Appalachia Technologies, a Managed IT and Cybersecurity Provider, is pleased to announce that the Company now has three (3) approved Registered Practitioners (RPs) on staff: Jason McNew, Senior Engineer, Cybersecurity Risk & Compliance, Andy Warren, Senior Security Engineer, and Mike Romano, Principal Partner. Warren has background in the private sector while McNew and Romano both have extensive prior experience with the Department of Defense, including military service in the United States Air Force and Navy, respectively
The approval comes on the heels of Appalachia’s recent announcement of their approval as a Registered Provider Organization (RPO) by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB). The company plans to continue investing in the training and certification of their staff as part of their growing CMMC consulting practice.
To become an RP, applicants must complete extensive training and testing, as well as pass critical background checks to further protect the integrity of the CMMC process. RPs act as consultants to organizations as they prepared for CMMC, and their accreditation by the CMMC-AB itself provides organizations confirmation that they are being prepared in line with the audit standards and requirements.
As an RPO in the CMMC ecosystem, Appalachia is authorized to provide consulting services to defense contractors and employs trained staff in the CMMC methodology. RPO status is achieved once an organization meets specific criteria, including Registered Provider (RP) training completion by a staff member and a background check of the organization and associated RPs.
Leading Appalachia’s CMMC practice, Jason McNew founded Stronghold Cyber Security (SCS); a company specializing in NIST, CMMC, and DFARS compliance consulting services to defense contractors, which was acquired by Appalachia in 2020. The acquisition has strengthened Appalachia’s position in the marketplace as a leading cybersecurity firm. With the combined expertise, Appalachia provides the most comprehensive, end-to-end security compliance offering; starting with a readiness assessment, then moving on to assist with remediation and ongoing IT management and security monitoring (SIEM).
“I started NIST 800-171 consulting with defense contractors nearly 4 years ago now, just as the DoD first started mandating compliance with that framework,” says Jason McNew. “The CMMC was envisioned firstly as an enforcement mechanism, and secondly to address the ‘one size fits all’ shortcomings of 800-171. It’s has been very interesting and exciting to watch the evolution of the CMMC, and in particular to see how the market responds with clever solutions. The DoD is trying to get a major national security threat and serious financial problem under control, and there is just no way to accomplish that overnight. This is a massive undertaking, and it will take until 2025 to get all 300,000 contractors certified. The contractors who personally worry me the most, are the very small and especially the ‘Mom and Pop’ type businesses – cybersecurity is usually just not a language they speak at all, and it’s also expensive. These companies run a real risk of going out of business if they don’t follow the path to CMMC certification.”
Principal Partner, Mike Romano, added, “With 30 years of DoD affiliation, I've seen the evolution and early adoption of tech across the armed forces. It only makes sense that the DOD is taking a leading position in the fight to thwart our Cyber adversaries by creating a robust, yet secure supply chain system in support of the defense industrial base. Holding the cogs in the wheel to an operating standard around secure tech, is the most meaningful gesture that we can embrace in support of national security and CMMC is the answer we've been looking for.”
Andy Warren, Senior Security Engineer is pleased with the designation because “it helps us give the best possible advice to our clients. CMMC is a heavy lift and anything we can do to make that easier is worth the effort.”
To Learn more about CMMC and how Appalachia can help your organization achieve compliance, visit: https://appalachiatech.com/cmmc/cmmc-readiness-services
To schedule a meeting with one of Appalachia’s CMMC Subject Matter Experts, contact us at or call 888-277-8320.
About Appalachia Technologies, LLC:
Headquartered in Mechanicsburg, Pennsylvania, Appalachia was founded in 2004 and is a Best Places to Work in PA for 4 years in a row. Appalachia has been a Top 50 Fastest Growing Company in PA and has been named on the MSSP Alert Top 250 MSSPs, CRN MSP 500, and Channel Futures MSP 501 Lists. Appalachia is a SOC 2, Type II Audited company.
At Appalachia Technologies, we help businesses in our community stay ahead of the latest cybersecurity threats through a combination of technology, service, and education. We begin with a security risk assessment of the environment and then we build a cyber security roadmap to identify and prioritize improvements to your overall security posture. Our managed security services allow you to focus on your business goals and objectives, while our SOC (Security Operations Center) proactively monitors, manages and responds to security events in your environment.
For more information, visit: https://appalachiatech.com/