Bobby Guerra

Climbing Mount CMMC

Our podcast is dedicated to supporting MSPs/MSSPs and the companies that engage with them. We aim to maintain transparency throughout our journey, especially as we pursue our level two certification. While only a few MSPs are actively participating, we hope this podcast will inspire more involvement. We have many guests from different branches of the CMMC ecosystem who are professional in their fields. These guests include Brian Hubbard, Joy Beland, Amira Armond and many more!

Author

Bobby Guerra

Category

Technology

Podcast website

www.axiom.tech

Latest episode

Jul 9, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

What Happens After I Pass My Assessment? 09.07.2026

In this episode of Climbing Mount CMMC, Bobby and Kaleigh discuss the critical aspects of maintaining CMMC compliance after you pass your assessment. They cover maintenance activities, evidence gathering, and scaling strategies for MSPs and organizations to stay compliant and prepared for audits. NIST 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems Website: https://ww...

How To Pass CMMC The First Time 02.07.2026

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the complexities of CMMC readiness and the importance of proper preparation for assessments. They share insights from their experiences as an MSP navigating the evolving cybersecurity landscape. Podcast episode -The Game of Chicken with Lawrence Cruciana: https://youtu.be/NffcMSVnKUM Podcast episode -The State of CMMC Today with Mat...

What Every MSP Needs to Know About CMMC (feat. Matt Travis, CEO of Cyber AB) 25.06.2026

In this special episode of Climbing Mount CMMC, Bobby and Kaleigh discuss the intricacies of the CMMC ecosystem with Matt Travis, CEO of the Cyber AB. They explore the challenges, opportunities, and future strategies for MSPs, assessors, and small businesses navigating cybersecurity compliance. 32 CFR Final Rule : 2024-22905.pdf Cyber AB Website : CyberAB > Home Time Stamps: 00:00-02:14 Introdu...

How To Master the CCP/CCA Courses 18.06.2026

In this episode of Climbing Mount CMMC, Bobby and Kaleigh provide an in-depth look at the CCP and CCA certifications, including preparation strategies, course insights, and industry perspectives. They discuss topics that target those aiming to understand the certification process, improve their skills, or help organizations prepare for assessments. Tara Lemieux Game: SECTOR 171 — The Assessor&apos...

A Deep Dive into Rev 3: Incident Response (feat. Adam Evans) 11.06.2026

In this Spelunking episode of Climbing Mount CMMC, Kaleigh and Adams dive into the key differences between NIST 800-171 Rev2 and Rev3, focusing on incident response requirements for CMMC compliance. They share insights on preparing for Rev3, emphasizing 03.06's incident handling, reporting, and training strategies. Link to NIST 800-171 Rev 3: https://nvlpubs.nist.gov/nistpubs/SpecialPublicati...

What Qualifies As a "Significant Change" in CMMC? 04.06.2026

In this episode of Climbing Mount CMMC, Bobby and Kaleigh explore the recent updates and implications of "significant changes" in the CMMC assessment process, focusing on how organizations can navigate reassessments, change management, and the role of C3PAOs. Link to 32 CFR Final Rule:  Federal Register :: Cybersecurity Maturity Model Certification (CMMC) Program Link to FAQ:  CYBERSECUR...

What is CMMC Inheritance and How Do I Apply It? (feat. Adam Evans) 28.05.2026

In this episode of Climbing Mount CMMC, Kaleigh speaks with Axiom's compliance officer, Adam Evans, to explore the complexities of inheritance in the context of CMMC compliance, cloud service providers, and external service providers. They discuss how inheritance works, common misconceptions, and practical tips for organizations navigating compliance assessments. Link to the CMMC Assessment P...

What is "The Game of Chicken" in CMMC? (feat. Lawrence Cruciana) 21.05.2026

In this episode of Climbing Mount CMMC, Kaleigh and Bobby dive into a deep discussion on the complexities and challenges of achieving CMMC Level 2 certification for MSPs and OSCs with Lawrence Cruciana. They share insights on shared responsibility, operational maturity, and "the game of chicken" played between organizations in the cybersecurity compliance landscape. Lawrence's Linke...

Cyb-Her: Transitioning Your MSP to CMMC Compliance 14.05.2026

In this episode of Cyb-Her, Kaleigh shares with Axiom employee, Maleah Adams, her journey from call coordinator to COO, speaking on her experiences in the MSP and cybersecurity space, including her work and transition to the CMMC ecosystem and her perspective as a woman in a male-dominated industry. Website: https://www.axiom.tech/ YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ...

Working with a C3PAO (feat. Fernando Machado) 07.05.2026

In this episode of Climbing Mount CMMC, Fernando Machado (CCA) from CyberSec Investments shares his extensive experience with Kaleigh and Bobby about the CMMC assessment process, the journey to becoming a C3PAO, and practical insights for contractors navigating the certification landscape. They discuss the phases of assessments, scoping mistakes, and how to prepare effectively. Fernando's Lin...

What Questions Should Your MSP Be Asking You? 30.04.2026

In this episode, Kaleigh and, new to Axiom, Ashton Guerra discuss the critical questions organizations seeking CMMC Level 2 certification (OSCs) should ask their MSPs. They share insights on scope, security measures, and the importance of transparency in the certification journey. Website: https://www.axiom.tech/ YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linked...

A Deep Dive into Rev 3: Awareness & Training 23.04.2026

In this new series we like to call "Spelunking", Bobby and Kaleigh explore the updates in NIST 800-171 Revision 3, focusing on the differences from Rev 2, including control changes, assessment objectives, and preparation strategies for compliance. In this episode, they focus on control 03.02 Awareness and Training. They give valuable insights for MSPs, organizations, and assessors prepar...

The Ultimate Guide to a CMMC Level 2 Self-Assessment 16.04.2026

In the season 5 premiere of Climbing Mount CMMC, Kaleigh and Bobby share practical, boots-on-the-ground insights on implementing CMMC self-assessments, especially for MSPs supporting multiple clients. They break down how to approach self-assessments with the discipline of a formal audit, while still building a process that can scale. Website: https://www.axiom.tech/ YouTube: https://www.youtube.co...

How to Build CMMC as an MSP 26.03.2026

In the season 4 finale of Climbing Mount CMMC, Kaleigh and Bobby share their extensive experience navigating the complexities of achieving CMMC Level 2 certification as an MSP. They discuss the importance of commitment, education, strategic planning, and the realities of scaling support for government contractors. Website: https://www.axiom.tech/ YouTube: https://www.youtube.com/channel/UCaJagoDas...

The Concept of "Grace" in Building CMMC 19.03.2026

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the concept of grace within the CMMC framework, particularly focusing on the NIST 800-171 controls, the role of C3PAOs, and the importance of mock assessments. They emphasize the need for proper training and certification, the significance of daily reviews during assessments, and the opportunities provided by the 10-day remediation...

What Does NIST 800-171 Rev 3 Mean for MSPs? 12.03.2026

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the implications of Rev3 for MSPs in the context of CMMC. They explore the challenges MSPs face in achieving compliance, the role of external service providers, and the importance of documentation and shared responsibilities. They highlight the evolving landscape of cybersecurity requirements and the necessity for MSPs to fully commit...

The Importance of POA&M Remediation 05.03.2026

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the intricacies of Plan of Action and Milestones (POAM) in the context of cybersecurity assessments. They explore the importance of having a clear understanding of what constitutes a POAM, the distinction between operational plans and assessment findings, and the necessity of being prepared for assessments to ensure compliance. The con...

Exploring the 5 Stages of CMMC Grief 26.02.2026

In this episode of Climbing Mounts CMMC, hosts Kaleigh Floyd and Bobby Guerra discuss the five stages of grief related to the CMMC compliance journey. They share personal experiences and insights on denial, anger, bargaining, depression, and acceptance, emphasizing the importance of understanding these emotions as organizations navigate the complexities of CMMC compliance. The conversation highlig...

What Classifies an Organization as a Cloud Service Provider? 19.02.2026

In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the complexities surrounding Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) in the context of CMMC compliance. They clarify the definitions, roles, and responsibilities of MSPs and CSPs, particularly in relation to handling Controlled Unclassified Information (CUI) and navigating FedRAMP requirements. The con...

How to Use ODVs Internally 12.02.2026

In this episode, the hosts discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for c...

Breaking Down NIST 800-171 Rev 3 Implementation 05.02.2026

In this episode, Kaleigh and Bobby are joined by Axiom's own, Adam Evans, to discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that a...

The Right Way to Safeguard Physical CUI 29.01.2026

In this episode, Kaleigh and Bobby discuss the complexities of managing Controlled Unclassified Information (CUI) within the framework of CMMC compliance. They explore the challenges of physical boundaries, the role of personnel in safeguarding CUI, and the implications of printing and disposing of sensitive information. The conversation also touches on the nuances of working from home, the import...

Is Your Service Provider Prepared for CMMC? 22.01.2026

In this episode of "Climbing Mount CMMC," hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of preparing for a CMMC Level 2 assessment, particularly focusing on the role of external service providers (ESPs) and Managed Service Providers (MSPs). They emphasize the importance of selecting a provider who not only understands the CMMC requirements but has also successfully guid...

What Does Proper CMMC Self-Attestation Look Like? 15.01.2026

In this episode of Climbing Mount CMMC, hosts Bobby and Kaleigh discuss the critical topic of self-attestation for CMMC level two requirements. They explore the evolution of self-attestation, the risks associated with misrepresentation, and the importance of accountability in the self-assessment process. The conversation emphasizes the need for organizations to prepare adequately for self-attestat...

How to Prepare for CMMC in 2026 08.01.2026

In this episode, Kaleigh and Bobby discuss the significant changes and challenges that companies will face in 2026 regarding CMMC compliance. They delve into the implications of new CMMC Level 2 requirements, the importance of self-assessments versus third-party assessments, and the potential consequences of non-compliance. The conversation also touches on the risks of false claims and whistleblow...

Listen to the Climbing Mount CMMC podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.