CMMC Proof

Think you need to be a cybersecurity guru to enter the CMMC ecosystem? Think again. With over 200,000 companies needing support and Phase 1 in full effect, the Department of Defense supply chain needs reinforcements—and they aren't just looking for IT experts. They need project managers, veterans, former law enforcement, and ambitious professionals with a heart for service. In this episode of the CMMC Proof podcast, Derrich Phillips (Lead CCA) breaks down the ground truth on how to start your CMMC career journey with zero prior experience. Whether you are a recent grad, a career changer, or a veteran transitioning to the private sector, there is a place for you in the CMMC "Big Tent." In this episode of the CMMC Proof podcast, Derrich Phillips (Founder of Aspire Cyber and Lead CCA) breaks down the "Ground Truth" of the individual certification ecosystem. We are deep diving into YOUR CMMC career pathway Whether you are a recent grad, a career changer, or a veteran transitioning to the private sector, there is a place for you in the CMMC "Big Tent." 🚀 WHAT YOU'LL LEARN IN THIS EPISODE: The 4 Professional Pathways: A deep dive into the roles of CCP, CCA, Lead CCA, and CCI. The ISACA Transition: What the new CAICO means for your global professional credibility. The Tier 3 Requirement: Why trust and integrity are the foundation of these individual credentials. Beyond the "Guru": Why your unique background in law enforcement, military service, or project management is exactly what the Defense Industrial Base (DIB) needs. Join the Reinforcements: Design Your Roadmap 🔥 DESIGN YOUR CAREER ROADMAP: Stop guessing and start executing. We help you bridge the "Experience Paradox" with hands-on training and practitioner-led study sessions. 👉 Schedule your free roadmap consultation: https://calendly.com/mjordan-aspirecyber/15min ABOUT ASPIRE CYBER: We are an Approved Training Provider (ATP) specializing in CMMC readiness. With a 100% first-time pass rate for our clients as of April 2026, we bring real-world "Ground Truth" expertise into every classroom. Visit www.aspirecyber.com/training Watch on YouTube- https://youtu.be/a3_jdKRQ_n8

We often hear that the cybersecurity talent gap is a "shortage of people." The truth? It is a shortage of professionals who can bridge the gap between technical theory and assessment-ready rigor. I recently sat down with Rene Ferrier, CCA, to discuss his journey from 25 years in IT and RMF (Risk Management Framework) to becoming a newly minted CMMC Certified Assessor. What makes Rene's story unique isn't just his tenure—it's his tactical approach to the learning curve. During a two-hour daily commute, Rene used Generative AI (ChatGPT and Gemini) to turn his car into a classroom, breaking down complex NIST 800-171 controls into "molecular" concepts he could master while on the road. Key highlights from our conversation: The RMF Transition: Why 25 years of experience is an asset, but "scoping discipline" and "evidence rigor" require a complete mindset shift. The AI Tutor: How to use modern tools to simulate high-level compliance dialogues and prepare for the CCA exam. The Cloud Frontier: Why specializing in GCC High is the next major career multiplier for assessors. Breaking the "Exclusive" Barrier: How we are making CMMC training attainable for the next generation of the workforce. Rene's journey proves that the "Experience Paradox" is solvable if you are willing to use new tools to master old fundamentals. As he says, "Don't get stagnant. Right now, the sky is the limit." Ready to launch your CMMC career? Schedule a free consultation today- https://cmmccopilot.aspirecyber.com/booking

This is a powerful CMMC success story that proves compliance doesn't have to take 12-18 months or break your budget. Join your host, Derrich Phillips, as he interviews Josh Hedeby, CPA, Director of Finance at Intertec Engineering, about their journey to CMMC Level 2 certification. Josh shares the shock of receiving quotes for traditional solutions (like Microsoft GCC High MSPs) that exceeded $250,000 for just the first year. Discover the disruptive, fully managed solution that turned their 12-18 month project into a rapid success, giving them a crucial competitive advantage now that the final CMMC rule is published. In this video, you will learn: - The Cost Trap: Why traditional solutions were a non-starter and how quotes reached six figures for a small business. - The Game-Changing Solution: How the CMMC Space solution by ATX Defense provided a 100% managed, affordable alternative. - Rapid Compliance: Intertec went from signing up to being assessment-ready within 30 to 45 days, avoiding a grueling 12-18 month timeline. - Inheritance is Key: How inheriting the policies and documentation allowed Intertec to skip the pain of writing an 80-page System Security Plan (SSP). Ready to accelerate your CMMC readiness? Aspire Cyber is committed to helping small businesses find affordable CMMC solutions. ➡️ Contact us to start your compliance journey: www.aspirecyber.com

Is CMMC Level 2 certification a nightmare of confusing requirements and sky-high costs? Not anymore. In this CMMC Proof podcast, Derrich Phillips sits down with the leadership team of Quadyster—Hari Banda, CBL Rao, and Biju Ninan—to share their incredible journey from feeling overwhelmed by traditional CMMC solutions to achieving their certification in record time and for a fraction of the expected cost. This is a powerful case study for any small business struggling with CMMC. Quadyster openly discusses the challenges they faced, the fears around extensive documentation and high costs, and how a strategic partnership network delivered a groundbreaking, affordable solution. Ready to accelerate your CMMC readiness? Aspire Cyber is on a mission to save small businesses $1 million by December 31, 2025, by helping them to identify affordable CMMC solutions. ➡️ Contact us to start your compliance journey- www.aspirecyber.com

Join Derrich Phillips on the CMMC Proof Podcast as he sits down with Zach Walker, co-founder of ATX Defense. Discover how their revolutionary CMMC solution is helping small defense contractors avoid the CMMC expensive nightmare.

In this engaging episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Jeff Brown, Google US Public Sector Workspace Lead, to explore how Google Workspace is transforming CMMC compliance for defense contractors. Discover how Google Assured Controls and U.S.-based data centers empower organizations to meet CMMC Level 2 requirements with ease and confidence. What We Cover in This Episode: - Google Workspace for Defense: Tailored solutions for the defense industrial base (DIB) Whether you're a prime contractor, subcontractor, or IT lead, this conversation offers valuable insights to streamline your compliance process. Watch now to learn how Google Workspace can make your CMMC journey more secure, scalable, and cost-effective. 🔔 Subscribe for the latest updates and expert tips on CMMC compliance and more! Visit the Google Workspace landing page-https://workspace.google.com/learning/content/cybersecurity-maturity-model-certification?e=48754805 🌐 Visit www.cmmcproof.com for additional resources and expert insights.

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Doug Landoll, CEO of Lantego and the author of the bestselling CMMC Assessment Handbook. Doug shares his journey into cybersecurity, offering a unique perspective on the importance of collaboration within the cybersecurity community. What you'll learn in this episode: Doug's experience as an author, focusing on CMMC and its impact on organizations. Insights into the CMMC assessment process, its challenges, and how it compares to frameworks like SOC 2 or ISO 27001. The future of CMMC compliance and why proactive preparation is essential for organizations. The value of CISSP training and clear success definitions in building a fulfilling cybersecurity career. Why consulting should center on empowering organizations for better assessments. Whether you're a defense contractor preparing for CMMC compliance, a cybersecurity professional seeking expert advice, or someone exploring a career in the field, this episode is packed with actionable insights and inspiration. Subscribe for the latest CMMC updates and insights. Visit www.cmmcproof.com

Join Derrich Phillips, Lead Certified CMMC Assessor (CCA), as he interviews Tatiana Marin, Director, Information Security at Kruze Consulting. In this episode, Tatiana shares her unique journey into cybersecurity, her strategies for building a strong security culture, and valuable insights on navigating SOC 2 compliance. Key Topics Covered: Transitioning from operations management to cybersecurity leadership Practical tips for managing SOC 2 audits and selecting the right tools The importance of leadership support and fostering a security-first mindset Leveraging external partners to enhance cybersecurity for small businesses Balancing rapid growth with robust security in a remote work environment Takeaways: Tatiana highlights the critical role of collaboration, effective communication, and leadership buy-in in creating a resilient cybersecurity posture. Her insights offer actionable advice for companies of all sizes. Whether you're tackling SOC 2 compliance or looking to improve your cybersecurity practices, this episode is packed with practical guidance and inspiration. Visit www.cmmcproof.com

In this episode of the CMMC Proof Podcast, host Derrich Phillips interviews Melissa Burant, a supply chain project manager at Iowa State University CIRAS, to uncover the compliance challenges defense contractors face under the Cybersecurity Maturity Model Certification (CMMC). Melissa shares insights into bridging the gap between federal requirements and current compliance practices, emphasizing the importance of simplifying complex regulations and providing actionable steps for small and medium-sized manufacturers. She sheds light on the shortcomings of the current CMMC ecosystem, such as the lack of resources mapping back to federal requirements and the overwhelming information contractors must navigate. The conversation dives into: The effectiveness of virtual boot camps in empowering companies to implement cybersecurity practices. How false claims and noncompliance cases impact small businesses. The importance of connecting cybersecurity efforts to revenue. Collaborative strategies to support manufacturers in the cybersecurity industry. Building targeted resources and simplifying the compliance journey for contractors. Melissa's practical advice and passion for helping small businesses make this episode a must-watch for anyone navigating the complexities of CMMC compliance. Subscribe Visit www.cmmcproof.com

Join Emilyann Fogarty, CISO at NYSERNet, as she explores the unique cybersecurity challenges in higher education—from targeted attacks and compliance pressures to limited budgets. Emilyann shares her approach to building scalable security programs focused on risk management and aligned with institutional goals. Highlighting the importance of soft skills, effective communication, and relationship-building, she offers practical insights on asking the right questions and fostering trust within an organization. Ready to accelerate your own compliance journey? Start your 7-day trial of CMMC Proof: Compliance Acceleration System at www.cmmcproof.com.

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Tammie McClellan, Deputy CISO at the University of Central Florida (UCF). With over 31 years of experience at UCF, Tammie dives into the challenges of CMMC compliance in the higher education and research space. She shares valuable insights on the Knight Shield initiative, which aims to streamline the compliance process while protecting Controlled Unclassified Information (CUI). The conversation covers the evolving landscape of cybersecurity regulations, including NIST and the potential impact of future policies like NSPM-33. Tammie emphasizes the importance of collaboration between cybersecurity professionals and researchers to achieve seamless compliance. She also highlights the critical role of program managers and the need for continuous learning and mentorship in the field. Don't miss Tammie's valuable insights on how R1 research universities like UCF are navigating the evolving world of cybersecurity compliance.

In this insightful conversation, cybersecurity coach and instructor Kenneth Ellington provides and overview how SIEM and SOAR technology to meet CMMC requirements, specifically for small businesses. He shares practical advice on leveraging SIEM technology, emphasizing the importance of baseline understanding and tuning to avoid unexpected costs related to logging. Kenneth also offers tips on navigating license costs, data ingestion, and documentation to optimize cybersecurity efforts. Kenneth highlights the importance of hiring staff with honesty, integrity, and technical competence to manage SIEM solutions effectively. He also discusses the growing role of AI in threat hunting and the value of continuous learning and personal growth in the field. For businesses looking to strengthen their cybersecurity, Kenneth shares best practices, alternative solutions for log tracking, and the benefits of fractional SOC management services. Connect with us at www.aspirecyber.com Visit https://kenneth-ellington-s-school.teachable.com/p/home to learn more about Kenneth Ellington

In this compelling episode, we explore the recent whistleblower lawsuit filed by the United States Department of Justice against Georgia Tech and Georgia Tech Research Corporation. This case, which alleges significant cybersecurity breaches, has sent shockwaves through the defense contracting and academic communities. Key Takeaways: Specific Contracts and Violations: We break down the particular contracts involved and the critical cybersecurity lapses, including failure to implement a System Security Plan (SSP) and the use of a false cybersecurity score. Egregious Violations: The case highlights the most serious violations—such as operating without anti-virus protection, submitting a fictitious SPRS score, and creating a false SSP based on a non-existent campus IT system. Intentional Misconduct: We delve into how Georgia Tech and GTRC knowingly violated federal cybersecurity requirements, particularly in handling Controlled Unclassified Information (CUI). Evidence and Documentation: Explore the evidence presented, including incriminating emails, text messages, and sworn testimonies that reveal a pattern of non-compliance and false claims. Impact on the Government: Learn about the damage done to the U.S. government, including millions of dollars paid for services that did not meet contractual obligations due to these cybersecurity failings. This episode is a must-watch for anyone involved in government contracting, cybersecurity, or compliance. We provide insights into how these violations were uncovered, the legal implications, and what this means for the future of cybersecurity in federally funded research. 🔔 Don't forget to subscribe stay updated with our latest episodes on cybersecurity, legal developments, and more! Useful Links: DOJ Filing- https://www.justice.gov/opa/pr/united-states-files-suit-against-georgia-institute-technology-and-georgia-tech-research

Join us as Will Drake, Senior Security Analyst at Indiana University, dives into the intricate world of cybersecurity in academia. In this enlightening conversation, Will shares the successful strategies and challenges of the "Secure My Research" initiative, aimed at implementing cybersecurity best practices in research environments. What You'll Discover: Streamlined Solutions: Learn how Indiana University is providing end-to-end secure solutions to support researchers. Advocacy in Action: Explore how advocacy helps overcome barriers and secure research data, with practical examples from the program. Empathy in Cybersecurity: Understand the critical role of interpersonal skills and empathy in crafting security measures that respect and enhance research workflows. Salesforce CRM in Cybersecurity: Insights on leveraging Salesforce CRM for effective documentation and stakeholder management. Professional Insights: Will also discusses his personal journey in cybersecurity, touching on overcoming imposter syndrome and the importance of unique strengths. Tune in to gain a comprehensive understanding of how cybersecurity can coexist seamlessly with academic research, fostering innovation while ensuring security. Secure My Research: https://cacr.iu.edu/projects/SecureMyResearch/index.html

Join Derrich Phillips in an engaging discussion with Daniel Eliot, the lead for small business engagement at NIST, on the latest episode of CMMC Proof podcast. They explore the updated NIST Cybersecurity Framework and its Small Business Quick Start Guide, focusing on practical insights and challenges faced by small businesses in implementing cybersecurity measures. Highlights include Daniel's role at NIST, key changes in the cybersecurity framework, and strategies for small businesses to adopt a risk-based approach. Discover actionable steps across the framework's functions: identify, protect, detect, respond, and recover, tailored for improving cybersecurity resilience. Key Takeaways: Insights into adapting cybersecurity behaviors and practices for organizational growth. The significance of prioritization in cybersecurity efforts, addressing critical vulnerabilities. NIST's community-driven approach to framework development, with valuable input and resources. Practical tools such as implementation examples, quick start guides, and community profiles to aid businesses in their cybersecurity journey.

Join us for an exclusive insider's perspective as Reneé Brooker, former Civil Frauds Assistant Director at the United States Department of Justice, shares her insights into False Claims Act (FCA) investigations. With her extensive experience supervising all FCA cases in 94 United States District Courts and overseeing billions of dollars in recoveries, she offers a unique understanding of holding companies accountable for their conduct. Don't miss this rare opportunity to gain valuable insights from a seasoned legal expert in the field.

In this conversation, Jim Dempsey discusses his book 'Cybersecurity Law Fundamentals' and the current state of cybersecurity and privacy laws in the United States. He highlights the patchwork of laws and regulations that exist, the need for a comprehensive cybersecurity law, and the importance of asset inventory and risk assessment for companies. Jim also discusses the role of whistleblowers in addressing cyber fraud and the potential impact of the False Claims Act on improving cybersecurity compliance. The current state of cybersecurity and privacy laws in the United States is a patchwork of regulations and standards, with no comprehensive cybersecurity law in place. Companies need to prioritize asset inventory and risk assessment as part of their cybersecurity practices. Whistleblowers play a crucial role in addressing cyber fraud, and the False Claims Act provides incentives for individuals to come forward and report non-compliance. There is a need for more enforcement and accountability in cybersecurity and privacy practices, with a focus on reasonable requirements and third-party assessments. The intersection of the False Claims Act and the implementation of the Cybersecurity Maturity Model Certification (CMMC) could lead to improved compliance and accountability in government contracts. Link to purchase Jim's book- Cybersecurity Law Fundamentals (2024) https://iapp.org/resources/article/cybersecurity-law-fundamentals/ Visit www.aspirecyber.com to learn more about how to Get CMMC Compliant ASAP.

Join us on the latest episode of the CMMC Proof podcast as we delve into the fascinating world of cybersecurity education with our special guest, Spiros Bamiatzis, Department Chair of Cybersecurity, and NSA Grant Program Director at Ivy Tech. In this episode, Spiros shares his expertise on the critical role of professors in mentoring and guiding students in cybersecurity education. We explore the rapidly evolving landscape of emerging technologies and discuss how AI is both aiding cyber professionals and posing challenges as cybercriminals leverage its power. Spiros also highlights the importance of certifications in the cybersecurity field and how they add value to professionals' skill sets. Additionally, we delve into the pivotal role cybersecurity plays in thwarting terrorist attacks and safeguarding national security. Don't miss this enlightening conversation packed with valuable insights and practical advice from a seasoned cybersecurity educator. Subscribe to the CMMC Proof podcast to stay updated on the latest episodes and expert discussions in the world of cybersecurity compliance.