"Outread the others" - that's how Ryan Bonner mastered CUI.If you're confused about Controlled Unclassified Information (CUI) - you're not alone. Many defense contractors (not to mention DoD themselves) misunderstand what is CUI, where it comes from, and how to handle it.In this episode, Ryan Bonner, CEO of DEFCERT, gives a masterclass in understanding CUI from the actual laws and regulations - not just hearsay.👉 Here are the highlights:What CUI really is - and what it’s notHow to use the NARA and DoD CUI registriesThe proprietary paradoxHow to decontrol CUIThe difference between FCI and CUIDoD memo on determining CMMC levels This is essential listening for anyone working with the defense industrial base - primes, subs, and especially DoD program managers who want to avoid missteps.What were your biggest takeaways? Let me know in the comments.Follow Ryan on LinkedIn: https://www.linkedin.com/in/rybonner/DEFCERT Website: https://defcert.com/-----------Thanks to our sponsor Vanta!Get back time to focus on strengthening security and scaling your business.Discover the new way to GRC here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e7&utm_campaign=courses#cui #cmmc
--------
51:04
From HR to CMMC Hero: Reynolds Construction's DIY Success Story
HR guy leads his company to CMMC level 2 certification! 👀In this episode I’m joined by Eric Fields of Reynolds Construction to learn how he led his business to CMMC level 2 certification!I call him "Eric the Great" - you'll see why in a moment.Eric's background was in HR and business operations. He had no background in IT or cybersecurity.They did it in-house - with just two people and smart choices.👉 Here’s how they did it:CMMC training from GRC AcademyResources and advisory services from Kieri SolutionsCCP & CCA trainingMeticulous documentationThis episode is very special to me - Eric's intro to CMMC was through GRC Academy more than 2 years ago, and he was actually the second person to leave a 5-star review on my CMMC training for defense contractors: https://grcacademy.io/course-reviews/cmmc-overview-training-eric-f-20230127/This episode is a great reminder that small businesses can achieve CMMC certification without breaking the bank.That said, time is no longer a luxury. With CMMC phasing in this summer, small businesses need to move fast - and partnering with a CMMC-focused MSP can help accelerate the process.What were your biggest takeaways? Feel free to celebrate with "Eric the Great" in the comments!Follow Eric on LinkedIn: https://www.linkedin.com/in/ericfields6/Reynolds Construction Website: https://www.reynoldscon.com/-----------Thanks to our sponsor Vanta!Get back time to focus on strengthening security and scaling your business.Discover the new way to GRC here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e6&utm_campaign=courses#cmmc #nist #cybersecurity
--------
36:29
The FASTEST Way to CMMC Compliance - CUI Enclaves
CMMC rolls out in a few months and there are STILL companies who are JUST getting started!In this episode I’m joined by Daniel Akridge of Summit 7 to talk about the real challenges facing the Defense Industrial Base - and the FASTEST path to CMMC certification.To CUI Enclave, or not to CUI enclave - that is the question!👉 Here are some of the highlights:What the big primes are saying about their subs and CMMCThe biggest CMMC hurdles for defense contractorsWhy MOST DoD contracts could require CMMC Level 2 certification - not just self-attestationDeep dive into CUI enclaves and their pros and consI personally like CUI enclaves because it keeps government cybersecurity regulations and incident reporting requirements out of my corporate IT environment...However if you are a small business that primarily supports the DoD, CUI enclaves begin to make less sense - even as I try to reason otherwise!What were your biggest takeaways? Do you LUV CUI enclaves?? Let me know in the comments!Follow Daniel on LinkedIn: https://www.linkedin.com/in/danielakridge/Summit 7 Website: https://www.summit7.us/-----------Thanks to our sponsor Vanta!Need continuous visibility into the state of your security controls?Discover the new way to GRC here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e5&utm_campaign=courses#cmmc #nist #cybersecurity
--------
58:20
CMMC Will BREAK Your MSP - Axiom's CMMC Level 2 Journey
“We built a second company from scratch…”Is that what it takes for MSPs to get CMMC'd!?! 👀In this episode I’m joined by Bobby Guerra and Kaleigh Floyd from Axiom, an IT Managed Service Provider (MSP). They explain exactly what it took to achieve CMMC level 2 certification - after 4 years of effort.Most MSPs aren’t ready for CMMC. Many believe it's just another checkbox, but it’s a complete operational shift that requires rethinking your tools, processes, and client relationships!Here are some of the highlights:How much money they allocated for CMMC (it’s more than you think)How to build scalable and repeatable processes to support complianceThe tools, contracts, and agreements you MUST have in placeHow to prepare for the assessment (and avoid sleepless nights!)Bobby Guerra is the CEO of Axiom and has led the MSP for over 22 years. Under his leadership, Axiom became one of the first MSPs in the U.S. to achieve CMMC Level 2 Certification. Bobby now helps guide clients through their own CMMC journeys, focusing on sustainable security and compliance.Kaleigh Floyd is the Marketing Director at Axiom and Co-Host of the Climbing Mount CMMC podcast. Raised in the MSP world, she now educates others through Microsoft 365 training and cybersecurity content. Her passion lies in simplifying tech and making a lasting impact in the industry.This is a true CMMC for MSPs masterclass! So much great advice packed into this episode!What were your biggest takeaways? Let me know in the comments!Follow Bobby on LinkedIn: https://www.linkedin.com/in/bobbyguerra/Follow Kaleigh on LinkedIn: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Axiom's Website: https://www.axiom.tech/Climbing Mount CMMC Podcast: https://www.axiom.tech/climbing-mount-cmmc-the-podcast/-----------Thanks to our sponsor Vanta!Need continuous visibility into the state of your security controls?Discover the new way to GRC here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e4&utm_campaign=courses#cmmc #nist #cybersecurity
--------
1:32:14
CMMC Level 2 Assessments - What to Expect and How to Avoid Disaster
Preparing for a CMMC assessment, but don't know what to expect?Get ready to learn from CMMC Lead Assessor Fernando Machado as he explains EXACTLY what happens in each phase of the CMMC assessment process!Fernando is the Managing Principal of Cybersec Investments which is an authorized C3PAO. Fernando has been involved with CMMC starting in 2020 as a member of the Cyber AB's Standards Management Industry Working Group.Cybersec Investments has already issued 12 CMMC certifications since CMMC assessments began in January of 2025 and previously participated in nearly 20 Joint Surveillance Voluntary Assessments (JSVAs).👉 Here are some highlights:What to expect during a CMMC assessmentThe 4-phases of the CMMC Assessment Process (v2.0)No self-assessment? No independent assessmentCommon issues that could cause assessment failuresHow to make the assessment easier for your assessor (and you)It is overwhelming preparing for a CMMC assessment, but don't go into it without knowing what to expect!What were your biggest takeaways? Let me know in the comments!Follow Fernando on LinkedIn: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/Cybersec Investments Website: https://cybersecinvestments.com/-----------Thanks to our sponsor Vanta!Need continuous visibility into the state of your security controls?Discover the new way to GRC here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e3&utm_campaign=courses#cmmc #nist #cybersecurity
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform for GRC professionals, executives, and anyone else who wants to increase their knowledge in the GRC space!
Italia