Cuick 10

In this episode of the Cuick 10 Podcast, filmed live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Carter Schoenberg, Vice President & Chief Cybersecurity Officer at SoundWay Consulting, to discuss the often-misunderstood divide between DFARS contract requirements and CMMC Level 2 assessments.Carter shares what he’s seen across dozens of readiness reviews and client assessments—including how organizations are still falling short when it comes to incident response planning, asset inventory, and understanding their obligations. He also explains why contractors should be getting on a C3PAO’s schedule sooner rather than later—before the demand outpaces capacity.Watch the full Episode on YouTube: https://www.cuicktrac.com/cuick-10-podcast/

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Steven Molter, Solutions Architect at IntelliGRC, to explore what’s actually happening inside CMMC Level 2 assessments right now.Steven shares what he’s seeing across multiple client engagements, including inconsistencies between C3PAOs, scoping guidance that’s still evolving, and practical strategies for addressing tough requirements like continuous monitoring. He also highlights how IntelliGRC is helping organizations ditch spreadsheet chaos and stay organized for audit success.Watch the full Episode on YouTube: https://www.cuicktrac.com/cuick-10-podcast/

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Matthew Titcombe, CEO & Sr. Information Security Consultant at Peak InfoSec, to share real-world insights from the early days of CMMC through where things stand in 2025.Matthew discusses his experiences as one of the first C3PAOs, the growing demand for in-person collaboration and education in the cybersecurity space, and the evolving expectations from primes within the Defense Industrial Base. He also gives a behind-the-scenes look at what’s next for CUICON and Peak InfoSec’s content series, including “As the CMMC Churns” and “CMMC Group Therapy.”Watch the full Episode on YouTube: https://www.cuicktrac.com/cuick-10-podcast/

In this special episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by George Perezdiaz, Director of Advisory Services at Cuick Trac, to discuss the future of CMMC and FedRAMP compliance—recorded live from #CUICON 2025.George shares insights into how FedRAMP Moderate Equivalency is shaping the cybersecurity landscape for DoD contractors, the latest updates on CMMC, and what businesses need to know about evolving compliance regulations. They also break down the critical difference between incident response vs. incident awareness and why planning ahead is key to staying compliant.

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Stephen Pratt, Chief Information Security Officer (CISO) and Director of Programs, Cyber Risk & Compliance Sector at Sentar, to discuss the biggest pitfalls organizations face when preparing for CMMC assessments.Stephen shares key insights on why contractors struggle with scoping, documentation, and cloud service provider compliance, and how early preparation and mock assessments can prevent certification failures.Watch the full Episode on YouTube: https://www.cuicktrac.com/cuick-10-podcast/

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Bryan Rosensteel, Head of Public Sector Product Marketing at Wiz, to discuss how Cloud-Native Application Protection Platforms (CNAPP) are transforming CMMC compliance and cloud security.Bryan explains what CNAPP is, how it consolidates multiple security functions into a unified platform, and why it’s becoming essential for organizations managing Controlled Unclassified Information (CUI) in cloud environments. He also shares insights on how automation and real-time risk visibility can simplify audit preparation and improve security posture for defense contractors.Watch the full Episode on YouTube: https://www.cuicktrac.com/cuick-10-podcast/

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Jeff Baldwin, Chief Information Security Officer, and George Perezdiaz, Director of Compliance Advisory, to discuss Cuick Trac’s achievement of FedRAMP Moderate Equivalency. They explore what this milestone means for organizations handling Controlled Unclassified Information (CUI), its impact on CMMC compliance, and how it strengthens cybersecurity within the Defense Industrial Base.Jeff and George break down the importance of third-party validation, how FedRAMP Moderate Equivalency aligns with NIST SP 800-171 and DFARS 252.204-7012 requirements, and how Cuick Trac’s secure enclave provides a managed solution for achieving compliance efficiently.Watch the full Episode on YouTube: https://youtu.be/BbkjKihhOas

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Justin Orcutt, Director of Cybersecurity for the Aerospace and Defense Market at Microsoft, to break down the role of the affirming official in CMMC compliance. Justin discusses the shift of accountability to senior business leaders, the need for annual self-assessments, and the importance of maintaining continuous compliance with CMMC Level 2 requirements.Tune in to learn how to navigate the evolving CMMC landscape and stay on track for 2025 compliance.Watch the full episode on YouTube: https://youtu.be/-7633FA1TSs

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer & Co-Founder of Cuick Trac, is joined by George Perezdiaz, Director of Compliance Advisory at Cuick Trac, to discuss the FAR CUI Rule Update and its implications for CMMC compliance. George breaks down what the FAR CUI Rule means for DoD contractors, the continued importance of CMMC compliance, and what changes are on the horizon in 2025.Tune in for key insights and guidance on staying compliant with the evolving rules.Watch the full episode on YouTube: https://www.youtube.com/watch?v=YOUR_VIDEO_ID

In this episode of the Cuick 10 Podcast, host Derek White, CPO & Co-Founder of Cuick Trac, is joined by George Perezdiaz, Director of Compliance Advisory at Cuick Trac, to discuss the final CMMC rule and what organizations need to do to get ready. They break down strategic steps for effective scoping, CUI management, and understanding third-party risk to ensure compliance for 2025.Presented by: Beryllium InfoSec Guest: George Perezdiaz, Director of Compliance Advisory at Cuick Trac Host: Derek White, CPO & Co-Founder of Cuick TracLearn more: www.cuicktrac.com

In this episode of the Cuick 10 Podcast, Derek White, CPO & Co-Founder of Cuick Trac, is joined by Jeff Baldwin, CISO of Cuick Trac, to discuss how facility scoping works in the context of CMMC when utilizing Virtual Desktop Infrastructure (VDI). Jeff shares insights into how organizations should manage their controlled environments, and why it's important to secure CUI in virtual and remote settings.Learn the best practices for ensuring compliance while navigating the complexities of scoping and securing data in a virtual environment.

In this episode of the Cuick 10 Podcast, Derek White, CPO and Co-Founder of Cuick Trac is joined by Koren Wise, CEO of Wise Technical Innovations, to discuss the complexities of scope and boundaries in CMMC compliance. Koren shares valuable insights on how organizations should define their limits, the challenges of managing CUI flows, and best practices for ensuring compliance across multiple locations and systems. Learn how understanding these boundaries can streamline your compliance efforts and set you up for successful assessments.

The CMMC Program rule-making process has reached a major milestone, with 32 CFR Part 170 officially published on the National Register. Industry-leading cyber lawyer, Robert Metzger, head of cybersecurity practice at Rogers Joseph O'Donnell, PC,, joins Cuick Trac's Derek White to discuss the immediate effects on defense contractors, while also discussing the update to the FAR CUI rule-making process, which will have a potentially significant impact across other agencies.

CMMC may be all the rage now, but your SPRS score is also important and has been for the past few years. Cyber Compliance Community Contributor Wayne Boline joins Cuick Trac's Derek White to discuss what you need to know about SPRS and the myths and facts that come with it.

Are you feeling the pressure of CMMC and not knowing exactly what details you might be missing? Have you been struggling with the challenges of documentation for CMMC? If so, this episode is for you. Cuick Trac's Derek White is joined by Vince Scott, CEO and Founder of Defense Cybersecurity Group, to discuss the important details you don't want to miss as the CMMC rule-making process takes another step forward to being a requirement in your DoD contracts.

Are you responsible for your organization's CMMC compliance program? Are you in a position of leadership where the responsibility lies on your shoulders, regardless of who's been tasked to implement NIST SP 800-171? In this episode, Landon Carlson, Chief Information Security Officer at Metron, shares his experience, insight, and opinions on CMMC as a CISO who is relatively new to the organization.

Governance, Risk and Compliance, or GRC, helps organizations manage risk, achieve business goals, and comply with regulations. When it comes to CMMC, the GRC approach an organization takes can mean the difference between passing or failing third-party assessments. In this episode, Mark Berman, CEO of FutureFeed, talks about what GRC tools should do for you and the benefits of using one above passing an assessment.

Are you new to an organization and the CMMC burden falls on you? Or is CMMC being prioritized again? Or are you focusing on CMMC for the very first time? Regardless of your answer, this podcast is for you. If you miss some of the core aspects of CMMC early on, the price to pay later can be damaging. Special guest Regan Edens of the CMMC Industry Standards Council and DTC Global joins host Derek White to discuss what OSCs should think about on the front end of their CMMC journey.

As the Cybersecurity Maturity Model Certification (CMMC) requirement gets closer, many organizations seeking certification (OSC) are preparing for an assessment with an authorized CMMC third-party assessment organization (C3PAO). OSCs should not engage with C3PAOs until they are ready, If you think you are, listen to Glenda Snodgrass of The Net Effect, LLC, as she discusses the top things you should have ready before you prepare further.

Most of the Defense Industrial Base is made up of small businesses. That innovation is critical to our nation's competitive advantage. However, navigating Controlled Unclassified Information (CUI) and NIST SP 800-171, and preparing for CMMC can be challenging for small businesses. This episode features the small business perspective of Allison Giddens, President of Operations at Win-Tech, Inc., and their approach to these cybersecurity requirements.

Identifying CUI is the #1 most important aspect of properly building a successful compliance program to meet CMMC requirements. In this episode, Ryan Bonner of DEFCERT discusses how an organization can identify CUI, and why it matters to their scope and overall costs of implementation and CMMC certification.

Cybersecurity requirements for Federal Contractors working with the Department of Defense can be hard to navigate. In this episode, we talk to Alex Trafton of Ankura and discuss how export-controlled data, such as the International Traffic in Arms Regulations (ITAR), impacts an organization's CMMC compliance program.

A deep dive into Security Information and Event Management (or SIEM) and why you need it. With special guest Patrick Colantonio of NeQter Labs..