// Insights

Field notes on security, compliance, and IT.

Practical writing from the engineers who do the work - CMMC, NIST 800-171, vCISO, and the day-to-day of defending a business.

CMMC 7 min read

CMMC 2.0 Is Here: What Defense Contractors Need Before Their Next Contract

CMMC 2.0 is now phasing into DoD contracts. Here is what the three levels actually require, who needs a third-party assessment, and the steps that take the longest to finish.

Feb 17, 2026 Read →

Compliance 6 min read

Your NIST 800-171 Self-Assessment: A Practical Starting Checklist

Before you hire an assessor, run an honest NIST 800-171 self-assessment. Here is how the scoring works, which controls carry the most weight, and how to post a defensible SPRS score.

Jan 21, 2026 Read →

vCISO 6 min read

vCISO vs. Hiring a CISO: What a Growing Business Actually Needs

A full-time CISO is a six-figure commitment most mid-market companies cannot justify yet. Here is what a virtual CISO does, where the model fits, and how to tell when you have outgrown it.

Dec 8, 2025 Read →

Have a question the post didn't answer?

Whether it's a CMMC deadline or a security gap you can't quite see, start with a free conversation with an engineer.

Get a Free Cyber Risk Assessment → Talk to an Engineer