In this episode, Cheri Hotman sits down with CMMC expert and strategist Linda Rust for a direct, unscripted conversation about what CMMC really means for defense contractors, why so many organizations get it wrong, and how leaders can approach compliance with clarity instead of chaos.

Linda brings more than 25 years of engineering and mission-critical technology leadership to the table. She breaks down why CMMC is fundamentally a business issue rather than an IT project, why third-party accountability is often the only thing that finally moves organizations to action, and why “cheap” approaches end up being the most expensive mistakes companies make.

Cheri and Linda dig into:
• What CMMC is (and isn’t)
• Why scoping and understanding your data matters more than any technical control
• Why leadership, not IT, must own the strategy
• The real cost drivers behind CMMC and why labor—not tools—is the biggest factor
• How small companies get themselves into false-claims trouble without realizing it
• What’s coming next with FAR CUI and NIST 800-171 Revision 3
• How organizations can right-size their efforts instead of chasing shortcuts

If you want a frank, practical explanation of CMMC from two people who have lived it for years, this episode will help you understand the landscape, avoid costly pitfalls, and build a program that leaders can actually sustain.