The CMMC Readiness Scorecard
A simple Red/Yellow/Green maturity test reveals whether you're actually prepared for assessment—or just hoping you are.
Rick Hernandez
CEO | N2CON
Rick Hernandez leads N2CON with deep technical roots and strategic clarity. A UC Berkeley-certified cybersecurity engineer with executive education from Wharton, he has spent over 25 years helping organizations build practical, reliable, and secure IT environments — from enterprise infrastructure migrations to long-term security programs.
What truly defines Rick is how he approaches relationships. He treats client environments with the care of an extension of his own team — flexing during difficult budget periods, planning ahead during growth cycles, and giving candid guidance even when it’s the harder truth. Clients stay with N2CON for years because they know Rick and his team take personal ownership, as if their name will still be attached to the work two decades from now.
Pitfall #4 – Evidence & Logging Failures
Why deploying security controls isn't enough — CMMC Level 2 requires objective evidence you can prove through documentation and repeatable processes.
Pitfall #3 – The Access Control Gap
Access Control and Identification & Authentication represent a large portion of CMMC requirements — and where many organizations quietly fall behind on evidence.
Pitfall #2 – Access Control & Identity Gaps
Where CMMC assessments fail on access control, and a practical maturity model for evaluating your organization's identity governance.
Pitfall #1 – No Executive or Board Ownership
Why CMMC Level 2 failures almost always trace back to one missing element: leadership accountability.
The Illusion of 'We're Probably Fine'
Why CMMC Level 2 isn't an IT problem—it's a leadership accountability problem.