About —

Get to know us

R. Newton

Rodney Newton is an Information Security Professional with over 20 years of experience in Information Technology Audit, Security Assessments, Data Protection and Remediation. Rodney has worked in various industries including Banking, Utilities, Professional Services, Insurance, Technology, and the Federal Government. He also holds numerous industry certifications such as the Certified Information System Security Professional (CISSP), Certified Information Security Auditor (CISA), Cybersecurity Maturity Model Certification (CMMC) Registered Practitioner (RP), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Fraud Examiner (CFE).

Prior to starting Arnaz Consulting, Rodney was the Director of Internal Control Testing at SAP, where he managed a global team that performed internal control testing of information security controls. He was also the Program Manager for SAP’s NIST Cybersecurity Framework (CSF) Maturity Assessment. While at SAP he built out the Global Control Testing team from scratch, which included creating a process for properly testing controls and control management. Rodney also created a process to drastically reduce the number of Corrective Actions and Preventative Actions (CAPAs) from the company’s SOC and ISO Audits.

Other previous experiences include managing a team that performed security assessments of high-risk Third Parties within the Enterprise Technology Audit Group at Wells Fargo Bank. In addition to conducting Third Party vendor reviews, he has also conducted audits over a wide range of security topics including Cloud Security, Asset Management, Access Management (including Privileged), Disaster Recovery & Business Continuity, Vulnerability Management (including Pen Testing), Change Control, Patch Management, Mobile Device Security, Incident Response, and Regulatory Compliance to name a few.

Rodney also worked for Grant Thornton as a Manager in their Business Advisory Services (BAS) Internal Audit, where he performed Risk Assessments for various clients. Before that he worked for a small woman-owned consulting firm in Washington D.C. providing audit readiness consulting services to the Department of Defense, including the Navy, Army, and the Defense Logistics Agency.

CASE STUDY

Good projects
with great outcomes.

Assisting a Small Manufacturing Firm in Achieving CMMC Level 1 and Level 2 Compliance

Client Profile:
Small manufacturing firm servicing the Department of Defense (DoD).
Industry: Manufacturing
Size: 32 employees.
Challenge: Achieving compliance with Cybersecurity Maturity Model Certification (CMMC) Level 1 and Level 2 to continue securing DoD contracts.

Background

The client, a small manufacturing firm with a specialized focus on creating custom electronics
manufacturing solutions for clients in aviation, rail, transit, OEM, defense, and more, faced a critical
challenge when the DoD announced the implementation of the Cybersecurity Maturity Model
Certification (CMMC) framework. To continue securing DoD contracts and ensure the protection of
sensitive defense-related information, the firm needed to become compliant with CMMC Levels 1 and 2.
Lacking in-house expertise and resources, the client sought assistance from Arnaz Consulting.

Engagement

Arnaz Consulting, a team of cybersecurity and compliance experts, was engaged to help the manufacturing firm achieve CMMC Level 1 and Level 2 compliance. The engagement encompassed the following key steps:

Initial Assessment:
We initiated the engagement with a thorough assessment of the manufacturing firm’s current cybersecurity posture. This included evaluating their existing IT infrastructure, network architecture, data handling processes, security policies, and overall risk profile.
Gap Analysis:
Based on the assessment, a comprehensive gap analysis was conducted to identify the areas where the manufacturing firm fell short of meeting the requirements of CMMC Levels 1 and 2. This step highlighted vulnerabilities, potential weaknesses, and non-compliant practices.
Customized Compliance Roadmap:
We created a tailored roadmap that outlined the specific tasks, milestones, and actions needed to achieve compliance with CMMC Levels 1 and 2. This roadmap took into consideration the manufacturing firm’s unique operations and the sensitive nature of DoD contracts.
Technical Implementation:
We worked closely with the manufacturing firm's IT team to implement the necessary technical measures and controls to meet the requirements of CMMC Levels 1 and 2. This included deploying firewalls, intrusion detection systems, data encryption, access controls, and other cybersecurity measures.
Policy and Procedure Development:
We assisted the manufacturing firm in developing and updating cybersecurity policies and procedures. These documents were aligned with CMMC requirements and covered areas such as incident response, data handling, access management, and employee training.
Training and Awareness:
Recognizing the importance of employee awareness, we provided cybersecurity training sessions for the manufacturing firm's employees. This helped create a culture of cybersecurity awareness and best practices across the organization.
Continuous Monitoring and Improvement:
After achieving CMMC Level 1 and Level 2 compliance, we set up mechanisms for continuous monitoring and improvement. This included regular security audits, vulnerability assessments, and updates to ensure ongoing compliance as the threat landscape evolved.

Outcome

Through the collaborative efforts of the manufacturing firm and Arnaz Consulting, the client successfully achieved CMMC Level 1 and Level 2 compliance. This achievement allowed the manufacturing firm to maintain its DoD contracts, ensuring the security of sensitive defense-related information. The engagement not only resulted in compliance but also improved the manufacturing firm’s overall cybersecurity posture, reducing the risk of cyber threats and potential data breaches.

Conclusion

This case study highlights how Arnaz Consulting played a crucial role in assisting a small manufacturing firm that services the Department of Defense in achieving CMMC Level 1 and Level 2 compliance. By conducting assessments, creating a customized roadmap, implementing technical measures, developing policies, providing training, and establishing continuous monitoring, we enabled the manufacturing firm to navigate the complex world of cybersecurity regulations and safeguard its critical DoD contracts.