Watch the June MAD Security Town Hall Webinar replay π
![]() |
![]() |
Building a Complete CMMC Solution Starts with the Right Partnership
Juneβs MAD Security Cybersecurity Town Hall focused on a challenge many defense contractors face as CMMC requirements continue to expand across the Defense Industrial Base: creating a cybersecurity and compliance structure that actually works.
Hosted by Adam Starnes and joined by Ben Shackelford of Pinnacle Business Solutions, this session explored how Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) can work together to create a complete solution for cybersecurity, compliance, and long-term operational success.
Rather than focusing solely on tools or technology, the discussion centered on accountability, communication, separation of duties, and the operational maturity required to support CMMC compliance over time.
The message throughout the Town Hall was clear. Organizations achieve better security outcomes and smoother CMMC readiness when IT operations, cybersecurity operations, and compliance responsibilities are clearly defined and aligned.
Meet the Speakers
June's Cybersecurity Town Hall brought together industry professionals from MAD Security and Pinnacle Business Solutions to discuss how organizations can strengthen cybersecurity operations and achieve long-term CMMC compliance through effective MSP and MSSP partnerships.
Adam Starnes, Account Manager | MAD Security
| Adam works closely with organizations to develop cybersecurity strategies that align security operations with compliance objectives, helping clients build sustainable programs that support long-term success. |
Ben Shackelford, Pinnacle Business Solutions
| Ben brings extensive experience in managed IT services and shared insights on how strong collaboration between MSPs and MSSPs creates a seamless client experience while improving operational efficiency and audit readiness. |
| Jaclyn specializes in governance, risk, and compliance (GRC), guiding organizations through CMMC requirements and helping them build practical, audit-ready compliance programs. |
Together, the speakers shared practical strategies for improving collaboration, defining responsibilities, and building a cybersecurity program that supports both operational resilience and long-term CMMC compliance. Below are the key takeaways from the discussion.
"The client should feel like everyone is rowing in the same direction."
Key Takeaways from June Town Hall
|
Misaligned Providers Create Compliance RiskOne of the first topics discussed was what happens when IT providers, security providers, and compliance consultants are not working together effectively. When responsibilities are unclear, organizations often experience: Delayed implementations In many cases, the client ends up acting as the project manager between multiple vendors. This creates confusion and slows progress toward compliance goals. Organizations benefit most when providers operate as a coordinated team with clearly defined responsibilities and shared accountability. Callout: The client should never have to quarterback multiple providers. Strong partnerships create a seamless experience that keeps organizations focused on their business. |
MSPs and MSSPs Serve Different RolesA major theme throughout the Town Hall was the distinction between traditional IT operations and cybersecurity operations. MSPs typically focus on: Infrastructure management MSSPs typically focus on: Security monitoring Both functions are essential for CMMC success, but they require different expertise and operational priorities. When both providers understand their responsibilities and collaborate effectively, organizations gain stronger security coverage and clearer compliance accountability. |
|
Separation of Duties Strengthens Audit ReadinessThe discussion repeatedly returned to one critical concept: separation of duties. A common example involved vulnerability management. MAD Security may identify vulnerabilities through scanning and monitoring. Pinnacle Business Solutions then performs remediation and patching activities. After remediation is completed, MAD Security independently validates that the vulnerabilities have been properly resolved. This creates an important checks-and-balances process that supports: Independent validation Assessors expect organizations to demonstrate that controls are not only implemented but also validated over time. Callout: CMMC assessors expect organizations to prove that controls are implemented, maintained, and independently validated through documented evidence. |
|
CMMC Requires More Than Technical ExpertiseAnother important takeaway was that CMMC compliance extends far beyond cybersecurity tools. Organizations must address: Policies and procedures Many organizations underestimate the complexity of implementing all 110 CMMC Level 2 controls and 320 assessment objectives. Working with experienced providers helps organizations avoid costly mistakes, rework, and delays. A recurring message throughout the session was that specialization matters. Organizations benefit when IT experts focus on infrastructure; cybersecurity teams focus on security operations, and compliance specialists focus on audit readiness and documentation. |
|
Compliance Is an Ongoing ProgramOne of the strongest messages from the session was that compliance does not end after certification. Organizations that view CMMC as a one-time project often struggle to maintain readiness after passing an assessment. Changes occur constantly: Employees leave or change roles The organizations that maintain compliance successfully treat CMMC as an ongoing operational program rather than a temporary initiative. As Ben Shackelford explained during the discussion, successful organizations build consistency into their daily operations and approach compliance proactively rather than reactively. |
Q&A Highlights
Do I need both an MSP and MSSP to achieve CMMC Level 2 compliance?
Not necessarily. Every organization is different. The most important factor is ensuring all responsibilities are properly covered by qualified personnel who understand CMMC requirements and can support implementation, validation, and documentation.
How do providers avoid overlapping services?
Clear communication and clearly defined responsibilities are essential. Successful partnerships rely on shared accountability while maintaining ownership boundaries for specific tasks and services.
How involved does my organization need to be?
Organizations remain responsible for their compliance status. While providers can assist with implementation, monitoring, and guidance, leadership and internal teams must remain engaged throughout the process.
What happens after we achieve certification?
Compliance maintenance continues after certification. Organizations must maintain documentation, validate controls, address changes, and prepare for future assessments to remain compliant over time.
MAD Securityβs Role in Long-Term Compliance
MAD Security helps organizations build sustainable compliance programs through GRC Gap Assessments, Virtual Compliance Management (VCM), continuous compliance support, Vulnerability Management, audit preparation, and a fully U.S.-based 24/7 Security Operations Center (SOC).
As a CMMC Registered Provider Organization (RPO),MAD Security works alongside internal IT teams and trusted partners like Pinnacle Business Solutions to create structured, audit-ready environments that support long-term compliance success.
"CMMC is not just about the tools. It's about building the right structure and the right team."
Why Partnership Matters
CMMC readiness is not about finding one provider that claims to do everything.
It is about building a structure where specialized teams work together effectively, maintain accountability, and provide independent validation.
Organizations that establish these partnerships early often experience:
Reduced audit risk
Faster remediation
Better communication
Stronger security outcomes
More sustainable compliance programs
The companies that perform best during assessments are usually the ones that invested in the right operational structure long before the auditor arrived.
Free Resources and Next Steps
MAD Security offers several free resources to help organizations evaluate their compliance readiness and better understand the path toward certification:
| Virtual Compliance Management (VCM) | |
| MAD Security Town Hall Webinars |
These resources help organizations understand where they stand today, identify compliance gaps, and develop a practical roadmap toward certification.
"At the end of the day, the organization is ultimately responsible for its compliance status."
Final Thoughts
The most successful CMMC programs are built on structure, accountability, and collaboration.
As discussed throughout the June Town Hall, strong MSP and MSSP partnerships help organizations reduce risk, strengthen security, and maintain compliance with greater confidence.
Whether you are preparing for your first assessment or looking to improve your long-term compliance strategy, now is the time to evaluate whether your current team structure supports the goals you are trying to achieve.
Organizations looking to strengthen their cybersecurity posture can learn more about MAD Security's CMMC Compliance solutions, Managed Security Services, and Virtual Compliance Management (VCM) offerings. If you're interested in collaborating with MAD Security, explore our Partner, Reseller, and Referral Program to learn how we work with MSPs, technology providers, and referral partners to deliver trusted cybersecurity and compliance solutions.
The right partnership can make all the difference.
Original Publish Date: June 25, 2026


