Description:
You did your self assessment and received a perfect 110 score, congratulations! You met with your C3PAO and scored less than 0. What happened!
How can two CMMC assessors examine the same defense contractor and arrive at completely different scores? A lack of rigor in assessment methodology could mean the entire certification system is measuring the assessor — not your security. Logan Therrien, Chief Strategy Officer at Kieri Solutions and one of the original C3PAO lead assessors in the U.S., joins Justin Beals to expose a critical flaw in how CMMC Level 2 assessments are conducted today: no standardized evidence sampling methodology.
This episode is for DoD contractors, compliance consultants, and defense industry executives who want to understand what's at stake — and how to navigate assessments before the rules tighten further.
Chapters:
00:00 Introduction to Secure Talk and Psychometrics
01:45 Understanding CMMC and Its Implications
05:32 Logan Therian's Background and Insights
09:16 The Challenges of Assessment Methodologies
16:10 The Scale and Impact of CMMC Assessments
20:31 Navigating Standards in Cybersecurity
23:53 Evidence Testing in CMMC Assessments
27:43 The Importance of Reliable and Accurate Assessments
36:22 Building Trust Between Industry and Defense
41:46 Future Directions in CMMC Research
What you'll learn:
Logan also co-authored the peer-reviewed paper "The Need for Standardized Evidence Sampling in CMMC Assessments: A Survey-Based Analysis of Assessor Practices" (with John Hastings) — one of the first data-driven studies of assessment methodology in the CMMC ecosystem.
Resources:
Therrien, Logan and Hastings, John.. (2026, February 10). The need for standardized evidence sampling in CMMC assessments: A survey-based analysis of assessor practices. arXiv. https://arxiv.org/abs/2602.09905