Rich Bates dives into the reality of federal cybersecurity requirements, offering a grounded look at how CMMC and NIST 800-171 are reshaping government contracting. He shares how Zeiders navigates the “woolly mammoth” of compliance by focusing on policies that are both thorough and adaptable. Rather than bogging down in static documentation, Rich keeps his System Security Plan evergreen, linking out to living procedures that evolve with tools and systems—ensuring agility in audits without sacrificing structure.

For contractors wrestling with cloud and remote work, Rich breaks down the value of enclave environments, particularly Microsoft GCC Moderate and High. He emphasizes that even call centers—once considered too complex for secure remote deployment—are becoming more viable thanks to FedRAMP-approved platforms and integrated encryption. His biggest caution? Don’t let program offices over-secure projects to the point of eliminating good vendors: “If IL2 is good, IL4 isn’t necessarily better—it’s just more restrictive.”

Beyond technical controls, Rich shines in communicating with everyday users. In company-wide standups, he avoids jargon and delivers “news you can use,” like how to create strong, memorable passwords or why phishing emails now look indistinguishable from legitimate ones. He teaches with humor (“I’m going to manufacture a keyboard with a built-in whiteboard for sticky notes”) but his message is serious: cyber starts at the keyboard, and the people behind it matter most.

Finally, Rich offers a compelling call to action for future cybersecurity professionals: focus on threat hunting. He shares why puzzle-solvers, neurodivergent thinkers, and those drawn to pattern analysis are uniquely equipped to succeed in this field. For young people—or parents of kids interested in cyber—he recommends exploring free labs, SANS resources, and even military cyber commands as a launchpad into the world of defense-grade cybersecurity.