Climbing Mount CMMC

In this episode, Kaleigh and Bobby discuss the complexities of CMMC documentation with Tom Conkle from Optic Cyber Solutions. They explore the challenges of writing effective System Security Plans (SSPs) and Customer Responsibility Matrices (CRMs), emphasizing the importance of viewing these documents as management tools rather than mere compliance checkboxes. The conversation highlights common pitfalls organizations face, the sign...

In this episode, Kaleigh Floyd and Bobby Guerra delve into the complexities of inheritance within the CMMC framework, particularly focusing on the role of external service providers (ESPs) and the responsibilities of organizations seeking assessment (OSA). They discuss the importance of system security plans, the nuances of the CMMC assessment process, and the challenges faced by managed service providers (MSPs) in navigating inher...

In this episode, Kaleigh and Bobby discuss the complexities of scaling CMMC for Managed Service Providers (MSPs). They explore the challenges of compliance, the importance of tools, and the necessity of having structured operational and sales strategies. The conversation also delves into the 'Four Horsemen' of compliance, which are critical for maintaining security and compliance standards. Finally, they emphasize the imp...

In this episode, Bobby and Kaleigh discuss the challenges and strategies of marketing within the CMMC space. Kaleigh shares her journey of transitioning into this niche market, emphasizing the importance of building a reputation, understanding client needs, and maintaining transparency throughout the sales process. They explore the significance of effective communication, the necessity of educating clients about CMMC, and the balan...

In this episode, Bobby and Kaleigh explore the CyberAB ecosystem, focusing on the various roles and certifications within the CMMC framework. They discuss the importance of understanding the distinctions between Registered Practitioners (RP), Registered Practitioner Organizations (RPO), CMMC Certified Professionals (CCP), and CMMC Certified Assessors (CCA). The conversation also highlights the role of C3PAOs in conducting assessmen...

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of Customer Responsibility Matrices (CRMs) and their significance in CMMC compliance. They discuss the definition of CRMs, their importance in defining responsibilities between customers and service providers, and the essential components needed to create an effective CRM. The conversation emphasizes the need for clarity in respo...

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra engage with Chris and Hannah Silvers, a father-daughter duo from CG Silver's Consulting. They discuss their journey in the cybersecurity field, the challenges and dynamics of CMMC, and the importance of community and collaboration in navigating this complex landscape. The conversation highlights the unique challenges faced by MSPs in adapting to CMMC ...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical issue of false starts in CMMC assessments, emphasizing the importance of proper documentation and preparation. They explore the phases of CMMC assessments, the consequences of failing to meet requirements, and the necessity of seeking help from consultants. The conversation highlights the significance of mock assessments and understanding the roles of external ser...

In this episode, Kaleigh and Bobby welcome back Kyle Lai to discuss the challenges and insights surrounding C3PAOs and the CMMC framework. They explore Kyle's journey into the C3PAO space, the current state of audits, and the importance of software development in compliance. The conversation highlights the need for collaboration between IT and software development teams, the significance of understanding controlled unclassifie...

In this episode of CybHer, Kaleigh Floyd interviews Jil Wright, president of Wrightbrained Security, discussing her extensive experience in IT and the CMMC space. They explore the challenges of cybersecurity assessments, the importance of documentation, and the evolving role of women in the tech industry. Jil shares insights on the necessity of evidence in assessments, the significance of mentorship, and the need for companies to p...

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the 32 CFR final rule and its implications for contractors and subcontractors in the defense industry. They delve into the history and importance of Controlled Unclassified Information (CUI), the requirements for achieving CMMC compliance, and the significance of DFARS clauses. The conversation also covers the challenges of creating a System Security Plan (SSP), the ...

In this episode, Kaleigh Floyd interviews Kelly Hood from Optic Cyber Solutions, discussing her journey into the CMMC space, the challenges faced in consulting, and the importance of effective documentation. They explore the significance of the Customer Responsibility Matrix (CRM) and System Security Plan (SSP), as well as the NIST Cybersecurity Framework (CSF) and its connection to CMMC compliance. Kelly shares insights on navigat...

In this episode, Bobby Guerra and Kaleigh Floyd discuss the evolving landscape of vendors in the CMMC space, focusing on the challenges and considerations for Managed Service Providers (MSPs) when integrating cloud solutions. They explore the implications of using tools like Huntress and Ninja One, the importance of compliance with regulations, and the role of auditors in ensuring data protection. The conversation emphasizes the ne...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the challenges and considerations for internal IT staff tasked with achieving CMMC compliance. They explore the importance of knowledge, leadership buy-in, and organizational maturity in successfully navigating the CMMC process. The conversation emphasizes the need for collaboration between internal teams and managed service providers (MSPs) to effectively implement necessary ...

In this conversation, Bobby Guerra and Ryan Bonner discuss the evolving landscape of the CMMC ecosystem, focusing on the implications of a recent memo from the DOD. They explore the roles of program managers, the importance of understanding CUI, and the challenges faced by contractors and MSPs in achieving compliance. The discussion emphasizes the need for proactive strategies and the potential impact of these changes on the defens...

In this conversation, Bailey Reichelt, a trade and regulatory attorney, discusses the complexities of export controls and their implications for businesses in the aerospace and defense sectors. She emphasizes the importance of understanding export regulations, common misconceptions, and the need for compliance programs. Bailey also shares insights on engaging with regulatory attorneys, the costs involved, and real-world examples of...

In this episode of Climbing Mounts CMMC, hosts Kaleigh Floyd and Bobby Guerra welcome Andy Sauer from Sentinel Blue. They discuss the challenges and experiences of navigating CMMC compliance as managed service providers (MSPs). The conversation covers the entrepreneurial journey, the importance of leadership and scaling in MSPs, and the preparation required for assessments. They also touch on the future of CMMC and the evolving lan...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical considerations for OSCs choosing an MSP for their CMMC journey and Managed Service Providers (MSPs) contemplating CMMC Level 2 certification. They explore the importance of selecting a qualified MSP, the preparation required for assessments, the necessity of proper documentation, and the implications of client agreements. The conversation emphasizes the mindset ne...

Axiom passed their assessment! In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss their journey to passing a CMMC Level 2 assessment. They share insights from their mock and real assessments, the challenges they faced, and the importance of preparation and self-assessment. The conversation highlights the role of auditors, handling findings, and the continuous nature of compliance in cybersecurity. In this conversa...