CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/3a/fe/76/3afe76f7-ce2b-7984-fd14-84dcfa90a390/mza_10838360102750420844.jpg/600x600bb.jpg

The Art of Cybersecurity: Real-World Risk & Compliance Strategies

Cheri Hotman

25 episodes

5 days ago

Cybersecurity is as much art as it is science or technology. It must be creatively designed, right-sized, implemented, and sustained—all within stealthy constraints: finite time, budget, resources. Meanwhile, customers demand this framework, that standard, and yet another security questionnaire. It’s a lot to juggle—balancing security that genuinely protects people and data with the theater that often slips into meaningless checkbox exercises. On this podcast, expect sharp, unfiltered conversations about the realities of cyber and what it truly takes to do it right—and make it actually matter.

Technology

RSS

All content for The Art of Cybersecurity: Real-World Risk & Compliance Strategies is the property of Cheri Hotman and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/23016454/23016454-1748045604265-4e804e92cef1c.jpg

CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes

The Art of Cybersecurity: Real-World Risk & Compliance Strategies

43 minutes 44 seconds

2 months ago

CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes

In this episode, Cheri Hotman and Paula Biggs break down the realities of CMMC compliance, with a special focus on scoping and avoiding common missteps. They explain how CMMC builds on existing NIST 800-171 requirements and why scoping—deciding which systems, people, and vendors fall under compliance—is the first and most critical step. Paula emphasizes that smaller companies can often save significant cost and risk by narrowing their scope strategically, while Cheri highlights how poor scoping leads to inflated audits, unnecessary licensing fees, and added risk exposure. Together, they stress the importance of understanding vendor responsibilities, building accurate and detailed System Security Plans (SSPs), and treating audits as confidence-building exercises rather than checkbox events. The conversation reinforces that CMMC isn’t just about passing an audit—it’s about sustaining secure, risk-aware practices that protect sensitive data and long-term business trust.