I’m an independent CMMC consultant. I’ve spent years helping small defense contractors prepare for and get through their Level 2 assessments. I’ve been the person in the room presenting evidence and answering assessor questions when the pressure is on.
Along the way I’ve worked alongside MSSPs, MSPs, IT directors who suddenly became “the compliance person,” and business owners who had no idea what NIST 800-171 was until a prime told them they had six months to figure it out.
Why this site exists
I got tired of watching competent companies fail assessments they should have passed.
They weren’t insecure. They had the right tools. The problem was that nobody taught them how to talk about what they already had. The assessor asked a question and they froze, because they’d never practiced connecting “the thing we do every day” to “the thing NIST says we should do.”
Every other resource out there is a raw NIST PDF, a vendor whitepaper dressed up as education, or a consulting firm that hides everything behind a “schedule a call” button. I wanted to build something that’s actually useful without requiring you to hand over your email first.
What I’m not doing here
I don’t sell MSSP services. I’m not a vendor rep. Nobody pays me to recommend their product.
If you have questions about assessment prep or want to work together directly, reach out. But the practice pages on this site are the real product. This information should exist somewhere that isn’t paywalled or buried in a 200-page PDF.
My background
I came into cybersecurity from an unusual direction. Before security operations, I worked in behavioral health with individuals with developmental disabilities and antisocial behaviors. That background taught me how to read a room and figure out what someone actually needs to hear when the pressure is on.
Turns out that’s the skill that matters most in a CMMC assessment room. The technical stuff is table stakes. The difference between a pass and a failure usually comes down to whether you can have a coherent conversation about your own security program.
Stay in the loop
I write about CMMC assessment prep on Substack. New practice breakdowns, common mistakes I’m seeing, and updates as the November 2026 deadline gets closer. Subscribe on Substack or reach me at passmycmmc@substack.com.