We Specialize in CMMC Assessments for DoD
We understand the natural apprehension people have about their CMMC certification assessment. You fear an invasive ‘gotcha!’ type of auditor. At KLC Consulting, our friendly, transparent, and collaborative assessment style alleviates that concern. Our assessment philosophy is to be the objective C3PAO that validates your demonstrated security practices. We ensure every assessment is conducted with professional empathy, clear communication, and a personal human approach, empowering you to demonstrate your security posture with confidence.
I found the knowledge and professionalism of the C3PAO (KLC Consulting) to meet the high standard I would expect of assessors working within their specialty. The assessment questions were probing, but fair. I will say that KLC Consulting did such a complete job in their interviews that there was little the DIBCAC team needed to add to the conversation at times. Great working with you, and thank you.
— Steve Bezreh, CISO Mercury Systems
Our Expert Team is Dedicated to Your CMMC Success
At KLC Consulting, our collaborative professionals bring over 75 years of combined IT/Cyber experience to the table, serving a wide range of organizations, from publicly traded companies with complex CAGE Code hierarchies to small subcontractors. This breadth of experience gives us a deep understanding of the unique cybersecurity challenges faced by businesses of all sizes within the DoD supply chain.
As a C3PAO, KLC Consulting exclusively uses W2 lead and quality insurance assessors (CCA) for Level 2 Certification assessments, to ensure consistent quality and delivery under our philosophy of collaboration.
What Sets Us Apart
Transparent Communication – We provide clear, honest feedback on your security posture, highlighting strengths and gaps to empower your remediation efforts (though we cannot offer direct advice).
Expert Assessors – Our Cyber AB-authorized Lead CCAs bring deep CMMC expertise and tailored industry experience to every CMMC Level 2 assessment.
Unwavering Integrity – Unwavering Integrity – Our work is driven by a commitment to national security. We conduct fair, accurate, and objective assessments to help strengthen the defense industry through robust cybersecurity.
KLC Consulting Leadership
Kyle Lai
President and CISO
Lead CMMC Certified Assessor (CCA)
Certified CMMC Professional (CCP)
Provisional Instructor (PI)
CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor
Nationally recognized as a DoD cybersecurity expert with over 20 years of experience in cyber and I.T., Kyle assesses and architects NIST 800-171 and CMMC compliance solutions for U.S. Defense Industrial Base (DIB) companies. He consulted as a security advisor to several Fortune 500 companies and the DoD. Kyle now specializes in developing cost-effective CMMC compliance solutions for: Manufacturers, Aerospace, Engineering, Software Development, and MSP/IT companies.
Kyle’s distinguished career includes consulting for high-profile clients like ExxonMobil, Zoom, DISA, Boeing, HP, Fidelity Investments, Microsoft, Akamai, and PwC. He served as the former CISO to Pactera (a Blackstone Portfolio Co.) and Brandeis University – Heller School. Kyle was also an operations manager for DISA Cybersecurity Portal (predecessor of public.cyber.mil – a department within the U.S. Department of Defense).
His broad cybersecurity expertise spans security strategy, policies, program management, vulnerability management, penetration testing, incident response, business continuity, regulatory compliance, application security, and third-party risk management.
Areas of Expertise:
- CMMC for Multiple CAGE Codes
- NIST 800-171 / CMMC (Cybersecurity Maturity Model Certification)
- IT Security Advisory
- Information Security Policy Development
- Third-party Vendor Security Risk Assessment
- Certification & Accreditation (C&A)
- Penetration Testing / Vulnerability Assessment
- Incident Response
- Business Continuity Planning (BCP)
- Cloud Security
- US, EU Privacy Regulations M&A Due Diligence Assessment
- Application Security (OWASP)
Kyle is a guest lecturer at Brown University’s Graduate Cybersecurity Program and Lone Star College’s Cybersecurity program where he also serves as an Advisory Board Member of the school’s Cybersecurity Bachelor of Applied Technology (BAT) degree program.
A cybersecurity entrepreneur at heart, Kyle is the creator of the ubiquitous SMAC MAC Address Changer software. Over 3 million users globally have come to rely on SMAC to test and address security and privacy issues. In addition, he is a member of InfraGard (FBI Sponsored), ISSA, AFCEA, OWASP, IAPP, Texas CISO Council and has past certifications in MCSE, DISA System Administrator II.
John Sciandra
Principal CMMC Assessor-Advisor
CISSP, Lead CMMC Certified Assessor (CCA)
MS Computer Science/Information Security, JMU
U.S. Army ACERT Certified Level 3 Penetration Tester (CDAP-L3)
U.S Army Incident Handler
As Principal CMMC Assessor-Advisor and a recognized leader in the CMMC ecosystem, John Sciandra is distinguished by a career dedicated to high-stakes, real-world defensive and offensive cyber operations. He brings a unique, adversarial mindset and wealth of experience to every KLC Consulting engagement, so clients can build defenses that can withstand sophisticated threats.
John’s foundation was forged through critical service with the U.S. government. This includes his role with the U.S. Army ACERT as a certified Level 3 Penetration Tester (CDAP-L3) and Incident Handler, where he was on the front lines of protecting the Army’s most sensitive networks and critical infrastructure. After retiring from the U.S. Army where he was an airborne paratrooper and national security level software developer, he transitioned to a position where he successfully rescued failing enterprise-level software projects.
Following this, he leveraged his skills as a Threat Hunter for the FBI, contributing to national security by analyzing and neutralizing Advanced Persistent Threats (APTs) targeting the defense supply chain and critical U.S. organizations.
His experience as a Penetration Tester with Lockheed Martin further cemented his expertise in securing complex, mission-critical systems and software within the Aerospace and Defense sector.A true innovation leader in the cyber community, John holds a patent for one of the first next-generation cyber ranges, showcasing his commitment to developing practical, measurable security training solutions.
This extensive operational and innovative background provides KLC Consulting clients with an assessor-advisor who not only validates compliance but strengthens their entire security posture with a Red Team perspective. He leverages his MS in Computer Science/Information Security from JMU and vast operational history to expertly conduct CMMC Level 2 assessments with the goal of transforming compliance into a durable competitive advantage.
Jeff Snyder
Lead CMMC Assessor
Lead CMMC Certified Assessor (CCA)
CMMC LCCA, CISSP, CISM, ISSAP, CCSP
MS, Cybersecurity and Information Assurance
As a Lead CMMC Certified Assessor, Jeff Snyder brings more than a decade of hands-on cybersecurity and compliance experience across federal, defense, and commercial environments. He is known for his practical, evidence-driven approach to CMMC Level 2 assessments, helping organizations align people, processes, and technology to meet CMMC security objectives in a defensible and audit-ready manner.
Jeffery’s expertise is grounded in real-world assessment and operational experience. As a Lead Certified CMMC Assessor (LCCA), he has supported multiple organizations through successful CMMC Level 2 assessments, leading evidence walkthroughs, validating System Security Plans (SSPs), confirming assessment scope, and evaluating the sufficiency of technical artifacts, interviews, and demonstrations. His work emphasizes clarity, traceability, and assessor-grade documentation that stands up to scrutiny.
His foundation was built supporting high-security U.S. Air Force programs, including mission-critical and nuclear command and control environments. In these roles, Jeffery authored and maintained extensive security documentation, developed over a thousand security control policies, supported RMF-aligned assessments, and contributed to security operations for highly sensitive systems.
Earlier in his career, Jeff led cybersecurity and compliance initiatives for commercial organizations subject to HIPAA and PCI DSS, as well as classified and unclassified DoD networks during his service in the United States Coast Guard. His experience spans vulnerability management, incident response, identity and access management, and large-scale network modernization efforts.
This diverse operational and assessment background allows Jeff to function not only as an assessor, but as a strategic partner who helps organizations move beyond checkbox compliance. He leverages his Master’s degree in Cybersecurity and Information Assurance and extensive field experience to conduct CMMC assessments with the goal of turning compliance into a durable business and contractual advantages.
Paul Casassa
Vice President
Paul manages all business matters for KLC Consulting. His focus is on client success, process improvement, and marketing initiatives to advance the reputation and growth of the firm. Paul produces KLC’s informational and educational videos featured on this website, LinkedIn Page, and YouTube channel – that cover the latest trends in DoD cybersecurity and CMMC 2.0.
KLC Consulting’s YouTube cybersecurity videos have been watched over 4,500 times.
Formerly Paul served in the commercial real estate industry. He was the Director of Property Management for the UMass Medical School in Worcester MA, and CFO of an international real estate development company that developed and operated the Turquoise Reef Resort and Casino – Turks & Caicos, BWI.
Paul graduated from Bentley University with a Bachelor of Science degree in Accountancy. He also completed an Executive Certificate Program with the MIT Sloan School of Management in Artificial Intelligence: Implications for Business Strategy.
Our C3PAO Assessment Services
CMMC Level 2 Assessment
Lead CCAs execute the Level 2 audit (review, interview, test) and submit the official results to DOD eMASS.
Readiness “Mock” Assessment
A practice-run assessment to identify deficiencies to prepare you for your official Level 2 Certification Assessment.
Mock + Level 2 Discounted Bundle
Phased approach reduces the risk of a formal assessment failure, saving you time and the cost of a full re-assessment.
Annual Affirmation Attestation
Meet your annual SPRS Affirmation requirement with confidence through an independent C3PAO review.
Don’t Get Left on the Ground
With limited C3PAOs and a growing number of DIB companies requiring CMMC Level 2 certification, securing your assessment spot is crucial. Reserve your assessment with KLC Consulting today and avoid delays.
Feeling Overwhelmed by CMMC?
Download our essential guide to gain a clear roadmap through every phase of a CMMC Assessment. From foundational preparation and scope definition to navigating the assessment day and understanding post-audit requirements. Don’t leave your CMMC Level 2 success to chance.
