This article is written by Mike Semel, who created CMMC for MSPs. After leaving his successful MSP business, he became a cybersecurity consultant, and now works as a defense contractor CMMC Certified Assessor and advisor for healthcare and financial services. If you want to be seen as an advisor or vCISO instead of a commodity MSP, you have to look beyond the systems you manage and into the contracts, insurance documents, and business workflows that actually drive client risk.