How Koontz Electric Passed CMMC Level 2 with a 3-Person IT Team

Koontz Electric is a heavy industrial electrical contractor working on government and Corps of Engineers projects across the US, which means CMMC Level 2 compliance isn't optional.

With just a 3-person IT team and a previous compliance partner who had fallen through, they needed expert help fast. In this testimonial, IT Manager Corey Steele shares how RADICL helped Koontz Electric navigate the complexity of CMMC compliance, from policy templates and mock assessments to hands-on expert guidance, and ultimately pass their official C3PAO assessment.

In this video:

• Why Koontz Electric chose RADICL over other compliance options
• How the mock assessment was the key to passing the real one
• What it's like working with a small IT team and leaning on outside expertise
• Corey's advice for other contractors facing CMMC requirements

If your organization is working toward CMMC compliance and doesn't know where to start, we can help.

Full Koontz Electric Testimonial Transcript

Interviewer: Can you start with your name, title, and what Koontz does?

Corey: Sure. My name is Corey Steele. I work for Koontz Electric. We are a heavy industrial electrical contractor working coast to coast across the US. I'm the IT manager.

Interviewer: How did you find RADICL?

Corey: I'm not entirely sure. I did a quick search and I see an email here — kind of a sales email saying something like "get ahead of the curve." I think I jumped on that and went for it.

Interviewer: You started with just compliance with us, right? Can you talk about why you chose us for CMMC and how that went?

Corey: It seems like so long ago. I see an email from Dominic Crocker, and I sent it to my partner and said, "Worth a phone call, don't you think?" I think the catch was CMMC Level 1 compliant in 90 days and Level 2 in just six months. We were like, let's call these folks.

We got the pitch about the compliance piece and how it works. We had another company helping us, but their lead guy — who was really good at writing policies and procedures — left. So we were left with someone who didn't know as much, and we needed help. We knew the company needed to be Level 2 compliant, but we weren't going to get there without some help.

Interviewer: Is most of your business DoD contracts?

Corey: It's weird that everybody says that. I'd say we're over 50% government contracts — mostly Corps of Engineers work — and the rest is local municipalities. We work closely with Entergy, our local electric company, for example.

Interviewer: And for the government work you need CMMC compliance?

Corey: Correct.

Interviewer: Did you shop us against anyone else?

Corey: There were a couple of other folks who said they did what you do, but we ended up going with RADICL. I don't even remember the exact reason, but the compliance piece was it. I think having templates was a big thing for me — I was in the middle of trying to write policies and procedures myself, using ChatGPT and all that. So the templates were a big plus.

Interviewer: I heard you started small and gradually added other services. Is that right?

Corey: Yes. Using the compliance platform, we started looking at the other things we needed — logging, MDR, all of that — once we decided to do the enclave. We thought we had all that set up with Arctic Wolf, and we did, just not in the enclave. The more I worked in the RADICL platform, the more I wanted to move everything into one platform rather than managing two different ones.

Interviewer: How have you found the RADICL platform overall?

Corey: It's easy to use, especially once you get the compliance piece figured out. Some of the other modules I'm less familiar with, but it follows the same layout — menu on the left, and so on. With some of our other vendors, I wasn't in the platform that often, and it was confusing when I had to get in there. So I made a big push to get everything under one roof for both our commercial environment and our enclave.

Interviewer: Talk me through working up to the assessment and the assessment itself.

Corey: It was good — it had its challenges. The government had a 1.0 version, then switched to 2.0, and kept pushing back the deadline for contracting officers to require it. I don't have time to keep up with all of that, so having Victor early on was huge. Whenever I had questions, he helped me speak intelligently to the rest of the team here. The templates were a big help to get things started, and Victor's knowledge was invaluable.

Interviewer: How far in advance did you book your C3PAO?

Corey: At least six months out. Victor recommended we do it sooner, but I didn't feel comfortable being ready. And as we got closer, he didn't either. So we ended up doing a bit of a mad dash at the end.

Interviewer: But you passed!

Corey: We did, thank goodness. We did the mock audit, which is an added cost on top of the real audit, but Victor was right — if you do that, you have a much better chance of succeeding. We spent a week on the mock audit and got a week's worth of things to fix. In the real audit, they found a few more things, but we were able to button them up within the allotted time — adjusting some wording, making sure everything matched up, making sure we were doing what we said. I don't think we would have passed without the mock assessment.

Interviewer: What would you say is your favorite part of working with RADICL?

Corey: The knowledge. We definitely have to lean on you guys, especially in the compliance space. But just yesterday, we had a meeting about some contract issues — I thought we were getting A and B, and it turned out we were getting C and D. The whole team dropped what they were doing to meet with Ryan and me and make sure we were comfortable by the time we hung up. That part is awesome. You guys have really worked to make sure we're content and happy. And I know we've put a lot of business in your lap too — we went from just a small enclave to our entire environment — but it's good to be taken care of.

Interviewer: Would you recommend RADICL to other organizations like Koontz?

Corey: Yeah, absolutely. For organizations trying to become compliant, the platform just makes it all make sense. It is complicated, and there's a lot of work you still have to do yourself — I thought people were just going to start sending me things to approve and we'd plug it into our SSP. That wasn't the case. But we at least had a guide, and we knew where we were. I've already recommended RADICL a couple of times to contractor partners we work with.

Interviewer: Do you have a team internally or is it just you?

Corey: There are three of us — two on site and one remote.

Interviewer: Was RADICL managing everything being a selling point for your small team?

Corey: Yes, definitely. In IT, you could have a full-time job just putting out small fires — even something like a printer not printing. The more we don't have to worry about the bigger stuff you're watching, the better.

Interviewer: Any advice for other organizations looking at compliance or cybersecurity?

Corey: Figure out where your strengths are, and more importantly where your weaknesses are. It's worth it — especially if you have to become compliant — to hire someone like RADICL to take care of that stuff for you. I have a really good guy in Ryan, but he's only one person. I want him spending his time on things that matter to Koontz's culture and bottom line, not figuring out cybersecurity.

Interviewer: Anything else you'd like to add?

Corey: Not much more on my end. Some of the features outside of compliance I'm not as familiar with yet, but we're actually talking today about getting all the other RADICL pieces into our commercial environment too. So I expect I'll be seeing more of how that's integrated going forward.

Ready to start your own RADICL journey? Let's talk.