Kelly Hood

The time is now to dig into the requirements to get ready for #CMMC. Check out our CMMC Progress Tracker to get started 👇 43828014.hs-sites.com/cmmc-l2-progre… Reach out at Info@OpticCyber.com to get started!

Give everyone access to everything… and suddenly nothing feels important. A little friction keeps your data from ending up everywhere. Everyone *probably* doesn't need access to everything. #OpticCyber

📢NEW @NIST Blog: Celebrating 2⃣ Years of #CSF 2.0! The CSF 2.0 has been widely embraced by millions of orgs of all sizes & sectors around the globe & continues to be the most downloaded NIST technical publication... nist.gov/blogs/cybersec…

New DoD CIO #CMMC FAQ update! If #CUI is handled only in hardcopy and never processed, stored, or transmitted on your systems, a CMMC L2 assessment is not required. If you are the one printing it, the system printing CUI requires CMMC. FAQs: dowcio.war.gov/Portals/0/Docu…

Most people don’t wake up and decide to become an insider threat. They make a quick decision. They move too fast. And sometimes that’s all it takes.... If you need a starting point, DCSA offers free Insider Threat Awareness training 👇 securityawareness.dcsa.mil/itawareness/in… #OpticCyber

An SSP isn’t just a compliance document. It’s a management tool for governing security. It ties together people, processes, and technology, enabling risk decisions and stronger cybersecurity long after the assessment is over. Reach out if you want to get more from your SSP.

Incident response is more than just a plan on paper. It needs to be something you can put into action. Check out this video to learn how to weave incident response throughout the entire cybersecurity program 👇 youtu.be/aA2ldOeqycA

Last week @TomConkle & I had a conversation on a #ShadowTrace webinar about #CMMC (surprise, surprise). One theme came up again and again: It’s not enough to do the right things. You have to be able to PROVE it too! #OpticCyber

Can encryption alone create logical separation for #CMMC? Short answer: No. Per DoD C-Q11, separation between #CUI and non-CUI must be physical or logical. Encryption protects data, but it does not create scope separation. FAQs: dowcio.war.gov/Portals/0/Docu…

Progress in cybersecurity rarely comes from tools alone. It comes from conversations, collaboration, & a willingness to ask hard questions. We’re grateful for the leaders, partners, & practitioners who leaned into the complexity instead of avoiding it! Thanks for a great 2025!

#CMMC is officially showing up in contracts. We were invited by #ShadowTrace to lead a live session on January 21 focused on the where organizations are struggling with CMMC. Register here 👇 lnkd.in/gypm6Pwi #OpticCyber #SecureTheDIB

New #CMMC FAQ C-Q12 clarifies enclave scoping: Enterprise network components are not automatically in scope if a CUI enclave has no direct internet connection. With proper logical separation and encryption, the corporate network can be used. FAQs: dowcio.war.gov/Portals/0/Docu…

Incident response is more than just a plan on paper. It needs to be something you can put into action. For an overview, check out this video sharing how to weave incident response throughout your program using NIST SP 800-61! Linked here 👇 youtu.be/aA2ldOeqycA #OpticCyber

New #CMMC FAQs dropped! ◾ Hardcopy-only CUI does NOT require a CMMC Level 2 assessment ◾ Encryption alone does NOT create logical separation ◾ Properly designed enclaves do NOT automatically pull the enterprise network into scope FAQs linked here 👇 dowcio.war.gov/Portals/0/Docu…

Did you see that last month #NIST released a draft of the Cyber AI Profile? Instead of creating a whole new framework, NIST mapped AI risks to familiar #CSF outcomes making it easier to talk about AI. Cyber AI Profile 👇 nvlpubs.nist.gov/nistpubs/ir/20… Be sure to check it out!

As the year wraps up, I wanted to reshare two conversations I enjoyed recording on the @DigiTrustPdcast. Check them out! Ep 1: The cyber puzzle 👇 loom.ly/Nilpa4I Ep 2: Cyber for SMBs 👇 loom.ly/WLksHFc

As the year wraps up, I’ve been thinking about how grateful I am for the people I’ve had the chance to work with. Thank you to everyone who trusted us, challenged us, and collaborated with us this year! 😊

“We’ll circle back after the holidays.” Sound familiar? This time of year makes it obvious how much security work only happens when someone remembers to do it. Check out #OpticCyber's CMMC Progress Tracker to organize your thoughts! 👇 43828014.hs-sites.com/cmmc-l2-progre…

I recently had the chance to catch up with Kaleigh Floyd on the Climbing Mount CMMC podcast to talk about what companies actually need to know when they start tackling #CMMC. Check it out here 👇 youtube.com/watch?v=Lek85c… #OpticCyber #ClimbingMountCMMC #SecureTheDIB

It’s hard to know who does what in #CMMC when you're just starting out. If you’ve ever wished for a simple way to sort out the players, you’re not alone. If you’re staring at acronyms wondering what they mean, this video is for you! 👇 youtu.be/szZeUzVizXU #OpticCyber