We Specialize in CMMC Assessments for DoD
At KLC Consulting, we’re a certified C3PAO, which means we’re authorized to conduct independent CMMC assessments for DoD contractors like you. Think of us as objective auditors – we check to make sure your cybersecurity safeguards are really doing their job protecting sensitive government info (CUI). We evaluate how well you’ve implemented the CMMC controls at your target maturity level.
Our expert team is ready to roll up their sleeves and help you achieve CMMC certification. Schedule a consultation – we’re here to help!
I found the knowledge and professionalism of the C3PAO (KLC Consulting) to meet the high standard I would expect of assessors working within their specialty. The assessment questions were probing, but fair. I will say that KLC Consulting did such a complete job in their interviews that there was little the DIBCAC team needed to add to the conversation at times. Great working with you, and thank you.
— Steve Bezreh, CISO Mercury Systems
Our Expert Team is Dedicated to Your CMMC Success
At KLC Consulting, our collaborative professionals bring over 25 years of combined IT/Cyber experience to the table, serving a wide range of organizations, from publicly traded companies with complex CAGE Code hierarchies to small subcontractors. This breadth of experience gives us a deep understanding of the unique cybersecurity challenges faced by businesses of all sizes within the DoD supply chain.
As a C3PAO, KLC Consulting exclusively employs W2 Certified CMMC Assessors (CCA) for Level 2 assessments, ensuring consistent quality and dedicated focus.
What Sets Us Apart
Transparent Communication – We provide clear, honest feedback on your security posture, highlighting strengths and gaps to empower your remediation efforts (though we cannot offer direct advice).
Expert Assessors – Our Cyber AB-authorized Lead CCAs bring deep CMMC expertise and tailored industry experience to every assessment.
Unwavering Integrity – We conduct objective, accurate assessments, advocating for our clients by ensuring they understand CMMC requirements.++
KLC Consulting Leadership
Pickup existing bio text. Stop Kyle’s bio after third paragraph and add a READ MORE link that when clicked will extend the bio.
Use the new setup and font styling in the new layout provided. Note the headshots should be the new size, not the current size.
Same note for the CCA badges. I reduced them a little.
Also note the dark teal background is a gradient that quickly moves to the dark teal color #004473. See comp.
Please use Paul’s new photo provided and change it out wherever it appears on our site.
Kyle Lai
President and CISO
Certified CMMC Professional (CCP)
Certified Assessor(CA) & PI (Provisional Instructor)
CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor
Nationally recognized as a DoD cybersecurity expert with over 20 years of experience in cyber and I.T., Kyle assesses and architects NIST 800-171 and CMMC compliance solutions for U.S. Defense Industrial Base (DIB) companies. He consulted as a security advisor to several Fortune 500 companies and the DoD. Kyle now specializes in developing cost-effective CMMC compliance solutions for: Manufacturers, Aerospace, Engineering, Software Development, and MSP/IT companies.
Kyle’s distinguished career includes consulting for high-profile clients like ExxonMobil, Zoom, DISA, Boeing, HP, Fidelity Investments, Microsoft, Akamai, and PwC. He served as the former CISO to Pactera (a Blackstone Portfolio Co.) and Brandeis University – Heller School. Kyle was also an operations manager for DISA Cybersecurity Portal (predecessor of public.cyber.mil – a department within the U.S. Department of Defense).
His broad cybersecurity expertise spans security strategy, policies, program management, vulnerability management, penetration testing, incident response, business continuity, regulatory compliance, application security, and third-party risk management.
Areas of Expertise:
- CMMC for Multiple CAGE Codes
- NIST 800-171 / CMMC (Cybersecurity Maturity Model Certification)
- IT Security Advisory
- Information Security Policy Development
- Third-party Vendor Security Risk Assessment
- Certification & Accreditation (C&A)
- Penetration Testing / Vulnerability Assessment
- Incident Response
- Business Continuity Planning (BCP)
- Cloud Security
- US, EU Privacy Regulations M&A Due Diligence Assessment
- Application Security (OWASP)
Kyle is a guest lecturer at Brown University’s Graduate Cybersecurity Program and Lone Star College’s Cybersecurity program where he also serves as an Advisory Board Member of the school’s Cybersecurity Bachelor of Applied Technology (BAT) degree program.
A cybersecurity entrepreneur at heart, Kyle is the creator of the ubiquitous SMAC MAC Address Changer software. Over 3 million users globally have come to rely on SMAC to test and address security and privacy issues. In addition, he is a member of InfraGard (FBI Sponsored), ISSA, AFCEA, OWASP, IAPP, Texas CISO Council and has past certifications in MCSE, DISA System Administrator II.
Layla Paoletti
Director of Cybersecurity Services
Lead Certified CMMC Assessor (CCA)
CompTIA Advanced Security Practitioner (CASP)
Project Management Professional (PMP)
Layla leads the delivery of KLC Consulting’s cybersecurity & compliance services for our US Defense Industrial Base clients. She developed top-shelf expertise over 16 years of progressive experience, including five years with Booz Allen Hamilton as the team lead of 17 assessors. Layla also earned Bachelor degree from UCLA and Master degree from California State University, Los Angeles, both in English Language and Literature/Letters. Her subject matter expertise, collaborative spirit, and superior communication skills make her a highly sought-after cyber DFARS compliance expert.
John Sciandra
Principal CMMC Assessor-Advisor
CISSP, CCA
MS Computer Science/Information Security, JMU
U.S. Army ACERT Certified Level 3 Penetration Tester (CDAP-L3)
U.S Army Incident Handler
John Sciandra is a recognized leader in the CMMC ecosystem. As a Certified CMMC Lead Assessor (CCA) and CISSP, he brings a wealth of real-world experience to every engagement. John’s career journey includes serving as an airborne paratrooper in the U.S. Army, rescuing failing enterprise-level software projects, and honing his cybersecurity skills as an incident handler for the U.S. Army CERT, a threat hunter for the FBI, and a penetration tester with Lockheed Martin. A true innovator, John even holds a patent for one of the first cyber ranges. He leverages his diverse background, technical expertise, and analytical prowess to expertly guide organizations through the complexities of CMMC Level 2 assessments, ensuring they achieve compliance and strengthen their cybersecurity defense
Paul Casassa
Vice President
Paul manages all business matters for KLC Consulting. His focus is on client success, process improvement, and marketing initiatives to advance the reputation and growth of the firm. Paul produces KLC’s informational and educational videos featured on this website, LinkedIn Page, and YouTube channel – that cover the latest trends in DoD cybersecurity and CMMC 2.0.
KLC Consulting’s YouTube cybersecurity videos have been watched over 4,500 times.
Formerly Paul served in the commercial real estate industry. He was the Director of Property Management for the UMass Medical School in Worcester MA, and CFO of an international real estate development company that developed and operated the Turquoise Reef Resort and Casino – Turks & Caicos, BWI.
Paul graduated from Bentley University with a Bachelor of Science degree in Accountancy. He also completed an Executive Certificate Program with the MIT Sloan School of Management in Artificial Intelligence: Implications for Business Strategy.
"*" indicates required fields
Secure Your CMMC
C3PAO Assessment
Don’t Get Left on the Ground. With limited C3PAOs and a growing number of DIB companies requiring CMMC Level 2 certification, securing your assessment spot is crucial. Reserve your assessment with KLC Consulting today and avoid delays.
