GRC Academy

It’s been a long and wild ride on this CMMC ship! ⛵ In this episode, I speak with Stacy Bostjanick who is the Director of the CMMC program at DoD CIO: https://lnkd.in/eUWPKrpj 👉 Here are some of the highlights: ✅ Expectations for the initial phase in of CMMC ✅ Who determines CMMC levels for contracts? ✅ How will CMMC waivers work? ✅ Criteria for CMMC level 2 self-assessments and CMMC level 3 ✅ Early use of NIST 800-171 r3 And so much more! First mentioned in 2019, CMMC 1.0 was released in 2020 under the Trump administration. CMMC 1.0 was reviewed during the Biden administration, they released CMMC 2.0 in late 2021, and then… There was a great silence. If you threw a small rock, you’d hit 27 people who thought CMMC was going away. All this time though, the DoD was quietly marching on. They released the proposed CMMC program rule in December 2023 and released the final CMMC program rule in October 2024 - which is now EFFECTIVE. After all of that, CMMC will FINALLY begin to phase into DoD solicitations and contracts by this summer. CMMC has been a LONG time coming, and it was an honor to hear the back story and why important decisions were made! What were your biggest takeaways? Let me know in the comments! ----- HUGE thanks to my sponsor, Vanta! #cmmc #nist #cybersecurity

2024 was awesome! And BUSY! Here are some of my accomplishments from this year: ✅ Promoted to Executive VP of Cyber at Alamo City Engineering Services Inc ✅ Achieved CMMC Certified Professional (CCP) certification ✅ Presented at several cyber and CMMC-focused webinars ✅ Released 20+ podcast episodes ✅ Reached 1,000 YouTube subscribers ✅ Launched strategic partnerships with Carahsoft, IntelliGRC, MSPCyberX, FedSubK, and PECB 👉 Spent more time with my family Overall it was a great year! I'm so thankful for the wonderful folks I've met and worked with this year! Here are some of my goals for 2025: ✅ Expand strategic partnerships ✅ Educate 5,000+ folks in the ways of CMMC and ISO ✅ CMMC Certified Assessor (CCA) certification ✅ Release 40+ podcast episodes ✅ Grow YouTube channel to 10,000 subscribers 👉 Spend even more time with my family Working a day job + GRC Academy is a challenge. My time is limited, so I'll need to be very focused. Being busy is normal, but are we spending our time on the most impactful things? Some of these goals will be tough to meet, but we'll become stagnant if we aren't holding ourselves to high standards. I'm looking forward to great things in 2025! Thank you for being part of it with me! #cmmc #grcacademy #cybersecurity

Your MSP could be a CMMC disaster. 💥💣💥 I wish I was joking. I'm back with another GRC Academy podcast: https://lnkd.in/ecFPg4vr In this episode I speak with Joy Belinda Beland about the critical role IT Managed Service Providers (MSPs) play in the CMMC space and why so many of them will cause their clients to fail their CMMC assessments. 👉 Here are some of the highlights: ✅ The NEW critical CMMC requirement for MSPs ✅ Why so many MSPs will cause their clients to fail CMMC assessments ✅ Why MSPs SHOULD still get CMMC certified ✅ Questions to ask your MSP to gauge their CMMC readiness Joy is the Vice President of Cybersecurity Compliance at Summit 7 and brings over 20 years of experience as a former MSP owner. Summit 7 is a specialized MSP exclusively supporting defense contractors. If you use an MSP, don't just assume that everything is OK and your MSP has it all covered. It's highly likely that they do NOT and you'll FAIL your CMMC assessment because of them. There are some great CMMC-focused MSPs out there, but the majority of MSPs have NO BUSINESS supporting defense contractors. Choose wisely! What stood out most to you? Whatever your thoughts are, feel free to let me know in the comments! HUGE thanks to our sponsor, Vanta! #cmmc #msp #cybersecurity

The long-awaited Final CMMC (Cybersecurity Maturity Model Certification) Rule is here, and it’s set to transform how businesses approach cybersecurity in the defense supply chain. But what does it mean for your organization? In this episode, we explore the business implications of the Final Rule, breaking down the certification process, key requirements, and how compliance could impact your operations and opportunities. We’ll also discuss what happens next, including timelines, enforcement expectations, and how businesses can prepare as CMMC phases in. Back joining us again is Jacob Hill, one of the top voices on social speaking about cybersecurity compliance and risk management. Jacob brings his extensive experience navigating compliance frameworks, and will share actionable insights and answer critical questions about navigating the evolving CMMC landscape. Whether you’re just starting to assess your CMMC readiness or want to ensure your organization stays ahead of the curve, this episode is your guide to what’s coming and how to succeed. #CMMCFinalRule #CyberLeadership #ComplianceStrategy #CyberRiskManagement #GovernmentContracting Mackenzie Wartenberger | Nathalie Baker | Hollis Henderson

Happy CMMC day! 🥳🎉🥳 Today the final CMMC program rule is effective! From DoD's perspective, CMMC certification assessments can begin! But wait, there's more... The Cyber AB needs to reauthorize all C3PAOs before assessments can begin. 👀 This will happen on January 2nd, 2025. 👉 So even though the CMMC program rule is effective today, CMMC assessments cannot begin until 1/2/2025. The Cyber AB also released a few other documents: ✅ CMMC Assessment Process 2.0: https://lnkd.in/ecAeVu53 ✅ CMMC Code of Professional Conduct 2.0: https://lnkd.in/er77XC9Q Need to train your organization on CMMC? Check out my CMMC Training for Defense Contractors: https://lnkd.in/eCv8JXSa Rest up over the holidays and get ready to come back in full swing! #cmmc #nist #cybersecurity

To my CMMC RPO and consultant friends: Want to do more implementing and less explaining? Let’s chat! I've created foundational CMMC training for Defense Contractors that you can use to educate your clients! What is the value of an educated client? ✅ Less time explaining the basics. ✅ Less time convincing - they'll understand the criticality of getting it right. ✅ They'll have the knowledge to drive change internally. ✅ The training will be there for them as an ongoing reference. I'm a VP of Cyber running a CMMC compliance program at a Defense Contractor. About two years ago I launched my CMMC Overview course to help educate the DIB. It now has 97 5-star reviews! ⭐⭐⭐⭐⭐ Interested? I'll be here. 😎 #cmmc #nist #cybersecurity

Should you NEVER pay after a ransomware attack? 👀 I'm back with another GRC Academy podcast: https://lnkd.in/dbzHh6UM In this episode I speak with Frank Riccardi about cybersecurity in healthcare and the event that triggered much more cyber accountability for the C-suite. 👉 Here are some of the highlights: ✅ Why healthcare workers are prone to social engineering attacks ✅ Reasons you SHOULD and should NOT pay after ransomware attacks ✅ Managing shadow IT after acquisitions/mergers ✅ Why every member of the C-suite must understand cyber ✅ The importance of a culture of reporting Frank is a former C-level executive with 25 years of experience developing compliance and privacy programs for large healthcare systems comprised of hospitals, physician practice groups, urgent care centers, and other healthcare organizations. I really enjoyed Frank's description of shadow IT! I always thought of an employee who is using an unauthorized application, but I never thought of it from the standpoint of an acquisition/merger. What stood out most to you? Whatever your thoughts are, feel free to let me know in the comments! HUGE thanks to our sponsor Vanta! #cybersecurity #healthcare #hospital

I've just reached 1,000 subscribers on YouTube! 🥳🎉🥳 I never realized the amount of work that goes into building a YouTube channel!! But I'm up for it. Next goal: 10,000! #grcacademy #cybersecurity #informationsecurity

Should you fire your MSP?!? 🔥🔥🔥 I'm back with another GRC Academy podcast: https://lnkd.in/enK3a7h2 In this episode, I speak with cybersecurity attorney Sarah Anderson about how to evaluate IT Managed Service Providers and how businesses can protect themselves when relying on them. 👉 Here are some of the highlights: ✅ How you should evaluate MSPs ✅ What to do after your MSP is hacked 👀 ✅ Managing the cyber incident ✅ Cyber insurance pitfalls ✅ Should you fire your hacked MSP? Sarah is the owner of SWA Law LLC and also serves in U.S. Army Reserves as a Lieutenant Colonel. She has been involved in more than 100 cyber incident responses throughout her career and also represents public and private entities in regulatory compliance, cybersecurity practices, and technology contract negotiations. If you are relying on an MSP to manage your IT and security, you won’t want to miss this! As Sarah said, not all MSPs are created equally. Many MSPs have such poor security practices they WILL get you hacked. Encourage your MSP to join MSPCyberX! It’s a nonprofit focused on elevating the security of MSPs. HUGE thanks to our sponsor Vanta! #msp #cmmc #cybersecurity #informationtechnology

I just recorded an AWESOME podcast with Stacy Bostjanick (Director of the CMMC program)!! Here is just some of what we covered: ✅ The phase in of CMMC ✅ Criteria for CMMC level 2 self-assessments ✅ Plans for NIST 800-171 r3 ✅ CMMC and our international partners ✅ And much more! Subscribe to the GRC Academy podcast so you don't miss it! #cmmc #nist #cybersecurity