Cracking the Code of Vulnerability Management

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of navigating CMMC Level 2 certification and assessments, particularly focusing on the role of Managed Service Providers (MSPs). They explore the challenges faced by small MSPs, the importance of documentation, and the intricacies of the assessment process. The conversation emphasizes the need for MSPs to be well-prepared and knowledgeable to effectively support their clients in achieving compliance.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby delve into the intricacies of vulnerability scanning, particularly in the context of CMMC Level 2 compliance for Managed Service Providers (MSPs). They discuss the challenges of vulnerability management, the importance of selecting appropriate tools, and the complexities involved in implementing effective scanning processes. The conversation emphasizes the need for clear documentation, continuous monitoring, and proactive maintenance strategies to ensure compliance and security. The hosts also highlight the significance of preparing for audits and the necessity of adapting to evolving requirements in the cybersecurity landscape.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh discuss the complexities of navigating the Defense Industrial Base (DIB) space, particularly focusing on the Cybersecurity Maturity Model Certification (CMMC) assessments. They explore the challenges faced by organizations in understanding and complying with CMMC requirements, the importance of effective communication with C3PAOs, and the necessity of thorough preparation for assessments. The conversation emphasizes the need for organizations to align their practices with C3PAOs and to be proactive in their compliance efforts to avoid costly failures during audits.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

48 CFR IS HERE! And we have a lot to talk about. In this episode, Bobby and Kaleigh discuss the recent release of 48 CFR and its implications for contractors and subcontractors working with the Department of Defense (War). They explore the significance of the new regulations, the phased rollout strategy, and the importance of CMMC unique identifiers (UIDs). The conversation highlights the risks associated with non-compliance and the need for contractors to be proactive in preparing for the upcoming changes. The hosts emphasize the urgency for subcontractors to align with prime contractors' requirements and the potential consequences of overlooking these regulations.Read 48 CFR Here: https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdfWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the critical role of data flow diagrams in system security plans, particularly in the context of CMMC compliance. They explore the importance of understanding data flow, identifying sources and users, and ensuring proper sanitization of controlled unclassified information (CUI). The conversation emphasizes the need for organizations to be aware of how data flows through their systems and the implications for security and compliance. Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby delve into the intricacies of Customer Responsibility Matrices (CRMs) within the context of CMMC compliance. They discuss the importance of having a well-defined CRM, the relationship between CRMs and service agreements, and how these elements play a crucial role in assessments. The conversation emphasizes the need for clarity in responsibilities, the role of Managed Service Providers (MSPs), and the expectations of auditors. The hosts provide insights on how to effectively create and utilize CRMs to ensure compliance and avoid potential pitfalls during assessments.32 CFR: https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdfThe CAP: https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf?ver=fEk1pUK1Fg26fVtopxv_DA%3d%3dAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

This protips podcast episode is extra special! It includes clips from our webinar delving into the intricacies of system security plans (SSPs), emphasizing their critical role in organizational security and compliance with NIST 800.171 and CMMC standards. The discussion covers the importance of scoping, defining system boundaries, managing data flow, and detailing security controls. It also highlights the necessity of well-defined policies and procedures, as well as the clear outlining of user roles and responsibilities. We share insights on building comprehensive SSPs, the challenges faced by Managed Service Providers (MSPs), and the importance of documentation management in maintaining effective security practices.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Want to take part in our upcoming webinar? Register now: https://events.teams.microsoft.com/event/6b7074f6-f21c-4884-ae24-d06f5f5be94c@edee3165-cd1d-46a0-9efe-d70636e1f49bWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh interviews Dy Edington, the Director of Information Security at AV (formally BlueHalo), about her journey through the CMMC Level 2 assessment. Dy shares insights on the importance of leadership buy-in, team collaboration, and the challenges faced during implementation. She emphasizes the significance of documentation, training, and continuous improvement in maintaining compliance. She also offers valuable advice for those starting their CMMC journey, highlighting the need for communication and understanding across all departments.Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/AV Website: https://www.avinc.com/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Kaleigh Floyd's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this first episode of Season 4 of Climbing Mount CMMC, Bobby and Kaleigh discuss the intricacies of Plans of Action and Milestones (POA&Ms) in the context of compliance with CMMC and NIST standards. They explore the historical misuse of POA&Ms, the new regulations that have been implemented, and the importance of creating effective POA&Ms. The conversation also touches on the role of operational plans of action (OPAs) and the implications of involving external service providers in the remediation process. The episode concludes with insights on navigating changes in compliance and assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

*Spoiler Alert* CMMC is real and it's happening right now.In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical aspects of CMMC compliance for contractors, addressing common questions and concerns. They explore the differences between CMMC Level 1 and Level 2, the importance of legal guidance, and the necessity of understanding controlled unclassified information (CUI). The conversation emphasizes the need for proactive planning, leadership buy-in, and the creation of a Plan of Action and Milestones (PoAM) to ensure successful compliance. They also touch on the implications of NIST 800-171 Rev 3 and the risks associated with delaying compliance efforts.Ryan Bonner's Video: https://www.youtube.com/watch?v=IEy-TkmKMt8Ryan Bonner's Linkedln: https://www.linkedin.com/in/rybonner/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/