Skip to content
How MAD Security and Pinnacle Business Solutions Deliver a Complete MSP + MSSP Solution

Watch the June MAD Security Town Hall Webinar replay πŸ‘‡

3-Jun-29-2026-04-29-52-3766-PM Logo Pinnacle

Building a Complete CMMC Solution Starts with the Right Partnership

June’s MAD Security Cybersecurity Town Hall focused on a challenge many defense contractors face as CMMC requirements continue to expand across the Defense Industrial Base: creating a cybersecurity and compliance structure that actually works.

Hosted by Adam Starnes and joined by Ben Shackelford of Pinnacle Business Solutions, this session explored how Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) can work together to create a complete solution for cybersecurity, compliance, and long-term operational success.

Rather than focusing solely on tools or technology, the discussion centered on accountability, communication, separation of duties, and the operational maturity required to support CMMC compliance over time.

The message throughout the Town Hall was clear. Organizations achieve better security outcomes and smoother CMMC readiness when IT operations, cybersecurity operations, and compliance responsibilities are clearly defined and aligned.

 

Meet the Speakers

June's Cybersecurity Town Hall brought together industry professionals from MAD Security and Pinnacle Business Solutions to discuss how organizations can strengthen cybersecurity operations and achieve long-term CMMC compliance through effective MSP and MSSP partnerships.

Adam Starnes, Account Manager | MAD Security

Adam works closely with organizations to develop cybersecurity strategies that align security operations with compliance objectives, helping clients build sustainable programs that support long-term success.

Ben Shackelford, Pinnacle Business Solutions

Ben brings extensive experience in managed IT services and shared insights on how strong collaboration between MSPs and MSSPs creates a seamless client experience while improving operational efficiency and audit readiness.
Jaclyn Jones, GRC Lead | MAD Security
Jaclyn specializes in governance, risk, and compliance (GRC), guiding organizations through CMMC requirements and helping them build practical, audit-ready compliance programs.

Together, the speakers shared practical strategies for improving collaboration, defining responsibilities, and building a cybersecurity program that supports both operational resilience and long-term CMMC compliance. Below are the key takeaways from the discussion.

"The client should feel like everyone is rowing in the same direction."

– Ben Shackelford, Pinnacle Business Solutions

 

Key Takeaways from June Town Hall

MAD red 1 one

 

Misaligned Providers Create Compliance Risk

One of the first topics discussed was what happens when IT providers, security providers, and compliance consultants are not working together effectively.

When responsibilities are unclear, organizations often experience:

   Delayed implementations
   Conflicting recommendations
   Duplicate efforts
   Communication breakdowns
  Increased audit stress

In many cases, the client ends up acting as the project manager between multiple vendors. This creates confusion and slows progress toward compliance goals.

Organizations benefit most when providers operate as a coordinated team with clearly defined responsibilities and shared accountability.

Callout: The client should never have to quarterback multiple providers. Strong partnerships create a seamless experience that keeps organizations focused on their business.

MAD red 2 two

MSPs and MSSPs Serve Different Roles

A major theme throughout the Town Hall was the distinction between traditional IT operations and cybersecurity operations.

MSPs typically focus on:

   Infrastructure management
   Licensing
   User support
   Configuration changes
  System administration

MSSPs typically focus on:

   Security monitoring
   Threat detection
   Vulnerability management
   Compliance validation
   Incident response

Both functions are essential for CMMC success, but they require different expertise and operational priorities.

When both providers understand their responsibilities and collaborate effectively, organizations gain stronger security coverage and clearer compliance accountability.

MAD red 3 three

Separation of Duties Strengthens Audit Readiness

The discussion repeatedly returned to one critical concept: separation of duties.

A common example involved vulnerability management.

MAD Security may identify vulnerabilities through scanning and monitoring. Pinnacle Business Solutions then performs remediation and patching activities. After remediation is completed, MAD Security independently validates that the vulnerabilities have been properly resolved.

This creates an important checks-and-balances process that supports:

   Independent validation
   Improved accountability
   Stronger documentation
   Better audit defensibility
   Reduced compliance risk

Assessors expect organizations to demonstrate that controls are not only implemented but also validated over time.

Callout: CMMC assessors expect organizations to prove that controls are implemented, maintained, and independently validated through documented evidence.

MAD red 4 four

CMMC Requires More Than Technical Expertise

Another important takeaway was that CMMC compliance extends far beyond cybersecurity tools.

Organizations must address:

   Policies and procedures
   Human resources processes
   Background screening
   Physical security controls
   Documentation management
   Shared responsibility matrices

Many organizations underestimate the complexity of implementing all 110 CMMC Level 2 controls and 320 assessment objectives.

Working with experienced providers helps organizations avoid costly mistakes, rework, and delays.

A recurring message throughout the session was that specialization matters. Organizations benefit when IT experts focus on infrastructure; cybersecurity teams focus on security operations, and compliance specialists focus on audit readiness and documentation.

MAD red 5 five

Compliance Is an Ongoing Program

One of the strongest messages from the session was that compliance does not end after certification.

Organizations that view CMMC as a one-time project often struggle to maintain readiness after passing an assessment.

Changes occur constantly:

   Employees leave or change roles
   Technology stacks evolve
   Policies require updates
   New vulnerabilities emerge
   Infrastructure changes impact compliance

The organizations that maintain compliance successfully treat CMMC as an ongoing operational program rather than a temporary initiative.

As Ben Shackelford explained during the discussion, successful organizations build consistency into their daily operations and approach compliance proactively rather than reactively.

Q&A Highlights

Do I need both an MSP and MSSP to achieve CMMC Level 2 compliance?

Not necessarily. Every organization is different. The most important factor is ensuring all responsibilities are properly covered by qualified personnel who understand CMMC requirements and can support implementation, validation, and documentation.

How do providers avoid overlapping services?

Clear communication and clearly defined responsibilities are essential. Successful partnerships rely on shared accountability while maintaining ownership boundaries for specific tasks and services.

How involved does my organization need to be?

Organizations remain responsible for their compliance status. While providers can assist with implementation, monitoring, and guidance, leadership and internal teams must remain engaged throughout the process.

What happens after we achieve certification?

Compliance maintenance continues after certification. Organizations must maintain documentation, validate controls, address changes, and prepare for future assessments to remain compliant over time.

 

MAD Security’s Role in Long-Term Compliance

MAD Security helps organizations build sustainable compliance programs through GRC Gap Assessments, Virtual Compliance Management (VCM), continuous compliance support, Vulnerability Management, audit preparation, and a fully U.S.-based 24/7 Security Operations Center (SOC).

As a CMMC Registered Provider Organization (RPO),MAD Security works alongside internal IT teams and trusted partners like Pinnacle Business Solutions to create structured, audit-ready environments that support long-term compliance success.

"CMMC is not just about the tools. It's about building the right structure and the right team."

– Adam Starnes, Account Manager, MAD Security

 

Why Partnership Matters

CMMC readiness is not about finding one provider that claims to do everything.

It is about building a structure where specialized teams work together effectively, maintain accountability, and provide independent validation.

Organizations that establish these partnerships early often experience:

   Reduced audit risk
   Faster remediation
   Better communication
   Stronger security outcomes
   More sustainable compliance programs

The companies that perform best during assessments are usually the ones that invested in the right operational structure long before the auditor arrived.

 

Free Resources and Next Steps 

MAD Security offers several free resources to help organizations evaluate their compliance readiness and better understand the path toward certification:

Virtual Compliance Management (VCM)
MAD Security Town Hall Webinars

These resources help organizations understand where they stand today, identify compliance gaps, and develop a practical roadmap toward certification.

"At the end of the day, the organization is ultimately responsible for its compliance status."

– Jaclyn Jones, GRC Lead, MAD Security

 

Final Thoughts 

The most successful CMMC programs are built on structure, accountability, and collaboration.

As discussed throughout the June Town Hall, strong MSP and MSSP partnerships help organizations reduce risk, strengthen security, and maintain compliance with greater confidence.

Whether you are preparing for your first assessment or looking to improve your long-term compliance strategy, now is the time to evaluate whether your current team structure supports the goals you are trying to achieve.

Organizations looking to strengthen their cybersecurity posture can learn more about MAD Security's CMMC Compliance solutions, Managed Security Services, and Virtual Compliance Management (VCM) offerings. If you're interested in collaborating with MAD Security, explore our Partner, Reseller, and Referral Program to learn how we work with MSPs, technology providers, and referral partners to deliver trusted cybersecurity and compliance solutions.

The right partnership can make all the difference.