I Was Stressed, Now I Sleep at Night: DEWM's CMMC Journey with RADICL

For small defense manufacturers, CMMC Level 2 compliance can feel like navigating a maze blindfolded — mountains of policies, a strict assessment process with zero gray area, and a national shortage of certified assessors making every deadline feel more precarious. That's exactly where DEWM, a Colorado-based manufacturer of electronic warfare devices, found itself.

Joe Roque, DEWM's CMMC and Compliance Manager, came into the role knowing enough to understand the stakes — but not yet enough to tackle the full scope of Level 2 requirements alone. After parting ways with a previous vendor over communication issues, DEWM turned to RADICL. What followed, in Joe's words, was a transformation: from stressed and overwhelmed to ahead of schedule and sleeping soundly.

In this testimonial, Joe shares the details of that journey — from RADICL's compliance dashboard and policy templates to the deep expertise of their team — and offers candid advice for any defense contractor just starting to navigate the CMMC landscape.

Full DEWM Testimonial Transcript

Interviewer: Let's start — can you say your name, title, and explain what DEWM does?

Joe: Yeah. So my name is Joe Roque. I'm the CMMC and Compliance Manager over at DEWM, and we manufacture electronic warfare devices.

Interviewer: Excellent. And how did you first find RADICL?

Joe: So that was David, our CEO. David was on the hunt for a good company to help us with our CMMC stuff. And you guys were there, you know. So we set up some interviews and we liked what you guys had to offer.

Interviewer: Awesome. Do you know if you shopped us against other CMMC vendors?

Joe: The other company I believe was Atomus.

Interviewer: Atomus. Okay. And do you have context on why you went with us over them?

Joe: Well, I kind of stepped into the CMMC stuff a little bit towards the end. They were working with Adams, and leadership wasn't fully happy with how they were handling things — the lack of communication, I believe.

Interviewer: Cool. Are you using us for only CMMC? Are we also your MDR provider or anything else?

Joe: No, right now it's just for the CMMC coordination.

Interviewer: Nice. And do you guys already have an assessment scheduled?

Joe: Yes. I think September 15th is what we were shooting for.

Interviewer: Awesome. I'll have to chat with you again once you pass that. So what's your favorite part of working with RADICL?

Joe: I mean, your team is pretty awesome. I reached out to your help desk and within 24 hours I get a response. Corey — same way. I believe he's our team lead, or however you guys title your people. We directly work with him one-on-one, he gets back quickly, explains things thoroughly, and has helped out tremendously in streamlining the enormous task that is CMMC. Everything I've asked so far, he's known — which is shocking, because I thought CMMC was a fairly relatively new process. I know it's been around for a little bit, but no one really cared about it until recently. So to have someone — to have that many people at your company with that much knowledge specifically in this world is just astounding. Honestly, it's very, very helpful. I know enough to get hurt, and that's how I got into this position.

Interviewer: Are you the only CMMC person at DEWM?

Joe: Yeah, yeah.

Interviewer: Excellent. Would you recommend RADICL and why?

Joe: Yeah, absolutely. Like I said, the knowledge base you guys have is pretty awesome. I know I've only really dealt with two companies, but this is a very specific thing that everybody needs all of a sudden. You guys had the knowledge base, and you have the systems and tools — I forget what you call it, but your compliance program is awesome. I love it. It took me maybe just a couple of hours of playing with it once I had access, and I knew exactly what I needed to do. I think I actually might have even helped out with a software problem — I did something I wasn't supposed to be able to do, and Corey relayed that back to your team. Makes it easier for all of us.

Interviewer: That's awesome. Can you talk more about the dashboard — the score at the top, the documentation within it? Talk a little bit about how that's been helpful.

Joe: It just helps you because it's user-friendly, it's intuitive, it's very almost app-based. It's very easy for people to use — even people who aren't super IT-coordinated. It lays out the requirement, the question — and not only the question, but it also provides detailed information on who, what, when, where, why, and how to answer that question, and what the best course of actions are to get the evidence. And it tells you what type of evidence best fits each requirement. Plus it has automated policy outlines — if I didn't have a policy or procedure already in place, you guys provide outlines that get you 90% of the way there. All we had to do was put our company header on it, plug in our specific information, tweak it, and it's done. That saves an ungodly amount of time. You've got what — 40 or 50 policies and procedures required for a proper CMMC program? That doesn't even count your SSP, which you need all of those to create in the first place. It makes the job so much easier.

Interviewer: Has there been anything working with our team that surprised you about the CMMC process, or anything you learned about preparing for your assessment?

Joe: This is nothing like any assessment I've been a part of in 20 years, and I've done a ton of them. It's very different because I only have military assessments to base myself off of. So in this world — even though it's Department of Defense — it's very different doing it as a civilian. I was just shocked at how thorough and very detailed the required information is. And if it's not within those parameters, it's rejected, period. There is no gray area whatsoever. It is either this, or it's that, and that's it.

Interviewer: Yeah, that makes it kind of stressful. I keep hearing there's such a shortage of C3PAOs that they're booked for months and months in advance.

Joe: Evidently there are 50 or 60,000 companies that need certification and there's only a handful of people who can actually do the assessments. And everybody's supposed to be completely finished by what — 2027 or 2028? I see the goalposts being moved unless they can somehow produce a bunch of assessors out of thin air.

Interviewer: All right, this is my last question — do you have any advice for an organization like DEWM that's looking for compliance or cybersecurity solutions?

Joe: My only advice is: I would not try to tackle a Level 2 CMMC compliance program by yourself. Even as a small company, even if you have an IT department or team, it is very, very specific. It is very tedious and you need someone who knows the programs, knows the requirements, and knows the rules and regulations — like RADICL — to basically guide you through it. You definitely need help. It's definitely something that you can't do by yourself as a company, at least in my opinion.

Interviewer: Awesome. Is there anything else you'd like to say about RADICL that I didn't cover?

Joe: No, no. Like I said, you guys are great. So far, so good. You guys have really helped out a lot. I'm very, very ahead of the game now compared to when I started working with you. I was very stressed at the beginning, and now I sleep at night and don't think about this. I'm very, very serious. That's the goal.

Ready to start your own RADICL journey? Let's talk.