Case Studies

Real results across the mission

Case studies showing our cybersecurity and compliance work in action across federal, state, and commercial clients.

From an SPRS Score of -203 to Assessment-Ready: Multi-Site CMMC Level 2 for a Navy Ship-Repair Prime

A Navy ship-repair prime with five dispersed sites and no structured security program started at an SPRS score of -203. InterSec sequenced five parallel workstreams and moved the score to -95 in six weeks, on track toward assessment readiness.

May 1, 2026 CMMC Level 2 Readiness (NIST SP 800-171) Read

When the MSP Is the Risk: CMMC Level 2 for a Specialty Metals Supplier

A specialty alloys supplier had a mature quality culture but no cybersecurity program, and an MSP that could not produce CMMC evidence. InterSec turned a mid-engagement MSP change into a compliance gain and built a clean four-user CUI environment.

Apr 25, 2026 CMMC Level 2 Readiness (NIST SP 800-171) Read

Right-Sizing CMMC Level 2 for a Small Navy Industrial-Services Contractor

A small shipyard-services contractor with no IT staff faced a CMMC Level 2 requirement written into an active Navy contract. InterSec built a lean, defensible self-assessment program a two-person team could run and keep running.

Apr 20, 2026 CMMC Level 2 Readiness (NIST SP 800-171) Read

Building a CMMC Program from Near-Zero for a Defense and Aerospace R&D Manufacturer

A small R&D manufacturer doing mission-critical defense and space work had the contracts but no documented security program and a non-compliant cloud. InterSec sequenced a from-scratch CMMC Level 2 build against a firm November 2026 deadline.

Apr 15, 2026 CMMC Level 2 Readiness (NIST SP 800-171) Read

The Hardest CMMC Client: Level 2 for a Solo Defense Technology Consultant

A one-person defense consultancy carried the same 110-control burden as a 200-person manufacturer, with none of the capacity. InterSec redesigned its delivery model around a sole operator's reality: shorter documents, self-execution, manual monitoring, and an honest timeline.

Apr 10, 2026 CMMC Level 2 Readiness (NIST SP 800-171) Read

Validating and Rebuilding a Legacy CMMC Program for a Navy Ship-Preservation Subcontractor

A ship-preservation subcontractor under new ownership inherited a five-year-old compliance baseline and a pending platform decision. InterSec validated the legacy program, ran a structured CUI-tool evaluation, and rebuilt on a clean cloud foundation.

Mar 15, 2026 CMMC Level 2 Readiness (NIST SP 800-171) Read

A Bug Bounty Program That Cut Critical Vulnerabilities by 75% for a Wealth-Intelligence Platform

A FinTech platform with two decades of history needed to find the vulnerabilities that mattered without overspending. InterSec designed a bug bounty program that focused budget on verified, high-impact flaws.

Aug 17, 2025 Bug Bounty Program Design Read

ICS-Aware Penetration Testing for a Global Industrial IoT Provider

An IIoT provider serving 52,000+ customers and handling 39+ billion data readings ran on industrial control protocols that standard penetration tests routinely miss. InterSec built ICS-aware testing that surfaced critical vulnerabilities and cut major exploitable flaws by 90 percent.

Aug 11, 2025 ICS & IoT Penetration Testing Read

Securing Global ERP Systems for the U.S. Department of the Army

As a subcontractor supporting the Army's CIO/G6 office, InterSec embedded secure DevOps practices and cost-optimized disaster recovery to harden globally distributed ERP systems against fast-moving threats within tight budget constraints.

Jul 17, 2025 Secure DevOps Integration Read

Unifying Two Companies Under One CMMC Level 2 Program After an Acquisition

A 200-person defense contractor that had just acquired a manufacturer needed to bring two separate IT environments under one CMMC Level 2 program before DoD deadlines hit. InterSec unified identity, policy, and controls across both, reaching an SPRS score of 110.

Mar 11, 2025 CMMC Level 2 Readiness (NIST SP 800-171) Read

Building Cyber Supply Chain Risk Management (C-SCRM) for the U.S. Department of the Interior

The Department of the Interior had to meet Executive Order 14028 across a large network of hardware, software, and service vendors without real-time risk visibility. InterSec, with a product partner, built a C-SCRM program that made supply-chain risk a routine function rather than a special project.

Mar 11, 2025 C-SCRM Framework & Implementation Read

Closing the CMMC Level 2 Gap for a Manufacturer with Legacy IT and Cloud Hesitancy

A Virginia manufacturer with minimal IT staff, aging infrastructure, and reservations about the cloud risked losing DoD contracts under DFARS 7012. InterSec's phased NIST 800-171 approach closed the gaps and reached CMMC Level 2 in nine months.

Mar 11, 2025 CMMC Level 2 Roadmap (NIST 800-171) Read

ISSO Support and DevSecOps for the CMS Marketplace

The CMS Marketplace runs FISMA High systems that must ship fast and pass a stack of federal audits. As a subcontractor to the prime, InterSec built DevSecOps into the Expedited Life Cycle and held continuous authority to operate with zero coverage disruptions.

Mar 11, 2025 ISSO Support (FISMA High) Read

Red Teaming and Penetration Testing for the Administrative Office of the U.S. Courts

The Administrative Office of the U.S. Courts had to coordinate security across 22 interconnected subsystems holding sensitive legal data while maintaining continuous authorization. InterSec ran red team and penetration testing with policy review and user education to keep the judiciary's systems assessment-ready.

Mar 11, 2025 Red Teaming Read