How to Build Your CMMC Documents the RIGHT Way

In this episode, Kaleigh and Bobby discuss the complexities of CMMC documentation with Tom Conkle from Optic Cyber Solutions. They explore the challenges of writing effective System Security Plans (SSPs) and Customer Responsibility Matrices (CRMs), emphasizing the importance of viewing these documents as management tools rather than mere compliance checkboxes. The conversation highlights common pitfalls organizations face, the significance of clear communication between service providers and clients, and practical tips for creating effective documentation that enhances cybersecurity practices.Tom Conkle on Linkedln: https://www.linkedin.com/in/tomconkle/Kelly Hood on Linkedln: https://www.linkedin.com/in/kellyhoodoc/Optic Cyber Solutions LinksLinkeldn: https://www.linkedin.com/company/opticcyber/posts/?feedView=allWebsite: https://www.opticcyber.com/index.htmlYouTube: https://www.youtube.com/@OpticCyberOptic Cyber Resources Page: https://www.opticcyber.com/resources.htmlCustomer Responsibilities Matrix Template:https://43828014.hs-sites.com/shared-responsibilities-matrix-srm-downloadLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh Floyd and Bobby Guerra delve into the complexities of inheritance within the CMMC framework, particularly focusing on the role of external service providers (ESPs) and the responsibilities of organizations seeking assessment (OSA). They discuss the importance of system security plans, the nuances of the CMMC assessment process, and the challenges faced by managed service providers (MSPs) in navigating inheritance claims. The conversation emphasizes the need for clarity in responsibilities and the potential benefits and limitations of inheriting controls from ESPs. In this conversation, Kaleigh Floyd and Bobby Guerra delve into the complexities of CMMC compliance, focusing on the roles of Managed Service Providers (MSPs) and the concept of inheritance in assessments. They discuss the critical importance of understanding responsibilities between clients and MSPs, the nuances of service provisioning, and the need for clear communication to ensure successful compliance outcomes. The conversation emphasizes the importance of preparation, collaboration, and informed decision-making in navigating the CMMC landscape.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh and Bobby discuss the complexities of scaling CMMC for Managed Service Providers (MSPs). They explore the challenges of compliance, the importance of tools, and the necessity of having structured operational and sales strategies. The conversation also delves into the 'Four Horsemen' of compliance, which are critical for maintaining security and compliance standards. Finally, they emphasize the importance of ongoing maintenance and the long-term scalability of CMMC processes for MSPs.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Bobby and Kaleigh discuss the challenges and strategies of marketing within the CMMC space. Kaleigh shares her journey of transitioning into this niche market, emphasizing the importance of building a reputation, understanding client needs, and maintaining transparency throughout the sales process. They explore the significance of effective communication, the necessity of educating clients about CMMC, and the balance between being sympathetic and correcting misconceptions. The conversation highlights the need for managed service providers to be proactive and knowledgeable in their approach to CMMC compliance.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Bobby and Kaleigh explore the CyberAB ecosystem, focusing on the various roles and certifications within the CMMC framework. They discuss the importance of understanding the distinctions between Registered Practitioners (RP), Registered Practitioner Organizations (RPO), CMMC Certified Professionals (CCP), and CMMC Certified Assessors (CCA). The conversation also highlights the role of C3PAOs in conducting assessments and the significance of external service providers in the certification process. The hosts emphasize the need for organizations to navigate these certifications effectively to ensure compliance and security in the cybersecurity landscape.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Link to Cyber AB certification requirements: https://cyberab.org/CMMC-Ecosystem/Ecosystem-RolesLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of Customer Responsibility Matrices (CRMs) and their significance in CMMC compliance. They discuss the definition of CRMs, their importance in defining responsibilities between customers and service providers, and the essential components needed to create an effective CRM. The conversation emphasizes the need for clarity in responsibilities, the connection to NIST 800-171 controls, and the importance of understanding vendor relationships in the context of cybersecurity compliance.Optic Cyber Solutions CRM Template: MSP-customer-responsibility-matrix-template 1.xlsxKelly Hood: (9) Kelly Hood | LinkedInTom Conkle: (9) Tom Conkle | LinkedInBrian Hubbard: (9) Brian Hubbard | LinkedInLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra engage with Chris and Hannah Silvers, a father-daughter duo from CG Silver's Consulting. They discuss their journey in the cybersecurity field, the challenges and dynamics of CMMC, and the importance of community and collaboration in navigating this complex landscape. The conversation highlights the unique challenges faced by MSPs in adapting to CMMC requirements and the evolving nature of their business dynamics. The episode also touches on the intricacies of the sales process in CMMC consulting, emphasizing the need for education and understanding in client relationships. In this engaging conversation, Chris and Hannah Silvers, along with Kaleigh Floyd and Bobby Guerra, explore the intricacies of navigating the C3PAO landscape, the journey to certification, and the dynamics of working in a family business. They discuss the importance of confidence and growth in professional roles, generational perspectives in the workplace, and the empowerment that comes from experience. The conversation highlights the unique challenges and rewards of working in cybersecurity, particularly in the context of family relationships and mentorship.CG Silvers Consulting website: https://www.cgsilvers.com/Chris' LinkedIn: https://www.linkedin.com/in/cgsilvers/Hannah's Linkedln: (15) Hannah Silvers | LinkedInCyberAB listing with contact information: https://cyberab.org/Member/C3PAO-198-Cg-Silvers-Consulting-LlcLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical issue of false starts in CMMC assessments, emphasizing the importance of proper documentation and preparation. They explore the phases of CMMC assessments, the consequences of failing to meet requirements, and the necessity of seeking help from consultants. The conversation highlights the significance of mock assessments and understanding the roles of external service providers in the assessment process. The hosts provide practical advice for avoiding false starts and ensuring a successful assessment journey.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh and Bobby welcome back Kyle Lai to discuss the challenges and insights surrounding C3PAOs and the CMMC framework. They explore Kyle's journey into the C3PAO space, the current state of audits, and the importance of software development in compliance. The conversation highlights the need for collaboration between IT and software development teams, the significance of understanding controlled unclassified information (CUI), and the challenges faced during assessments. Kyle shares valuable insights on vulnerability management, the impact of open-source software, and strategies for leveraging existing platforms to ease compliance efforts. The episode concludes with a call for better communication and collaboration within organizations to ensure successful assessments and compliance.Kyle's LinkedIn: https://linkedin.com/in/kylelai/KLC Consulting: https://klcconsulting.netWeb Application Reference Architecture: https://acrobat.adobe.com/id/urn:aaid:sc:US:8bb4ebc1-8287-40af-8761-31bc035fa64cKLC's Playbook for CMMC Assessors: https://acrobat.adobe.com/id/urn:aaid:sc:US:abd836d0-7eea-43e5-ae72-86d06197fc54KLC's Software Security Principles Template and Related Resources:https://klcconsulting.net/cmmc-resource-tools/LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode of CybHer, Kaleigh Floyd interviews Jil Wright, president of Wrightbrained Security, discussing her extensive experience in IT and the CMMC space. They explore the challenges of cybersecurity assessments, the importance of documentation, and the evolving role of women in the tech industry. Jil shares insights on the necessity of evidence in assessments, the significance of mentorship, and the need for companies to prepare adequately for CMMC compliance. The conversation highlights the importance of collaboration and the unique challenges faced by women in cybersecurity.Jil's Linkedln: https://www.linkedin.com/in/itjil/ Wrightbrained Security: wrightbrainedsecurity.com LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn