Business Owner’s Guide to CMMC
Ep 1: Why Compliance Matters
Watch episode 1 (or read the transcript below) of our Business Owner’s Guide to CMMC series with Ben Scully (Avatara) and Dan Langley (Lupa Advisors). Stay tuned weekly for new episodes containing actionable insights and an overview of each CMMC domain.
BEN: Hi. Ben Scully here. President over at Avatara. I have with me Dan Langley with Lupa Advisors. We are going to talk CMMC. Obviously, here at Avatara, we spend a lot of time working with our customer base around security and compliance. We thought we would take a step back and pull in an expert from the industry and try to provide a high-level education for business owners around CMMC. So, with that, Dan do you want to give a little background on yourself?
DAN: Sure, thanks Ben. I spent 20 years with IBM. I ended up going back to school and did a master’s in engineering at Washington University, focused on cybersecurity management. I did the CISSP. And then sat down for dinner one night with a friend of mine and he introduced me to a CEO of a Defense Contractor. I asked him, “What keeps you up at night?” He said, “This whole world of CMMC.” So, out of that spurred a new company called Lupa Advisors and we do cybersecurity consulting. We are primarily focused on the DoD Contractor and the CMMC space.
BEN: So, let’s talk about CMMC. How did we get here? Give us a little bit of background on CMMC and how it was born.
DAN: In 2018 and 2019, if you were a DoD contractor, you had to sign off on what they called the FAR 52 if you wanted to do business with the government. It was primarily around cybersecurity, a document with 15 roman numerals that you signed off on every year if you wanted to be a DoD contractor. It’s kind of like installing software. You sit there and say “agree, agree, agree” as you scroll down. Well, last year, there was a knock on the door and it as the devil saying, “I’m here for your soul.” And that was CMMC. They came back and said we’re going to make sure you’re doing those 15 things, which became 17 principals within Level 1.
BEN: So if you’re a business owner and this is all new…why would you want to dive in and make sure you’re getting yourself ready for that assessment process?
DAN: This is all about cybersecurity hygiene, if you will. The government really stepped back and said we have a $600 billion problem. We are losing research to other nations. Our submarine looks like the Chinese submarine. Our Humvee looks like the Chinese Humvee. We are leaking data. It’s not happening at the big company levels. It’s happening down the supply chain. And that’s what all these requirements are. It’s basically, how do I become secure within this cyber world. Because you will be under attack.
BEN: When I think about this, obviously there’s an accountability for our country’s security and our military. I agree completely. The other thing I’d throw out there is that I think there’s a huge competitive advantage or an opportunity here for small business owners. There’s a little bit of a market reset. I think the people that dive in and are ready early will have the opportunity to grow their business because of it. And I do think there will be people who exit the market because of it, because they either chose not to go through this security requirement or they failed to. When I talk to our customers, I hear that from them as well. There’s a subset of folks that see this as a tremendous opportunity to be on the frontend, and there are others that think of this more as, “oh, I have to do this.” I know from Avatara’s standpoint, we’re one of the former. We think that this relaunch of how you do security in the defense space provides not only our customers to have a competitive advantage, but we as their partner in the marketplace as well. So, I’m excited. First and foremost, you have to feel good about helping to keep your country secure. You wouldn’t be a good American if not. But I think there’s a commercial opportunity here for Avatara, as well as Avatara’s customers in the space.
Watch Episode 2 for Dan’s top two cybersecurity tips.
Need help getting compliant?
Avatara’s DoD Platform is a turnkey solution for centralized data and easier compliance. Schedule a free consultation today to learn more.