u/Ella_Monroe_

We have been looking at the requirements for the CMMC Level 2 assessment and honestly it feels like every time we solve one control, three more pop up that require some expensive new tool or a specialized consultant. I am all for security, but the overhead for a small firm to actually prove they are compliant is starting to feel like a full-time job in itself.

Are you guys actually trying to do this all in-house, or have you just given up and handed the keys to a managed service provider? I am trying to figure out where the line is between we can handle this and we are just going to mess this up and lose our eligibility. If you went with an outside team, was it actually worth the cost or did you still end up doing half the documentation work yourself anyway?

We have been looking at the requirements for the CMMC Level 2 assessment and honestly it feels like every time we solve one control, three more pop up that require some expensive new tool or a specialized consultant. I am all for security, but the overhead for a small firm to actually prove they are compliant is starting to feel like a full-time job in itself.

Are you guys actually trying to do this all in-house, or have you just given up and handed the keys to a managed service provider? I am trying to figure out where the line is between we can handle this and we are just going to mess this up and lose our eligibility. If you went with an outside team, was it actually worth the cost or did you still end up doing half the documentation work yourself anyway?

We have been looking at the requirements for the CMMC Level 2 assessment and honestly it feels like every time we solve one control, three more pop up that require some expensive new tool or a specialized consultant. I am all for security, but the overhead for a small firm to actually prove they are compliant is starting to feel like a full-time job in itself.

Are you guys actually trying to do this all in-house, or have you just given up and handed the keys to a managed service provider? I am trying to figure out where the line is between we can handle this and we are just going to mess this up and lose our eligibility. If you went with an outside team, was it actually worth the cost or did you still end up doing half the documentation work yourself anyway?

Every time we bid on a cleared contract, it feels like we are scrambling at the last minute to find solid TS/SCI candidates to put on the proposal. We try to keep a pipeline going, but the reality is that cleared talent gets snapped up instantly. You simply cannot ask these folks to wait around for three or four months while the government figures out the award details.

I always hear people talking about building an evergreen bench, but how realistic is that for the rest of us? Are you guys leaning heavily on specialized staffing partners to handle the heavy lifting, or are you just grinding on LinkedIn and crossing your fingers? I would love to know if anyone has figured out a reliable way to keep cleared candidates engaged and ready to go without literally paying them to sit on the sidelines.

I’ve been deep in the federal contracting space for a while now, and one thing that keeps me up is how much time we spend polishing proposals that might never actually be seen by the people who have the technical "pain."

We all know the standard drill: find the RFP on SAM, follow the instructions to a T, and hope the contracting officer likes our font choice. But honestly, it feels like a total coin toss if you haven't already made an impression on the program managers or the "boots on the ground" who are actually dealing with the tech gaps.

I’m curious what strategies you guys are using to get your technical solutions in front of the right people before the RFP even hits the street. Are you finding more success with targeted LinkedIn networking, or are you actually getting value out of the "matchmaking" events at conferences?

Also, for those of you who have successfully broken into a new agency, did you lead with your full service list, or did you find a tiny, specific niche to use as a foot in the door? I’m trying to cut through the noise and stop wasting time on the standard "spray and pray" approach to capture. Would love to hear some real-world wins (or even the epic fails to avoid).