Show Website: https://mspbusinessschool.com/

Guest

Name: Brian Guenther
LinkedIn page: https://www.linkedin.com/in/brianwguenther/
Company: Exceed Cybersecurity & I.T. Services
Website: https://www.exceeditmd.com/

Host

Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/

Brian Guenther is a seasoned cybersecurity expert and the founder of Exceed Cyber. With over 26 years of experience in the IT and cybersecurity industry, Brian started his career by building PCs and gradually transitioned into IT franchise ownership. He founded Exceed Cyber in 2017, focusing on helping businesses navigate the complex landscape of cybersecurity compliance, specifically for those with federal contracts mandated by regulations such as CMMC, SoC2, and ISO 27001.

His deep understanding of governance, risk, and compliance processes makes him a valuable asset for companies needing to secure their operations against current cyber threats.

Episode Summary:

In this enlightening episode of MSB Business School, host Brian Doyle sits down with cybersecurity expert Brian Guenther to discuss the nuances of the Cybersecurity Maturity Model Certification (CMMC). As regulations around cybersecurity become more stringent, especially for defense contractors, understanding CMMC's requirements and implications is crucial. Brian Guenther, with his wealth of experience, dives into the evolution of CMMC, highlighting its origins, the essential controls necessary for compliance, and the critical role MSPs play in this landscape.

The discussion delves into how CMMC has become a focal point for organizations dealing with controlled unclassified information (CUI) and why being prepared for compliance is vital. Brian Guenther emphasizes the importance of proactive engagement in compliance processes, illustrating how MSPs can leverage their positioning by becoming CMMC-certified to differentiate themselves in the marketplace. He also sheds light on the geopolitical nuances affecting these regulations and how changes in political leadership might influence—but not diminish—the momentum towards stricter cybersecurity standards for federal contractors.

Key Takeaways:

• CMMC is paramount for defense contractors: Understanding and implementing CMMC is crucial as it enforces standards that contractors should have been following since 2017.
• Compliance does not equal security: While security frameworks like NIST 800-171 underpin CMMC, compliance serves as an initial checkpoint rather than the full spectrum of cybersecurity.
• MSPs must prepare adequately: Even though MSPs are not directly required to certify under CMMC, being prepared and knowledgeable is crucial for assisting clients.
• Cyber liability is a key driver: Insurance and regulatory requirements are pushing businesses to adopt more sophisticated cybersecurity measures.
• Proactive steps are essential: Waiting for enforcement isn't viable; MSPs and their clients should start their compliance journey immediately.

Sponsor vCIOToolbox: https://vciotoolbox.com