Season 2

You're a business that has two options: Commercial or CMMC? It's hard to fully see the path ahead when you're only at the beginning. Bobby and Kaleigh give a 12 Step process of climbing the CMMC Mountain ahead. This is focused more towards MSPs, but any business, especially SMBs, can get a lot out o...

In this episode, Kaleigh Floyd, Bobby Guerra, and Vincent Scott discuss the critical aspects of self-assessments in the context of CMMC compliance. They explore the different types of self-assessments, the importance of having a System Security Plan (SSP), and practical strategies for conducting eff...

We sat down with Dr. Ron Ross about his story and how he got to where he is today. He shares what his first job was out of the Army and his health battle while writing publications for NIST. His journey is incredibly inspiring, and we feel such gratitude to be able to share this with all of you. To ...

You can't have NIST SP 800-171 without the 800-53 that came before it. In today's episode, Bobby sat down with FedRAMP expert, Karen Stanford, to discuss the connection between the two publications and how you can use this to your advantage when preparing for an assessment. Many of the 800-171 contr...

Today, Bobby and Kaleigh are joined by Dr. Ron Ross from NIST, an author of SP 800-172 and MUCH MORE. He shares the true purpose behind the document and what the new draft brings to the table. The draft was published on 11/13/24 and public comments are now being accepted until January of 2025. Websi...

In this podcast episode, Bobby Guerra, Kaleigh Floyd, and Vince Scott discuss the complexities of the Cybersecurity Maturity Model Certification (CMMC) and its phases. Vince shares his extensive background in cybersecurity, transitioning from offense to defense, and the challenges faced by small bus...

In this conversation, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the distinctions between Cloud Service Providers (CSPs) and other service providers (ESPs), the significance of Controlled Unclassified Information (CUI), and the importance of vendor assessments in the context of the 32 CFR r...

Karen and Bobby dive into the complexities of cybersecurity audits, particularly focusing on the distinctions between CMMC and FedRAMP. They discuss operational challenges, the assessment processes, and the importance of recommendations in FedRAMP. The conversation also highlights misconceptions abo...

Are you an MSP navigating CMMC? Are you a contractor looking for the right MSP for your climb to CMMC? This episode is going to decipher the 32 CFR final rule with those to perspectives front-of-mind. Bobby and Kaleigh discuss the assessment requirements of an ESP, what inheritance is, and how an MS...

In this conversation, Bobby Guerra and Kaleigh Floyd discuss the recent release of the 32 CFR Final Rule and its implications for organizations. They explore the importance of self-assessments, the complexities involved, and the distinctions between different types of compliance measures such as end...

32 CFR Final Rule! The time has come. We wanted to hop on a quick video, before Kaleigh hops on a plane, to talk about the 32 CFR FINAL RULE. We may or may not have recorded a 2 hour long podcast this week that we now have to cut…but we are back and ready to review the Final Rule. Phase extensions, ...

Hello Climbers, let's get real about the resources needed on your climb of CMMC. Bobby and Adam discuss the people, tools, and more that it takes to accomplish CMMC Level 2 compliance.They explore the importance of having knowledgeable personnel, the role of Managed Service Providers (MSPs) and cons...

In this engaging conversation, Jason Sproesser shares his journey into the CMMC space and the evolution of the Sum IT Up podcast. The discussion highlights the importance of community, vulnerability, and authenticity in the cybersecurity field, as well as the challenges faced by MSPs. Jason emphasiz...

In this podcast episode, Bobby Guerra and Kaleigh Floyd discuss the challenges and implications of the CMMC (Cybersecurity Maturity Model Certification) ruling. They highlight the impact of the 32 CFR (Code of Federal Regulations) on organizations and vendors who need to meet the level two requireme...

Fresh off the press! Bobby and Adam just completed a gap assessment done by a C3PAO and they want to share what they've learned with all of you. Here are the top 5 things that made their assessment so difficult. We hope you enjoy. Website: https://www.axiom.tech/ YouTube: https://www.youtube.com/cha...

Emergency Podcast Episode 🚨 The 32 CFR Final Rule COMPLETED THE REVIEW PROCESS and things are heating up. We couldn't help but hop on the podcast and share this news and what it means for organizations and MSPs in the community. Website: https://www.axiom.tech/ YouTube: https://www.youtube.com/chan...

Let's get personal. Axiom has been on this CMMC journey for about 3 years now and we'd love to share our experience as an MSP and small business in the industry. In this episode, Bobby and Adam share how they got into this space and their fears and challenges going in. Bobby started Axiom over 20 ye...

Let's talk about the CMMC Menu items. There are multiple ways that a business can tackle CMMC and we wanted to share with you 4 popular ways. In no way are we claiming these to be the only ways, but we do feel like these are the top four ways we've seen companies climb the mountain. Comment below if...

(Season Two Episode 15) Bobby Guerra is joined by Jacob Hill, VP of cybersecurity at Alamo City Engineering Services and founder of GRC Academy. Jacob discusses the importance of education and training in the defense contractor industry. He shares his experience in implementing CMMC compliance and t...

In this conversation, Bobby is joined by Kyle Lai, President and Chief Information Security Officer at KL3. They discuss the challenges and considerations of CMMC compliance for organizations involved in software development. Kyle emphasizes the importance of selecting a C3PAO (CMMC Third-Party Asse...