that sits between Senior and Lead.

The CCP levels are aligned to the SFIA areas of responsibility:-

  • Practitioner - SFIA Level 2-3;
  • Senior Practitioner - SFIA Level 4-5;
  • Principal Practitioner - SFIA Level 5; &
  • Lead Practitioner - SFIA Level 6+.