“Culture eats strategy for lunch”.
Peter Drucker
This quote is generally attributed to Peter Drucker but it apparently goes back at least 20 years (per Quote Investigator). I remember hearing this quote many years ago and it is just as applicable to CMMC as it is to other organizations.
Is your IT staff stressed out, burned out, and generally overwhelmed? Are they bought in to the goal of cybersecurity maturity or is there resistance for one reason or the other?
Having a strategy is great but CMMC also requires discipline and the development of organizational maturity (i.e. culture) in order to be successful. Many government contractors will focus solely on the tactics – checking off the list of security practices – to achieve CMMC compliance.
My approach is different. I certainly have a strategy to help you achieve compliance and a way to track your progress towards that goal. But I focus more on building a culture of cyber security awareness for your entire organization. I utilize an iterative and incremental agile approach to institute security practices that are well understood which makes it easier to follow consistently.
If you are looking for a partner on your cybersecurity maturity journey, contact me. I am a CMMC-AB Registered Practitioner (RP) and would be honored to assist you.
