Cuick 10 Podcast

The Cuick 10 Podcast, hosted by Cuick Trac, covers all things cybersecurity, from all different perspectives and personalities across the FedCon and Cyber Defense industry. All in 10 (ish) minutes.

Listen On:

Sign up for alerts on new podcasts:

Episodes:

SEASON 2 | EPISODE 9

Bridging the Gaps: DFARS vs. CMMC

In this episode of the Cuick 10 Podcast, filmed live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Carter Schoenberg, Vice President & Chief Cybersecurity Officer at SoundWay Consulting, to discuss the often-misunderstood divide between DFARS contract requirements and CMMC Level 2 assessments.

Carter shares what he’s seen across dozens of readiness reviews and client assessments—including how organizations are still falling short when it comes to incident response planning, asset inventory, and understanding their obligations. He also explains why contractors should be getting on a C3PAO’s schedule sooner rather than later—before the demand outpaces capacity.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 8

Behind the Scenes of CMMC Assessments

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Steven Molter, Solutions Architect at IntelliGRC, to explore what’s actually happening inside CMMC Level 2 assessments right now.

Steven shares what he’s seeing across multiple client engagements, including inconsistencies between C3PAOs, scoping guidance that’s still evolving, and practical strategies for addressing tough requirements like continuous monitoring. He also highlights how IntelliGRC is helping organizations ditch spreadsheet chaos and stay organized for audit success.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 7

CMMC Lessons from the Front Lines

In this episode of the Cuick 10 Podcast, recorded live at #CUICON 2025, Derek White, Chief Operating Officer of Cuick Trac, is joined by Matthew Titcombe, CEO & Sr. Information Security Consultant at Peak InfoSec, to share real-world insights from the early days of CMMC through where things stand in 2025.

Matthew discusses his experiences as one of the first C3PAOs, the growing demand for in-person collaboration and education in the cybersecurity space, and the evolving expectations from primes within the Defense Industrial Base. He also gives a behind-the-scenes look at what’s next for CUICON and Peak InfoSec’s content series, including “As the CMMC Churns” and “CMMC Group Therapy.”

Watch the full Episode on YouTube

SEASON 2 | EPISODE 6

CMMC & FedRAMP: What’s Next?

In this special episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by George Perezdiaz, Director of Advisory Services at Cuick Trac, to discuss the future of CMMC and FedRAMP compliance—recorded live from #CUICON 2025.

George shares insights into how FedRAMP Moderate Equivalency is shaping the cybersecurity landscape for DoD contractors, the latest updates on CMMC, and what businesses need to know about evolving compliance regulations. They also break down the critical difference between incident response vs. incident awareness and why planning ahead is key to staying compliant.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 5

CMMC Pitfalls – What Contractors Must Avoid

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Stephen Pratt, Chief Information Security Officer (CISO) and Director of Programs, Cyber Risk & Compliance Sector at Sentar, to discuss the biggest pitfalls organizations face when preparing for CMMC assessments.

Stephen shares key insights on why contractors struggle with scoping, documentation, and cloud service provider compliance, and how early preparation and mock assessments can prevent certification failures.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 4

CNAPP & CMMC

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Jeff Baldwin, Chief Information Security Officer, and George Perezdiaz, Director of Compliance Advisory, to discuss Cuick Trac’s achievement of FedRAMP Moderate Equivalency. They explore what this milestone means for organizations handling Controlled Unclassified Information (CUI), its impact on CMMC compliance, and how it strengthens cybersecurity within the Defense Industrial Base.

Jeff and George break down the importance of third-party validation, how FedRAMP Moderate Equivalency aligns with NIST SP 800-171 and DFARS 252.204-7012 requirements, and how Cuick Trac’s secure enclave provides a managed solution for achieving compliance efficiently.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 3

Cuick Trac Achieves FedRAMP Moderate Equivalency

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Jeff Baldwin, Chief Information Security Officer, and George Perezdiaz, Director of Compliance Advisory, to discuss Cuick Trac’s achievement of FedRAMP Moderate Equivalency. They explore what this milestone means for organizations handling Controlled Unclassified Information (CUI), its impact on CMMC compliance, and how it strengthens cybersecurity within the Defense Industrial Base.

Jeff and George break down the importance of third-party validation, how FedRAMP Moderate Equivalency aligns with NIST SP 800-171 and DFARS 252.204-7012 requirements, and how Cuick Trac’s secure enclave provides a managed solution for achieving compliance efficiently.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 2

CMMC & Your Affirming Official

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer of Cuick Trac, is joined by Justin Orcutt, Director of Cybersecurity for the Aerospace and Defense Market at Microsoft, to break down the role of the affirming official in CMMC compliance. Justin discusses the shift of accountability to senior business leaders, the need for annual self-assessments, and the importance of maintaining continuous compliance with CMMC Level 2 requirements.

Watch the full Episode on YouTube

SEASON 2 | EPISODE 1

FAR CUI Rule Update – What DoD Contractors Need to Know

In this episode of the Cuick 10 Podcast, Derek White, Chief Operating Officer & Co-Founder of Cuick Trac, is joined by George Perezdiaz, Director of Compliance Advisory at Cuick Trac, to discuss the FAR CUI Rule Update and its implications for CMMC compliance. George breaks down what the FAR CUI Rule means for DoD contractors, the continued importance of CMMC compliance, and what changes are on the horizon in 2025.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 14

CMMC Compliance – Are You Ready for 2025?

In this episode of the Cuick 10 Podcast, Derek White, CPO & Co-Founder of Cuick Trac, is joined by George Perezdiaz, Director of Compliance Advisory at Cuick Trac, to discuss the latest developments in CMMC compliance and what businesses need to know as we approach 2025. George shares insights into the final CMMC rule, effective strategies for scoping and managing CUI, and tips for ensuring your organization is fully compliant with the latest regulations.

Tune in for expert advice on how to stay ahead of the curve and meet the CMMC requirements for the coming year.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 13

CMMC Facility Scoping with VDI

In this episode of the Cuick 10 Podcast, Derek White, CPO & Co-Founder of Cuick Trac, is joined by Jeff Baldwin, CISO of Cuick Trac, to discuss how facility scoping works in the context of CMMC when utilizing Virtual Desktop Infrastructure (VDI). Jeff shares insights into how organizations should manage their controlled environments and why securing CUI in virtual and remote settings is essential. Learn the best practices for ensuring compliance while navigating the complexities of scoping and securing data in a virtual environment.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 12

Scope & Boundaries for CMMC

In this episode of the Cuick 10 Podcast, Derek White, CPO and Co-Founder of Cuick Trac is joined by Koren Wise, CEO of Wise Technical Innovations, to discuss the complexities of scope and boundaries in CMMC compliance. Koren shares valuable insights on how organizations should define their limits, the challenges of managing CUI flows, and best practices for ensuring compliance across multiple locations and systems. Learn how understanding these boundaries can streamline your compliance efforts and set you up for successful assessments.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 11

CMMC Rule Update - 32 CFR Part 170

The CMMC Program rule-making process has reached a major milestone, with 32 CFR Part 170 officially published on the National Register. Industry-leading cyber lawyer, Robert Metzger, head of cybersecurity practice at Rogers Joseph O’Donnell, PC,, joins Cuick Trac’s Derek White to discuss the immediate effects on defense contractors, while also discussing the update to the FAR CUI rule-making process, which will have a potentially significant impact across other agencies.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 10

SPRS: Myth vs Fact

CMMC may be all the rage now, but your SPRS score is also important and has been for the past few years. Cyber Compliance Community Contributor Wayne Boline joins Cuick Trac’s Derek White to discuss what you need to know about SPRS and the myths and facts that come with it.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 9

The Challenge of Documentation for CMMC

Are you feeling the pressure of CMMC and not knowing exactly what details you might be missing? Have you been struggling with the challenges of documentation for CMMC? If so, this episode is for you. Cuick Trac’s Derek White is joined by Vince Scott, CEO and Founder of Defense Cybersecurity Group, to discuss the important details you don’t want to miss as the CMMC rule-making process takes another step forward to being a requirement in your DoD contracts.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 8

CMMC Through the Eyes of a CISO

Are you responsible for your organization’s CMMC compliance program? Are you in a position of leadership where the responsibility lies on your shoulders, regardless of who’s been tasked to implement NIST SP 800-171? In this episode, Landon Carlson, Chief Information Security Officer at Metron, shares his experience, insight, and opinions on CMMC as a CISO who is relatively new to the organization.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 7

What GRC Means to You and What to Do

Governance, Risk and Compliance, or GRC, helps organizations manage risk, achieve business goals, and comply with regulations. When it comes to CMMC, the GRC approach an organization takes can mean the difference between passing or failing third-party assessments. In this episode, Mark Berman, CEO of FutureFeed, talks about what GRC tools should do for you and the benefits of using one above passing an assessment.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 6

Starting (or Re-starting) Your CMMC Program

Are you new to an organization and the CMMC burden falls on you? Or is CMMC being prioritized again? Or are you focusing on CMMC for the very first time? Regardless of your answer, this podcast is for you. If you miss some of the core aspects of CMMC early on, the price to pay later can be damaging. Special guest Regan Edens of the CMMC Industry Standards Council and DTC Global joins host Derek White to discuss what OSCs should think about on the front end of their CMMC journey.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 5

So You Think You're Ready for a CMMC Assessment?

As the Cybersecurity Maturity Model Certification (CMMC) requirement gets closer, many organizations seeking certification (OSC) are preparing for an assessment with an authorized CMMC third-party assessment organization (C3PAO). OSCs should not engage with C3PAOs until they are ready, If you think you are, listen to Glenda Snodgrass of The Net Effect, LLC, as she discusses the top things you should have ready before you prepare further.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 4

CMMC: A Small Business Perspective

Most of the Defense Industrial Base is made up of small businesses. That innovation is critical to our nation’s competitive advantage. However, navigating Controlled Unclassified Information (CUI) and NIST SP 800-171, and preparing for CMMC can be challenging for small businesses. This episode features the small business perspective of Allison Giddens, President of Operations at Win-Tech, Inc., and their approach to these cybersecurity requirements.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 3

Identifying CUI & Why It Matters

Identifying CUI is the #1 most important aspect of properly building a successful compliance program to meet CMMC requirements. In this episode, Ryan Bonner of DEFCERT discusses how an organization can identify CUI, and why it matters to their scope and overall costs of implementation and CMMC certification.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 2

Understanding ITAR vs CMMC

Cybersecurity requirements for Federal Contractors working with the Department of Defense can be hard to navigate. In this episode, we talk to Alex Trafton of Ankura and discuss how export-controlled data, such as the International Traffic in Arms Regulations (ITAR), impacts an organization’s CMMC compliance program.

Watch the full Episode on YouTube

SEASON 1 | EPISODE 1

It SIEMs Easy. But it's Not

A deep dive into Security Information and Event Management (or SIEM) and why you need it. With special guest Patrick Colantonio of NeQter Labs.

Watch the full Episode on YouTube