CMMC Readiness, Compliance Consulting, and Career Lessons with Joe Schofield

In this episode of the Cybersecurity Recruiter Podcast, Tom speaks with Joe Scholefield, a former sysadmin/network engineer and ex-Dell cybersecurity manager, now serving as Director of Compliance at Deafcert, about helping defense contractors meet CMMC (based on NIST requirements) and preparing for DoD third-party assessments. Joe explains CMMC readiness commonly takes 12–18 months, with faster progress driven by aligned stakeholders, minimal internal resistance, and strong cross-department project management.

They discuss CMMC as both a cost and revenue differentiator, increasing supply-chain pressure from primes like Lockheed and RTX, and a looming assessor bottleneck given the number of companies needing certification versus C3PAOs. Joe shares career advice on knowing when to move roles, the impact of earning a bachelor’s degree over 17 years to avoid HR filtering, the importance of soft skills in consulting, and recommends the “CUI Center of Excellence” Discord community.

00:00 Welcome and Guest Intro

01:03 What Joe Does Now

02:52 Helping Clients Succeed

03:36 Racing Through CMMC

05:24 CMMC as Revenue Driver

06:36 Supply Chain Pressure

07:46 Bottleneck and Assessors

08:50 Rollout Timeline Debate

11:39 Why CMMC Exists

13:08 Career Growth Lessons

16:27 Hiring and Soft Skills

19:19 Restaurant Skills for Consulting

20:29 Career Growth and Timing Moves

20:43 Finishing a Degree Late

22:37 Degrees and HR Filters

23:51 Certs and Hiring Signals

24:34 Job Search Fatigue Tips

26:31 Small Teams Hiring Stakes

27:17 Finding Community Resources

29:01 Mentors and Giving Back

31:26 Making Time for Growth

32:31 Work Life Balance Advice

33:08 Golf and Disconnecting

33:55 Wrap Up and Thanks