The Challenge

The leadership team at a growing metal fabrication shop was facing increasing pressure from their defense customers to become CMMC Level 2 compliant. While they excelled at delivering tight-tolerance components on time, their internal IT systems told a different story:

• Passwords were shared informally

• Laptops weren’t encrypted

• There was no formal backup plan, no MFA, and no training

• And most of the team didn’t even know what “CMMC” stood for

The owner had recently lost a valuable DoD subcontract opportunity because the client’s prime contractor required documentation they couldn’t provide. He admitted, “We didn’t know what we didn’t know — and it was starting to hurt the business.”

What started as a compliance concern quickly became a source of stress, anxiety, and lost revenue.

The Solution

After connecting with our team, the first step was taking ownership of the problem — together.

We began with a readiness assessment mapped to CMMC Level 2 controls, then delivered a structured plan to:

• 🔒 Implement MFA across all email and remote access

• 💻 Ensure antivirus and patching on all workstations

• 🔐 Standardize user access, logins, and device policies

• ☁️ Move sensitive files to Microsoft 365 with access control and cloud backup

• 📄 Create simple written policies (passwords, backups, physical security, etc.)

• 🎓 Deliver staff training so everyone knew the “why” behind new policies

Throughout the process, we met weekly with leadership to explain steps, simplify technical language, and give them peace of mind.

“We didn’t want another vendor. We needed a partner. And that’s exactly what we got.”