Climbing Mount CMMC
Our podcast is dedicated to supporting MSPs/MSSPs and the companies that engage with them. We aim to maintain transparency throughout our journey, especially as we pursue our level two certification. While only a few MSPs are actively participating, we hope this podcast will inspire more involvement.
We have many guests from different branches of the CMMC ecosystem who are professional in their fields. These guests include Brian Hubbard, Joy Beland, Amira Armond and many more!
Episodes
123 episodes
What is CMMC Inheritance and How Do I Apply It? (feat. Adam Evans)
In this episode of Climbing Mount CMMC, Kaleigh speaks with Axiom's compliance officer, Adam Evans, to explore the complexities of inheritance in the context of CMMC compliance, cloud service providers, and external service providers. They disc...
What is "The Game of Chicken" in CMMC? (feat. Lawrence Cruciana)
In this episode of Climbing Mount CMMC, Kaleigh and Bobby dive into a deep discussion on the complexities and challenges of achieving CMMC Level 2 certification for MSPs and OSCs with Lawrence Cruciana. They share insights on shared responsibil...
.png)
Cyb-Her: Transitioning Your MSP to CMMC Compliance
In this episode of Cyb-Her, Kaleigh shares with Axiom employee, Maleah Adams, her journey from call coordinator to COO, speaking on her experiences in the MSP and cybersecurity space, including her work and transition to the CMMC ecosystem and ...
.png)
Working with a C3PAO (feat. Fernando Machado)
In this episode of Climbing Mount CMMC, Fernando Machado (CCA) from CyberSec Investments shares his extensive experience with Kaleigh and Bobby about the CMMC assessment process, the journey to becoming a C3PAO, and practical insights for contr...
.png)
What Questions Should Your MSP Be Asking You?
In this episode, Kaleigh and, new to Axiom, Ashton Guerra discuss the critical questions organizations seeking CMMC Level 2 certification (OSCs) should ask their MSPs. They share insights on scope, security measures, and the importance of trans...
.png)
A Deep Dive into Rev 3: Awareness & Training
In this new series we like to call "Spelunking", Bobby and Kaleigh explore the updates in NIST 800-171 Revision 3, focusing on the differences from Rev 2, including control changes, assessment objectives, and preparation strategies for complian...
The Ultimate Guide to a CMMC Level 2 Self-Assessment
In the season 5 premiere of Climbing Mount CMMC, Kaleigh and Bobby share practical, boots-on-the-ground insights on implementing CMMC self-assessments, especially for MSPs supporting multiple clients. They break down how to approach self-assess...
.png)
How to Build CMMC as an MSP
In the season 4 finale of Climbing Mount CMMC, Kaleigh and Bobby share their extensive experience navigating the complexities of achieving CMMC Level 2 certification as an MSP. They discuss the importance of commitment, education, strategic pla...
.png)
The Concept of "Grace" in Building CMMC
In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the concept of grace within the CMMC framework, particularly focusing on the NIST 800-171 controls, the role of C3PAOs, and the importance of mock assessments. They emphasize the...
.png)
What Does NIST 800-171 Rev 3 Mean for MSPs?
In this episode of Climbing Mount CMMC, Bobby and Adam discuss the implications of Rev3 for MSPs in the context of CMMC. They explore the challenges MSPs face in achieving compliance, the role of external service providers, and the importance o...
The Importance of POA&M Remediation
In this episode of Climbing Mount CMMC, Bobby and Adam discuss the intricacies of Plan of Action and Milestones (POAM) in the context of cybersecurity assessments. They explore the importance of having a clear understanding of what constitutes ...
.png)
Exploring the 5 Stages of CMMC Grief
In this episode of Climbing Mounts CMMC, hosts Kaleigh Floyd and Bobby Guerra discuss the five stages of grief related to the CMMC compliance journey. They share personal experiences and insights on denial, anger, bargaining, depression, and ac...
.png)
What Classifies an Organization as a Cloud Service Provider?
In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the complexities surrounding Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) in the context of CMMC compliance. They clarify the definitions, roles, and re...
.png)
How to Use ODVs Internally
In this episode, the hosts discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers ...
.png)
Breaking Down NIST 800-171 Rev 3 Implementation
In this episode, Kaleigh and Bobby are joined by Axiom's own, Adam Evans, to discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (...
.png)
The Right Way to Safeguard Physical CUI
In this episode, Kaleigh and Bobby discuss the complexities of managing Controlled Unclassified Information (CUI) within the framework of CMMC compliance. They explore the challenges of physical boundaries, the role of personnel in safeguarding...
.png)
Is Your Service Provider Prepared for CMMC?
In this episode of "Climbing Mount CMMC," hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of preparing for a CMMC Level 2 assessment, particularly focusing on the role of external service providers (ESPs) and Managed Service Pro...
.png)
What Does Proper CMMC Self-Attestation Look Like?
In this episode of Climbing Mount CMMC, hosts Bobby and Kaleigh discuss the critical topic of self-attestation for CMMC level two requirements. They explore the evolution of self-attestation, the risks associated with misrepresentation, and the...
.png)
How to Prepare for CMMC in 2026
In this episode, Kaleigh and Bobby discuss the significant changes and challenges that companies will face in 2026 regarding CMMC compliance. They delve into the implications of new CMMC Level 2 requirements, the importance of self-assessments ...
Do I Need to be CMMC Level 2 Certified as an MSP?
In this episode, Kaleigh Floyd and Bobby Guerra discuss the intricacies of change management within Managed Service Providers (MSPs) and its critical role in ensuring compliance with CMMC standards. They emphasize the importance of leadership b...
.png)
Achieving Cross-Team Alignment for CMMC Readiness
In this conversation, Dy Edington discusses the essence of CMMC, emphasizing that it is not merely about following specific procedures but about achieving results with consistency and transparency. She highlights the significance of managing ch...
.png)
Inside the CCP Course as a CMMC Beginner
In this episode, Bobby interviews Axiom's Marketing Coordinator, Maleah Adams, about her experience taking the CCP (CMMC Certified Professional) course. In a brief conversation, they touch on what CMMC looks like from a beginner's perspective a...
.png)
Where to Begin on Your CMMC Compliance Journey
In this episode of Climbing Mount CMMC, Kaleigh Floyd and Kelly Hood discuss the essential steps for small businesses to navigate the complexities of CMMC compliance. They emphasize the importance of understanding the foundational reasons behin...
What to Expect from a CMMC Assessment
This webinar discussion provides an in-depth exploration of the CMMC Level 2 assessment process, including the phases of assessment, methodologies, and the importance of media sanitization and risk assessments. The speakers share their experien...
.png)
The Best Way to Be CMMC-Rollout Ready
In this episode, Kaleigh Floyd, Bobby Guerra, and Vincent Scott discuss the upcoming rollout of the Cybersecurity Maturity Model Certification (CMMC) and the challenges facing the defense industrial base. They explore the readiness of organizat...
.png)