Get Started

Cuick 10 Podcast

The Cuick 10 Podcast, hosted by Cuick Trac, covers all things cybersecurity, from all different perspectives and personalities across the FedCon and Cyber Defense industry. All in 10 (ish) minutes. 

Listen On:

pandora
iHeartPodcasts

Sign up for alerts on new podcasts:

Episodes:

S Ep IntelliGRC ()
SEASON 2 | EPISODE 13

Legal Reality Check: CMMC's Day-One Impact

In this episode of the Cuick 10 Podcast, filmed live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Eric Crusius, Partner and Government Contracts Practice Chair at Hunton Andrews Kurth LLP, to talk about what CMMC “Day One” really means from a contracts and legal perspective.

Eric explains how compliance expectations shift once the rule is finalized — including the shift away from lenient SPRS self-assessments and toward mandatory control coverage with limited room for POA&Ms. He also shares why your system security plan is one of the most important compliance documents you’ll ever create, and how legal missteps are likely to be enforced going forward.

Watch the full Episode on YouTube
S Ep IntelliGRC ()
SEASON 2 | EPISODE 12

Consultants, Compliance, and the Truth About Turnkey

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Amanda Adams, Founder & CEO of GSec LLC, to talk about what really goes into supporting organizations through the CMMC journey.

Amanda shares her perspective as a longtime RMF practitioner and consultant, offering insight into the realities of documentation, scoping, and the evolving ecosystem. She also addresses the misconception that CMMC is something you can “buy off the shelf” — and why organizations need both education and flexibility to do it right.

Watch the full Episode on YouTube
S Ep IntelliGRC ()
SEASON 2 | EPISODE 11

CMMC at Scale: Securing Enterprise & Supply Chain

In this episode of the Cuick 10 Podcast, filmed live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Chuck Orlowski, BISO/CISO at GE Vernova, to discuss the challenges of managing CMMC compliance at enterprise scale.

Chuck shares how his team is driving cultural change across one of the world’s largest energy portfolios while tackling CMMC readiness internally and throughout their supply chain. He speaks candidly about what’s still unclear from the DoD, the risks of ignoring contract implications, and why smaller contractors need shared solutions to survive the cybersecurity demands being pushed downstream.

Watch the full Episode on YouTube
S Ep IntelliGRC ()
SEASON 2 | EPISODE 10

CMMC Assessments Are Here: What You Need to Know

In this episode of the Cuick 10 Podcast, filmed live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Fernando Machado, Managing Principal and CISO at CyberSec Investments, to share lessons from the first wave of official CMMC Level 2 assessments.

Fernando explains how the landscape has changed now that C3PAOs are actively certifying OSCs, what contractors should expect during scheduling, and what happens if you’re not ready. He also addresses the nuances around significant changes to a system post-certification — and what still needs clarification from the DoD.

Watch the full Episode on YouTube
S Ep IntelliGRC ()
SEASON 2 | EPISODE 9

Bridging the Gaps: DFARS vs. CMMC

In this episode of the Cuick 10 Podcast, filmed live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Carter Schoenberg, Vice President & Chief Cybersecurity Officer at SoundWay Consulting, to discuss the often-misunderstood divide between DFARS contract requirements and CMMC Level 2 assessments.

Carter shares what he’s seen across dozens of readiness reviews and client assessments—including how organizations are still falling short when it comes to incident response planning, asset inventory, and understanding their obligations. He also explains why contractors should be getting on a C3PAO’s schedule sooner rather than later—before the demand outpaces capacity.

Watch the full Episode on YouTube
S Ep IntelliGRC
SEASON 2 | EPISODE 8

Behind the Scenes of CMMC Assessments

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Steven Molter, Solutions Architect at IntelliGRC, to explore what’s actually happening inside CMMC Level 2 assessments right now.

Steven shares what he’s seeing across multiple client engagements, including inconsistencies between C3PAOs, scoping guidance that’s still evolving, and practical strategies for addressing tough requirements like continuous monitoring. He also highlights how IntelliGRC is helping organizations ditch spreadsheet chaos and stay organized for audit success.

Watch the full Episode on YouTube
S Ep Wiz ()
SEASON 2 | EPISODE 7

CMMC Lessons from the Front Lines

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Matthew Titcombe, CEO & Sr. Information Security Consultant at Peak InfoSec, to share real-world insights from the early days of CMMC through where things stand in 2025.

Matthew discusses his experiences as one of the first C3PAOs, the growing demand for in-person collaboration and education in the cybersecurity space, and the evolving expectations from primes within the Defense Industrial Base. He also gives a behind-the-scenes look at what’s next for CUICON and Peak InfoSec’s content series, including “As the CMMC Churns” and “CMMC Group Therapy.”

Watch the full Episode on YouTube
S Ep Wiz ()
SEASON 2 | EPISODE 6

CMMC & FedRAMP: What’s Next?

In this special episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by George Perezdiaz, Director of Advisory Services at Cuick Trac, to discuss the future of CMMC and FedRAMP compliance—recorded live from #CUICON 2025.

George shares insights into how FedRAMP Moderate Equivalency is shaping the cybersecurity landscape for DoD contractors, the latest updates on CMMC, and what businesses need to know about evolving compliance regulations. They also break down the critical difference between incident response vs. incident awareness and why planning ahead is key to staying compliant.

Watch the full Episode on YouTube
S Ep Wiz ()
SEASON 2 | EPISODE 5

CMMC Pitfalls – What Contractors Must Avoid

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Stephen Pratt, Chief Information Security Officer (CISO) and Director of Programs, Cyber Risk & Compliance Sector at Sentar, to discuss the biggest pitfalls organizations face when preparing for CMMC assessments.

Stephen shares key insights on why contractors struggle with scoping, documentation, and cloud service provider compliance, and how early preparation and mock assessments can prevent certification failures.

Watch the full Episode on YouTube
S Ep Wiz
SEASON 2 | EPISODE 4

CNAPP & CMMC

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Jeff Baldwin, Chief Information Security Officer, and George Perezdiaz, Director of Compliance Advisory, to discuss Cuick Trac’s achievement of FedRAMP Moderate Equivalency. They explore what this milestone means for organizations handling Controlled Unclassified Information (CUI), its impact on CMMC compliance, and how it strengthens cybersecurity within the Defense Industrial Base.

Jeff and George break down the importance of third-party validation, how FedRAMP Moderate Equivalency aligns with NIST SP 800-171 and DFARS 252.204-7012 requirements, and how Cuick Trac’s secure enclave provides a managed solution for achieving compliance efficiently.

Watch the full Episode on YouTube
Ep Jeff Baldwin ()
SEASON 2 | EPISODE 3

Cuick Trac Achieves FedRAMP Moderate Equivalency

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Jeff Baldwin, Chief Information Security Officer, and George Perezdiaz, Director of Compliance Advisory, to discuss Cuick Trac’s achievement of FedRAMP Moderate Equivalency. They explore what this milestone means for organizations handling Controlled Unclassified Information (CUI), its impact on CMMC compliance, and how it strengthens cybersecurity within the Defense Industrial Base.

Jeff and George break down the importance of third-party validation, how FedRAMP Moderate Equivalency aligns with NIST SP 800-171 and DFARS 252.204-7012 requirements, and how Cuick Trac’s secure enclave provides a managed solution for achieving compliance efficiently.

Watch the full Episode on YouTube
Ep Jeff Baldwin ()
SEASON 2 | EPISODE 2

CMMC & Your Affirming Official

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Justin Orcutt, Director of Cybersecurity for the Aerospace and Defense Market at Microsoft, to break down the role of the affirming official in CMMC compliance. Justin discusses the shift of accountability to senior business leaders, the need for annual self-assessments, and the importance of maintaining continuous compliance with CMMC Level 2 requirements.

Watch the full Episode on YouTube
S Ep FAR CUI Rule
SEASON 2 | EPISODE 1

FAR CUI Rule Update – What DoD Contractors Need to Know

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer & Co-Founder of Cuick Trac, is joined by George Perezdiaz, Director of Compliance Advisory at Cuick Trac, to discuss the FAR CUI Rule Update and its implications for CMMC compliance. George breaks down what the FAR CUI Rule means for DoD contractors, the continued importance of CMMC compliance, and what changes are on the horizon in 2025.
Watch the full Episode on YouTube
Ep George Perezdiaz
SEASON 1 | EPISODE 14

CMMC Compliance – Are You Ready for 2025?

In this episode of the Cuick 10 Podcast, Derek White, CPO & Co-Founder of Cuick Trac, is joined by George Perezdiaz, Director of Compliance Advisory at Cuick Trac, to discuss the latest developments in CMMC compliance and what businesses need to know as we approach 2025. George shares insights into the final CMMC rule, effective strategies for scoping and managing CUI, and tips for ensuring your organization is fully compliant with the latest regulations.

Tune in for expert advice on how to stay ahead of the curve and meet the CMMC requirements for the coming year.

Watch the full Episode on YouTube
Ep Jeff Baldwin
SEASON 1 | EPISODE 13

CMMC Facility Scoping with VDI

In this episode of the Cuick 10 Podcast, Derek White, CPO & Co-Founder of Cuick Trac, is joined by Jeff Baldwin, CISO of Cuick Trac, to discuss how facility scoping works in the context of CMMC when utilizing Virtual Desktop Infrastructure (VDI). Jeff shares insights into how organizations should manage their controlled environments and why securing CUI in virtual and remote settings is essential. Learn the best practices for ensuring compliance while navigating the complexities of scoping and securing data in a virtual environment.

Watch the full Episode on YouTube
Ep Koren Wise
SEASON 1 | EPISODE 12

Scope & Boundaries for CMMC

In this episode of the Cuick 10 Podcast, Derek White, CPO and Co-Founder of Cuick Trac is joined by Koren Wise, CEO of Wise Technical Innovations, to discuss the complexities of scope and boundaries in CMMC compliance. Koren shares valuable insights on how organizations should define their limits, the challenges of managing CUI flows, and best practices for ensuring compliance across multiple locations and systems. Learn how understanding these boundaries can streamline your compliance efforts and set you up for successful assessments.

Watch the full Episode on YouTube
Cuick 10 Podcast CMMC Rule Update - 32 CFR Part 170
SEASON 1 | EPISODE 11

CMMC Rule Update - 32 CFR Part 170

The CMMC Program rule-making process has reached a major milestone, with 32 CFR Part 170 officially published on the National Register. Industry-leading cyber lawyer, Robert Metzger, head of cybersecurity practice at Rogers Joseph O’Donnell, PC,, joins Cuick Trac’s Derek White to discuss the immediate effects on defense contractors, while also discussing the update to the FAR CUI rule-making process, which will have a potentially significant impact across other agencies.

Watch the full Episode on YouTube
Cuick 10 Podcast Episode 10
SEASON 1 | EPISODE 10

SPRS: Myth vs Fact

CMMC may be all the rage now, but your SPRS score is also important and has been for the past few years. Cyber Compliance Community Contributor Wayne Boline joins Cuick Trac’s Derek White to discuss what you need to know about SPRS and the myths and facts that come with it.

Watch the full Episode on YouTube
Cuick 10 Podcast Episode 9
SEASON 1 | EPISODE 9

The Challenge of Documentation for CMMC

Are you feeling the pressure of CMMC and not knowing exactly what details you might be missing? Have you been struggling with the challenges of documentation for CMMC? If so, this episode is for you. Cuick Trac’s Derek White is joined by Vince Scott, CEO and Founder of Defense Cybersecurity Group, to discuss the important details you don’t want to miss as the CMMC rule-making process takes another step forward to being a requirement in your DoD contracts.

Watch the full Episode on YouTube
Cuick 10 Podcast Episode 8
SEASON 1 | EPISODE 8

CMMC Through the Eyes of a CISO

Are you responsible for your organization’s CMMC compliance program? Are you in a position of leadership where the responsibility lies on your shoulders, regardless of who’s been tasked to implement NIST SP 800-171? In this episode, Landon Carlson, Chief Information Security Officer at Metron, shares his experience, insight, and opinions on CMMC as a CISO who is relatively new to the organization.

Watch the full Episode on YouTube
Cuick 10 Podcast E7
SEASON 1 | EPISODE 7

What GRC Means to You and What to Do

Governance, Risk and Compliance, or GRC, helps organizations manage risk, achieve business goals, and comply with regulations. When it comes to CMMC, the GRC approach an organization takes can mean the difference between passing or failing third-party assessments. In this episode, Mark Berman, CEO of FutureFeed, talks about what GRC tools should do for you and the benefits of using one above passing an assessment.

Watch the full Episode on YouTube
Cuick 10 Podcast Episode 6
SEASON 1 | EPISODE 6

Starting (or Re-starting) Your CMMC Program

Are you new to an organization and the CMMC burden falls on you? Or is CMMC being prioritized again? Or are you focusing on CMMC for the very first time? Regardless of your answer, this podcast is for you. If you miss some of the core aspects of CMMC early on, the price to pay later can be damaging. Special guest Regan Edens of the CMMC Industry Standards Council and DTC Global joins host Derek White to discuss what OSCs should think about on the front end of their CMMC journey.

Watch the full Episode on YouTube
Quick 10 Podcast, Episode 5
SEASON 1 | EPISODE 5

So You Think You're Ready for a CMMC Assessment?

As the Cybersecurity Maturity Model Certification (CMMC) requirement gets closer, many organizations seeking certification (OSC) are preparing for an assessment with an authorized CMMC third-party assessment organization (C3PAO). OSCs should not engage with C3PAOs until they are ready, If you think you are, listen to Glenda Snodgrass of The Net Effect, LLC, as she discusses the top things you should have ready before you prepare further.

Watch the full Episode on YouTube
Cuick 10 Podcast E4
SEASON 1 | EPISODE 4

CMMC: A Small Business Perspective

Most of the Defense Industrial Base is made up of small businesses. That innovation is critical to our nation’s competitive advantage. However, navigating Controlled Unclassified Information (CUI) and NIST SP 800-171, and preparing for CMMC can be challenging for small businesses. This episode features the small business perspective of Allison Giddens, President of Operations at Win-Tech, Inc., and their approach to these cybersecurity requirements.
Watch the full Episode on YouTube
Cuick 10 Podcast E3
SEASON 1 | EPISODE 3

Identifying CUI & Why It Matters

Identifying CUI is the #1 most important aspect of properly building a successful compliance program to meet CMMC requirements. In this episode, Ryan Bonner of DEFCERT discusses how an organization can identify CUI, and why it matters to their scope and overall costs of implementation and CMMC certification.

Watch the full Episode on YouTube
Cuick 10 Podcast E2
SEASON 1 | EPISODE 2

Understanding ITAR vs CMMC

Cybersecurity requirements for Federal Contractors working with the Department of Defense can be hard to navigate. In this episode, we talk to Alex Trafton of Ankura and discuss how export-controlled data, such as the International Traffic in Arms Regulations (ITAR), impacts an organization’s CMMC compliance program.

Watch the full Episode on YouTube
Cuick 10 Podcast Episode 1: SIEM
SEASON 1 | EPISODE 1

It SIEMs Easy. But it's Not

A deep dive into Security Information and Event Management (or SIEM) and why you need it. With special guest Patrick Colantonio of NeQter Labs.
Watch the full Episode on YouTube
logo cuicktrac light

Cuick Trac, a solution by Beryllium InfoSec, is a FedRAMP Moderate Equivalent virtual enclave, known as the Cuick Trac Managed Enclave, designed for organizations that need to comply with NIST 800-171 and CMMC 2.0, Level 2.

Youtube Linkedin Facebook-f Twitter
Guides
Featured Articles
Privacy Policy
Disclaimer

© Copyright 2025 Beryllium InfoSec. All rights reserved.

Get Started