Cuick 10

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Rachel Bassford, CUI Consultant at DEFCERT, to explore how organizations should approach identifying Controlled Unclassified Information (CUI).Rachel explains why companies often jump straight into technology decisions without fully understanding their scope—and how that leads to wasted time, unnecessary cost, and increased risk. She outlines a structured approach that starts with understanding contracts, document markings, and data flow before making any compliance investments.This episode provides practical guidance for organizations trying to answer one of the most important questions in CMMC: What do we actually need to protect?

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Carter Schoenberg, Vice President - Cybersecurity & Chief Cybersecurity Officer at SoundWay Consulting Inc., to discuss how the CMMC ecosystem is evolving now that regulatory requirements are becoming enforceable.Carter shares firsthand insights from conducting assessments as a C3PAO, including how demand has shifted dramatically following key rulemaking milestones. The conversation explores the growing urgency among contractors, common misunderstandings about timelines, and the variability organizations are encountering in early assessments.They also break down why many companies are still underprepared, the importance of realistic expectations, and what lessons from the front lines can help organizations better navigate the path to certification.Tune in for a candid discussion on what’s changing in CMMC—and what it means for contractors moving forward.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Alex Major, Partner & Co-Leader of the Government Contracts and Global Trade Group at McCarter & English, to discuss the challenges organizations face when identifying Controlled Unclassified Information (CUI).Alex explains why CUI identification has become one of the most critical components of CMMC compliance and how confusion across government agencies, prime contractors, and suppliers creates risk throughout the Defense Industrial Base. The conversation explores how contractors should approach CUI policies, what role supply chain partners play in CUI flowdown, and why organizations must clearly understand what information they are required to protect.Tune in for practical insights on navigating CUI identification and strengthening compliance across the supply chain.

To kick off Season 3, Derek White, COO of Cuick Trac, sits down with Kyle Lai, President & CISO at KLC Consulting, to discuss what makes someone truly effective in the CMMC consulting space. Kyle brings unique perspective as both an experienced assessor and a trusted advisor to organizations navigating DFARS, NIST 800-171, and CMMC compliance.In this episode, they explore what separates technical know-how from true client impact—from soft skills like listening and empathy to real-life stories of consulting gone wrong (and right).

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, sits down with Jeff Smedley, retired CIO and CMMC strategy consultant, to explore how CMMC can go beyond compliance to drive organizational value.Jeff shares how his company achieved a perfect assessment score and leveraged CMMC to unlock board alignment, private equity support, and a billion-dollar exit. From cultural transformation to financial metrics, this conversation reframes CMMC as a growth opportunity—not just a mandate.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by James Harper, CEO at Quatronics, to break down FIPS encryption, validated crypto modules, and how governance underpins both CMMC compliance and long-term company growth.James shares real-world examples of where small businesses stumble—from improper data mapping to lack of documented roles—and explains how CMMC can be a catalyst for sustainable scaling. If you’ve ever asked, “Do I really need FIPS validated equipment?” or struggled to track CUI across your team, this one’s for you.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Brad Taylor, Senior Information Security Consultant at Foregenix, to explore what goes into a successful CMMC assessment from the assessor’s perspective. Brad shares insights from a recent real-world engagement, including how strong inheritance documentation, pre-assessment reviews, and clear traceability helped one OSC complete their assessment in under two days.This episode is full of practical tips for preparing your environment, aligning your SSP and policies, and ensuring your team is ready to show up informed and confident.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Heather Siemens, CEO of iFortress, to explore the growing call for standardization across federal cybersecurity frameworks — particularly for contractors serving both defense and energy sectors.Heather shares lessons from her background in NERC compliance, the challenge of overlapping frameworks like NIST SP 800-171 and NIST 800-161, and what needs to happen for agencies like DoD, DOE, and DHS to speak a common cybersecurity language.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Nancy Laney, CEO of Peak Complyance, to discuss why executive leadership buy-in is essential for successful CMMC compliance.Nancy shares insights into building a cyber-aware culture, shifting compliance ownership beyond IT, and the growing importance of executive affirmations—even at CMMC Level 1. She also outlines the risks of relying on a single point of failure, the importance of documentation for sustainability, and how coaching and tools can help organizations operationalize compliance.

In this episode of the Cuick 10 Podcast, Derek White, COO of Cuick Trac, is joined by James Harper, CEO of Quatronics, to explore two critical — and often misunderstood — areas of cybersecurity compliance: FIPS encryption and corporate governance.James shares practical insights on what FIPS-validated encryption actually means (and doesn’t mean), where it’s required, and how misconceptions around equipment can lead to costly and unnecessary decisions. More importantly, he makes the case that governance — not just tech — is the backbone of scalable, effective CMMC compliance.Whether you're confused about encryption, overwhelmed by data flows, or wondering how to grow securely, this episode offers a down-to-earth look at getting CMMC right.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, sits down with TJ Hope, Sales Engineer at Senteon, to discuss how configuration management plays a vital role in meeting CMMC requirements. TJ explains how automation, visibility, and environment-specific baselining can transform the way organizations approach hardening—without breaking things or burning out staff.Whether you’re preparing for your first CMMC Level 2 assessment or inheriting someone else’s security posture, this episode delivers a practical look at one of the most challenging aspects of compliance.

n this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, sits down with Dy Edington, Director of Information Security at AV, to share lessons from the front lines of achieving CMMC certification. Dy offers a behind-the-scenes look at what it takes to drive a successful compliance program—from cross-functional alignment to hands-on training and executive support.Whether you're early in your journey or already preparing for assessment, this episode is packed with practical insights.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Kayli Keough, US Government Contract Compliance Counsel at Collins Aerospace. Kayli shares her unique perspective as a legal and contracts professional navigating the world of cybersecurity compliance.They discuss how legal, contracts, and cyber teams can collaborate more effectively, the growing importance of compliance across global frameworks, and how CMMC is changing the conversation within large government contractors. Whether you're in legal, cyber, or program management—this episode shows why a unified approach to compliance is no longer optional.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Eric Levitas, Vice President of Business Development at ControlCase, to unpack why mock assessments are more critical than ever for defense contractors navigating CMMC.Eric explains the most common mistakes he sees contractors make when jumping straight into their C3PAO audit, how to properly prepare your scope and documentation, and what the mock assessment process really looks like from a third-party assessor’s point of view.Tune in for expert guidance on how to get audit-ready — without the panic.

In this episode of the Cuick 10 Podcast, Derek White, COO of Cuick Trac, is joined by Matt Hoeper, Director of Commercial/Cybersecurity at Edwards Performance Solutions, to unpack how cybersecurity leaders can better align their CMMC programs with business goals.Matt explains why CMMC should be positioned not just as a regulatory requirement, but as a strategic business investment. From reducing operational risk to building customer trust, this episode provides clear guidance on how to tie technical compliance efforts to business outcomes—especially in conversations with leadership and boards.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Tom Conkle, CEO of Optic Cyber Solutions, to discuss the often-overlooked importance of the Customer Responsibility Matrix (CRM) in CMMC compliance.Tom shares firsthand experience from CMMC readiness engagements where organizations mistakenly assumed their MSPs had implemented necessary controls—only to discover critical gaps. He breaks down how the CRM acts as a communication bridge between managed service providers and OSCs, what should be included in a CRM, and why documenting shared responsibility is now a requirement under the final rule.Tune in to learn how better documentation, communication, and ownership can prevent serious compliance failures.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Prabhat Nigam, Global CTO at Golden Five Consulting, to discuss the critical interplay between scope, cost, and risk in CMMC compliance.Prabhat shares practical lessons on how over-scoping can drive up compliance costs, how to manage subcontractor and MSP risk, and the importance of simplifying your technology footprint within one trusted cloud ecosystem.This conversation is packed with tips for defense contractors trying to stay compliant while minimizing overhead and complexity.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Justin Hensley, Principal Program Manager at CloudFit Software, to explore how Virtual Desktop Infrastructure (VDI) is helping defense contractors scale securely.Justin discusses the recent DoD VDI memo and how it has changed the game for flexibility, cloud-first strategies, and scalability in CMMC compliance. He also shares how CloudFit is helping organizations use Microsoft Azure Virtual Desktop environments to reduce CAPEX, improve collaboration, and integrate tools like AI and secure messaging.From CAD workloads to real-time collaboration, this episode dives into how SMBs and federal partners can modernize their environments without breaking their workflows.

In this episode of the Cuick 10 Podcast, host Derek White (COO, Cuick Trac) sits down with Mike Bramm, Owner & CTO at BomberJacket Networks, to unpack what it really takes to pass a CMMC assessment—and why most failures start by skipping Phase 1.Mike explains the importance of readiness assessments, how the Lead CCA role helps ensure structure and accountability, and why implementation is often more valuable than just getting assessed. He also shares candid insights on DIB contractors still in denial, and how culture—not tooling—is what determines success.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Michael Greenman, Sr. Product Marketing Manager at Deltek, to unpack the latest industry data and FedRAMP developments shaping the CMMC landscape.They discuss the significance of FedRAMP Moderate Equivalency, cloud security documentation best practices, and the must-ask questions when evaluating cloud service providers. Michael also reveals new statistics from Deltek’s Clarity Report, including how much contractors are spending to prepare for assessments—and how many plan to get certified in 2025.