CCFP
Certified CyFun
Professional

NIS2 Implementation

A premium, practitioner-led programme that equips cybersecurity, risk and compliance professionals to implement the CyFun® 2025 cybersecurity fundamentals framework, build defensible governance and control structures, and demonstrate NIS2-aligned maturity through practical, real-world outputs.
"Lead, govern, and implement CyFun® 2025 with confidence — without getting lost in overly technical frameworks or compliance-driven complexity."

Translate NIS2 regulatory expectations into implementable maturity actions.

Course Launches on March 23rd 2026

"Certified CyFun Professional — Practical CyFun® 2025 Implementation & NIS2 Maturity Credential"

Why This Course Exists?

CyFun® 2025 is a practical cybersecurity fundamentals framework aligned to international norms and designed to support NIS2 maturity assessments and implementation.

CyFun® 2025 is increasingly being adopted as a practical cybersecurity fundamentals framework, yet it is often misunderstood or applied superficially. Many organisations reference CyFun in policies or assessments without fully appreciating what effective implementation requires in practice, how governance decisions directly influence maturity outcomes, or why “baseline” programmes still fail to satisfy regulators, customers, or senior management expectations.

In reality, accountability for CyFun 2025 outcomes sits squarely with organisational leadership and senior management. However, much existing guidance focuses on control lists or technical measures, leaving a critical gap in governance, oversight, prioritisation, and demonstrability. The result is frequently fragmented initiatives, poorly scoped controls, weak evidence, and cybersecurity programmes that appear compliant on paper but deliver limited operational resilience.


The Certified CyFun Professional (CCFP) course exists to close this gap. It equips professionals with the insight, confidence, and practical capability to design, govern, and implement CyFun® 2025 effectively, and to translate the framework into credible governance structures, evidence packs, and implementation roadmaps aligned with NIS2 expectations and suitable for executive and board-level assurance.


At a Glance...

Duration:
12-week, practitioner-led CyFun® 2025 & NIS2 implementation programme

Audience:
Cybersecurity, risk, compliance and governance professionals with responsibility for cyber resilience and regulatory readiness

Outcome:
Practical CyFun® 2025 implementation, NIS2-aligned governance, and a defensible cybersecurity maturity roadmap

Format:
Online self-paced learning with live expert-led CyberPrism implementation labs

Assessment:
Knowledge-based exam plus a practical portfolio submission

Certification:
Certified CyFun Professional (CCFP)

CPD:
CPD points awarded: 40 CPD

"CCFP is not an awareness course, a technical deep-dive, or a framework overview. It is a practitioner-led professional credential designed for those accountable for governing, implementing, and evidencing CyFun® 2025 maturity in line with NIS2 expectations."

Who is This Course For?

 This course is for professionals frustrated with superficial implementation guidance
Empty space, drag to resize

The Certified CyFun Professional (CCFP) is built for professionals who must make decisions, provide oversight, and take accountability for cybersecurity fundamentals and NIS2-aligned outcomes. It equips you with the practical implementation insight and governance capability required to design, lead, and implement CyFun® 2025 — from scoping and maturity assessment through to evidence, reporting, and roadmap delivery.


Ideal For

  • Senior professionals accountable for cybersecurity, digital resilience, risk, or regulatory compliance

  • CISOs, Heads of Security, IT Managers, Risk & Compliance Leaders, Governance & Assurance professionals

  • Those sponsoring, directing, or overseeing CyFun® 2025 or NIS2 readiness programmes

  • Professionals who need to confidently engage with regulators, auditors, customers, and third-party assessors

  • Consultants and advisors supporting organisations with baseline cybersecurity maturity or regulatory alignment

This Course Is Not For

  • Learners seeking a high-level cybersecurity awareness course

  • Practitioners looking for step-by-step technical configuration training (e.g. firewall, EDR, SIEM or IAM setup)

  • Those seeking technical vendor certifications or formal audit qualifications

  • Individuals with no responsibility for governance, oversight, or implementation outcomes



What CCFP Enables You to Do

On successful completion of CCFP, you will be able to:

  • Provide credible assurance to senior leadership and boards that baseline cybersecurity maturity and digital resilience are being implemented effectively and in line with CyFun® 2025 and NIS2 expectations.

  • Design, lead, and implement the CyFun® 2025 cybersecurity fundamentals framework in a way that is aligned to your organisation’s context, risk profile, critical services, and regulatory obligations.

  • Define and defend CyFun scoping, assurance level selection, and governance arrangements, ensuring clear accountability, ownership, and demonstrable outcomes from the outset.

  • Oversee and challenge cybersecurity risk identification and prioritisation, ensuring risks are meaningful, decisions are defensible, and improvement actions are proportionate and risk-driven.

  • Select, justify, and govern CyFun-aligned controls and measures, with a clear understanding of intent, ownership, operation, and evidence requirements.

  • Build and maintain credible evidence packs demonstrating implementation maturity, supporting regulatory engagement, customer assurance, and audit or assessment activities.

  • Develop and present a 12-month CyFun® 2025 / NIS2 implementation roadmap, prioritised, realistic, and suitable for executive and board-level reporting.

  • Avoid common CyFun and baseline maturity failures, including fragmented initiatives, control-centric checklists, weak evidence, and compliance that exists on paper rather than in practice.


Why CCFP is Different

CCFP is different because it:

  • Focuses on governance-led implementation — equipping you to make, direct, and defend the decisions that determine whether CyFun® 2025 is implemented credibly and delivers real cybersecurity maturity.

  • Teaches the mechanics without unnecessary complexity — you will understand how CyFun® 2025 works in practice, without being dragged into technical configuration, vendor tooling, or framework bureaucracy.

  • Builds real implementation capability — not just knowledge. You will leave able to scope CyFun appropriately, select assurance levels, prioritise controls, build evidence packs, and develop a defensible implementation roadmap.

  • Is designed for accountability — ideal for those who sponsor, lead, or oversee cybersecurity, digital resilience, or NIS2 readiness programmes and must provide assurance to executive leadership and boards.

  • Includes professional, competence-based assessment — combining a knowledge-based exam with a practical implementation portfolio to validate real-world capability, not just attendance.

  • Is delivered in a premium blended format — self-paced expert instruction supported by live CyberPrism implementation labs, enabling direct engagement, challenge, and applied learning.

CCFP is not a framework overview or an awareness course.
It is a professional implementation credential designed to help organisations establish defensible baseline cybersecurity maturity, meet NIS2 expectations, and deliver measurable resilience in practice.

How the Course is Delivered

The course is designed to be completed alongside full-time professional responsibilities.
Empty space, drag to resize

How CCFP Is Delivered

The Certified CyFun Professional (CCFP) is delivered as a structured 12-week blended programme designed to fit the realities of professional, leadership, and governance-focused roles. It combines flexibility with rigour, and theory with hands-on implementation, ensuring learning translates directly into practical outcomes.

The Programme Includes:

On-demand expert-led learning
Short, focused modules completed at your own pace, providing clear, practical guidance on CyFun® 2025 structure, assurance levels, governance expectations, and implementation mechanics, viewed through a real-world NIS2 lens.


Live CyberPrism implementation labs (online)
Six interactive, instructor-led implementation labs focused on applying CyFun® 2025 in practice using the CyberPrism Digital

Resilience Platform. Sessions concentrate on scoping, prioritisation, evidence development, reporting, and common implementation pitfalls, with opportunity for challenge, discussion, and progress validation.


Knowledge-based assessments
Structured knowledge checks and a formal exam to test understanding of CyFun® 2025 concepts, governance intent, and regulatory alignment, reinforcing correct application rather than rote learning.


A practical implementation portfolio
A competence-based assessment requiring participants to submit a professional portfolio, including a CyFun/NIS2 implementation roadmap, governance model, and evidence pack, demonstrating real-world capability.


Certification on successful completion
Participants who successfully meet the assessment requirements are awarded the Certified CyFun Professional (CCFP) credential.


This blended approach ensures CCFP is not merely informative, but transformative — building genuine implementation capability, governance confidence, and the credibility required to stand behind CyFun® 2025 and NIS2 outcomes in practice.


Assessment & Certification Credibility

 Certification is awarded only where the required professional standard is met.
Empty space, drag to resize

Certification & Assessment

The Certified CyFun Professional (CCFP) is a professional certification programme. The credential is awarded based on demonstrated competence, not attendance.

To achieve the Certified CyFun Professional (CCFP) designation, participants must successfully complete the following assessment components:


Knowledge-Based Assessment

Structured knowledge checks and a formal exam designed to test understanding of CyFun® 2025 concepts, assurance levels, governance intent, and NIS2 alignment, ensuring learners can apply the framework correctly in practice rather than recall theory.


Practical Implementation Portfolio

A competence-based portfolio assessment requiring participants to demonstrate real-world capability. The portfolio includes:

  • A CyFun® 2025 / NIS2 implementation roadmap

  • A governance and oversight model aligned to CyFun principles

  • An evidence pack mapped to at least one CyFun function

This assessment evaluates the ability to scope CyFun appropriately, select assurance levels, prioritise controls, build defensible evidence, and present outcomes suitable for executive and board-level assurance.


CCFP has been designed to ensure that successful candidates can credibly design, govern, and implement CyFun® 2025, and apply it in a way that supports regulatory engagement, customer assurance, and demonstrable cybersecurity maturity in line with NIS2 expectations.


Certification & Professional Recognition

On successful completion, participants are awarded the Certified CyFun Professional (CCFP) credential and receive CPD points (recommended: 40 CPD, reflecting programme depth and duration).

Holders of the CCFP designation may use the credential in professional contexts, subject to the certification terms and conditions.

Instructor Authority

 Architect of an AI-driven CyFun® 2025 implementation and evaluation model used in real organisations
Empty space, drag to resize
The Certified CyFun Professional (CCFP) programme is designed and delivered by Paul C Dwyer, a globally recognised authority in cybersecurity, digital resilience, and regulatory implementation.
Paul has over three decades of experience working across highly regulated and complex environments, including financial services, healthcare, critical infrastructure, public sector, and large-scale technology and service providers. 

He has advised and led cybersecurity and resilience programmes across Europe, the United States, and Africa, operating at both operational and board level in environments where governance, accountability, and demonstrable outcomes are critical.


In addition to his deep understanding of international cybersecurity and resilience frameworks, Paul has played a direct role in operationalising CyFun® 2025 in practice. He is the architect behind an AI-driven CyFun implementation and evaluation model, developed to assess organisational maturity, prioritise controls, and translate CyFun® 2025 into actionable governance, evidence, and implementation roadmaps within real organisations. This work provides him with an exceptionally deep, practical understanding of how CyFun functions beyond documentation — including where implementations succeed, where they fail, and why.

Paul works extensively with senior leadership and boards, advising on baseline cybersecurity maturity, regulatory alignment (including NIS2 and DORA), and digital operational resilience. His experience spans both designing governance models and supporting organisations through regulatory scrutiny, customer assurance, and executive decision-making.

As a result, CCFP is grounded not in abstract framework theory, but in real-world implementation experience, regulator-facing reality, and practical delivery. Participants benefit from instruction that reflects how CyFun® 2025 is actually implemented, governed, measured, and defended in practice — and what professionals must do to deliver credible, board-ready cybersecurity outcomes.