Podcast: Play in new window | Download (Duration: 9:09 — 12.6MB)
Subscribe: RSS
Summary
In this episode of Chattinn Cyber, cybersecurity expert Mark Jackolski, Director of Risk and Compliance at Show Proof, shares his journey from Long Island technician to national leader in cyber compliance. With a foundation in information systems from Stony Brook University, Mark discusses how his passion for technology evolved into a career focused on helping organizations meet rising cybersecurity standards.
The heart of the conversation is the Cybersecurity Maturity Model Certification (CMMC), a framework initiated by the Department of Defense to ensure that contractors protect controlled unclassified information. Mark explains that while compliance with NIST 800-171 has been required since 2017, CMMC introduces verification—organizations must now demonstrate their cybersecurity posture through third-party assessments to remain eligible for federal contracts.
Beyond meeting DoD requirements, Mark describes how CMMC builds reputational credibility, calling it “the currency of trust.” He emphasizes the strategic advantage of showing compliance through a recognized badge rather than repeated explanations, which streamlines the contracting process and establishes confidence with partners and clients.
When asked how organizations should begin preparing, Mark advises starting with people: appointing a program leader, engaging executive buy-in, and mapping where sensitive data flows. He warns against relying on underqualified partners and stresses the importance of assessing technical, administrative, and physical requirements early. Missteps—like poor documentation or unclear scoping—can lead to wasted time and resources.
Finally, Mark highlights the growing relevance of CMMC beyond the DoD. New regulations aim to standardize data protection across all federal agencies, meaning businesses even tangentially involved in government work may soon fall under its scope. As CMMC requirements become embedded in contracts by summer 2025, organizations that prepare now will gain a competitive edge in the expanding defense and government market.
5 Key Points
- CMMC Explained: The Cybersecurity Maturity Model Certification verifies that organizations working with the Department of Defense meet NIST 800-171 cybersecurity standards.
- Strategic Advantage: Earning CMMC builds trust and provides a significant edge in securing government contracts by signaling a strong cybersecurity posture.
- Preparation Starts with People: A successful CMMC journey begins by appointing accountable personnel, securing executive alignment, and clearly mapping the flow of controlled unclassified information (CUI).
- Pitfalls and Guidance: Common mistakes include working with unqualified providers and underestimating documentation requirements. Mark recommends finding certified experts through the Cyber AB marketplace.
- Growing Scope: CMMC will expand beyond the DoD to other government agencies, making early adoption a strategic move even for subcontractors or non-defense contractors.
5 Key Quotes
- “It’s the currency of trust.” – Mark on how CMMC serves as a reputation badge in the defense industry.
- “Start by appointing somebody to oversee the entire process.” – On the critical role of leadership in compliance efforts.
- “Documentation is key—not just technical controls, but the processes and people behind them.”
- “If you’re going to develop a policy or some other procedure, there has to be buy-in from the organization.”
- “CMMC started with the DoD, but it’s going to expand to other government agencies. This is just the beginning.”
About Our Guest
Mark Jackolski is a creative and team-oriented cybersecurity professional with a deep-seated passion for technology. He specializes in assisting small to medium-sized businesses in enhancing their security posture and achieving compliance with industry standards. With a persistent drive to deliver exceptional results, Mark offers strategic virtual Chief Information Security Officer (vCISO) services that emphasize risk management, security program development, and regulatory alignment.
Dedicated to continuous learning, Mark is committed to refining his skills and adopting innovative approaches to cybersecurity. He partners with clients to transform cybersecurity from a mere compliance requirement into a competitive advantage. His expertise spans complex frameworks, including HIPAA, ISO 27001, CISv8, NIST, and CMMC 2.0, enabling him to guide organizations through the intricacies of regulatory compliance effectively.
Follow Our Guest
About Our Host
National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.
Follow Our Host