top of page
The Big Blog
The FY 2026 NDAA and CMMC Level 2: What the Law Says and What It Signals for Defense Contractors
On December 18, 2025, the Fiscal Year 2026 National Defense Authorization Act (FY 2026 NDAA) (P.L. 119-60) was signed into law.^[1] While the Act addresses a broad range of national defense priorities, several provisions are directly relevant to cybersecurity obligations across the Defense Industrial Base (DIB). Most notably, the FY 2026 NDAA explicitly references the Cybersecurity Maturity Model Certification (CMMC) framework and reinforces Congress’s expectation that Depart
Jan 264 min read
The Great Heist and the “Self-Attestation Gap”: Why CMMC Isn’t Random Bureaucracy
David R. Shedd didn’t come to the conversation as a commentator. He came as a former Deputy Director and Acting Director of the Defense Intelligence Agency, someone who spent a career watching adversaries play the long game. In a recent virtual discussion with CSIS’s Dr. Seth G. Jones, Shedd walked through the core argument of his new book, The Great Heist: China’s Epic Campaign to Steal America’s Secrets : over the last few decades, China has executed a structured campaign
Jan 214 min read
What the 2025 U.S. National Security Strategy Signals for Defense, Cybersecurity, and Industry
The 2025 U.S. National Security Strategy released in November is explicit about how the United States now defines security. It rejects vague aspirations and instead focuses on “a concrete, realistic plan that explains the essential connection between ends and means.” That clarity has consequences for defense contractors, technology providers, manufacturers, and cybersecurity leaders, because the strategy repeatedly makes clear that national power depends on economic strength
Dec 23, 20254 min read
Why CMMC Exists: China’s Defense Surge Is Fueled by Data We’ve Failed to Protect
In our latest Bourbon & Bytes episode, Mackenzie Eaglen laid out a reality that too few people in the Defense Industrial Base (DIB) are willing to confront: China’s real military investment isn’t just large—it likely eclipses U.S. spending, potentially reaching $1 trillion annually. And a disturbing portion of that advantage comes not from innovation… …but from us . Specifically: from stolen U.S. data, U.S. designs, U.S. R&D, and U.S. intellectual property siphoned out of
Dec 6, 20253 min read
Countering Cyber Adversaries: Veterans on the Front Lines of Cyber Defense
Insights from Terry McGraw (CEO, Cape Endeavors) & Clark Rahman (Associate Director, PNG Cyber) Cyber Defense isn’t just about tools and dashboards — it’s about mindset. During a recent EC-Council fireside chat, Army veterans Terry McGraw and Clark Rahman unpacked how military experience directly strengthens today’s Cyber Defense mission. No slides. No buzzword bingo. Just two veterans who’ve operated in both worlds: combat zones and corporate networks. Cyber Defense as a War
Dec 1, 20254 min read
CMMC and the End of Passwords: Why Passkeys Are the Future of Cybersecurity and Compliance
CMMC and the End of Passwords: Why Passkeys Are the Future of Cybersecurity and Compliance
Apr 8, 20253 min read
bottom of page