Pitfall #4 – Evidence & Logging Failures
Why deploying security controls isn't enough — CMMC Level 2 requires objective evidence you can prove through documentation and repeatable processes.
5 notes
Rick Hernandez
CEO | N2CON
Rick Hernandez has led N2CON as CEO since 2008, building a managed services organization that delivers enterprise-grade IT and security to businesses ranging from startups to large corporations. His approach is straightforward: operational optimization, security enhancement, and technology that drives real growth.
Before N2CON, Rick cut his teeth on enterprise infrastructure—Novell migrations at United Airlines, Exchange deployments for the US Postal Service, even a stint as a DoD contractor supporting military operations. That technical foundation shaped how he thinks about IT: practical, reliable, and built to last.
In recent years, Rick sharpened his focus on cybersecurity with a certification from UC Berkeley's Information & Cybersecurity Engineering program, alongside executive education from Wharton. The through-line is clear: he's spent 25+ years helping organizations navigate technology decisions that actually matter.
Pitfall #3 – The Access Control Gap
Access Control and Identification & Authentication represent a large portion of CMMC requirements — and where many organizations quietly fall behind on evidence.
Pitfall #2 – Access Control & Identity Gaps
Where CMMC assessments fail on access control, and a practical maturity model for evaluating your organization's identity governance.
Pitfall #1 – No Executive or Board Ownership
Why CMMC Level 2 failures almost always trace back to one missing element: leadership accountability.
The Illusion of 'We're Probably Fine'
Why CMMC Level 2 isn't an IT problem—it's a leadership accountability problem.