This article was featured on i95Business, December 2nd, 2025
A few years ago, I sat in yet another leadership meeting that felt like déjà vu. We were busy, motivated, and full of ideas, but somehow, despite our energy, we weren’t gaining the traction I envisioned.
Issues that I thought we solved at the previous meeting would resurface, and challenges that could use some deeper discussion didn’t get the focused time they deserved. We were growing, but growth felt inarticulate and was sometimes reactive.
As co-CEO of MNS Group, a cybersecurity and compliance-focused managed services provider, I was proud of what we’d built. We had an amazing team, long-standing clients, and a mission that mattered deeply and resonated with us: protecting organizations in the Defense Industrial Base. But I knew we needed a better way to run the business. That’s when we discovered the Entrepreneurial Operating System, or EOS.
Finding Clarity Through EOS
EOS isn’t software; it’s a business framework that helps entrepreneurial companies get what they want from their business by aligning vision, people, data, issues, and processes. It’s deceptively simple: get everyone rowing in the same direction, clarify the company vision, establish measurable goals, and address problems openly and honestly.
At first, implementing EOS felt like a big lift. We worked with an implementor who facilitated deep conversations: What are our company’s core values? What are the critical things we must accomplish this quarter? How do we measure results?
Once we embraced the structure, the results were profound. We learned to consolidate meetings, run meetings that actually produced outcomes, measure progress through data instead of intuition, and approach every challenge confidently, together as a team. EOS gave us language and rhythm.
We developed an Accountability Chart that replaced fuzzy job descriptions. We established our quarterly goals, referred to as “rocks,” and committed to making steady progress on them with the built-in accountability they provided. The Level 10 meetings were elemental: focused, time-bound weekly check-ins by department that forced us to solve issues rather than circle around them.
The impact wasn’t just operational. It was cultural. Clarity reduced stress. Accountability strengthened trust. Everyone began to understand how their work connected to the company’s bigger mission. In short, EOS helped us grow up as a business — from entrepreneurial energy to intentional leadership.
The External Challenge: CMMC and Operational Maturity
While EOS was strengthening our internal systems, another challenge was emerging externally. As a managed service provider working with Defense Industrial Base contractors, we knew that cybersecurity expectations were rising fast.
The Department of Defense was implementing the Cybersecurity Maturity Model Certification (CMMC), a rigorous program requiring contractors and by extension, their service providers to demonstrate compliance with the federal standard NIST SP 800-171.
For many businesses, CMMC seemed like another layer of red tape. For us, it represented something deeper — a test of our operational maturity and a demonstration our commitment to be a trusted and secure resource for our clients.
CMMC required us to prove, not just promise, that we could protect Controlled Unclassified Information (CUI). It meant our internal practices, from access control to incident response, needed additional policy and process around them. It was not enough to do the right thing; we needed to document it as well.
Just like EOS, CMMC demanded structure, documentation, accountability, and leadership buy-in. We quickly realized: these two systems spoke the same language.
Two Frameworks, One Philosophy
On the surface, EOS and CMMC might seem worlds apart — one about business leadership, the other about cybersecurity compliance. But dig deeper, and the parallels are striking.
Both systems are built around the idea that maturity is measurable, and that discipline creates freedom. EOS gave us freedom from chaos by defining how we work. CMMC gave us freedom from risk by defining how we secure.
Both start with an honest assessment of the current state, a clear understanding of the framework to achieve the future ideal state, and the acknowledgment that it will take time, require documentation, and demand consistent review. Both are less about checking boxes and more about building habits that last. And most importantly, both depend on leadership.
The Stages of Growth: From Vision to Validation
Every business goes through stages: the energetic startup phase, the chaotic growth spurt, the systems-building phase, and eventually the phase of true operational maturity.
EOS calls this moving from Vision → Traction → Healthy. CMMC has leveled requirements and uses the Supplier Performance Risk System (SPRS), a system for tracking risk that produces a numeric score.
Both journeys are about transformation.
When we implemented EOS, our first focus was on vision clarity: what we wanted to be, who we served, and why we existed. That’s the same first step in a CMMC journey: defining what data, systems, users, and assets are in scope.
Next came measurement. EOS gave us Scorecards to track weekly results. CMMC requires continuous monitoring of security controls with results that can be documented on demand. In both cases, metrics replace assumptions.
Then came accountability. In EOS, each team member owns specific Rocks and KPIs. There are quarterly and weekly cadences and reviews. In CMMC, while responsibility is often shared between the contractor and any external service providers in a Customer Responsibility Matrix (CRM), the organization leads. An affirming official in the organization is required to attest that their compliance program is implemented and undergoes assessments and reviews.
And finally, review and improvement. EOS uses quarterly and annual sessions to reset and re-align. CMMC mandates annual self-assessments and third-party assessments every three years, with required evidence to back them. Both ensure that you don’t just achieve maturity once, you sustain it.
Maturity, whether organizational or compliance-related, is never a single event. It’s a lifestyle.
The Hidden Benefit: Culture
The deeper we got into both systems, the more we realized the connection wasn’t just procedural; it was cultural. Both EOS and CMMC drive clarity, and clarity builds trust.
When your team knows the vision and their role in achieving it, they feel empowered. When your clients know you can prove your security posture, they feel confident. In both cases, trust is earned through transparency.
EOS taught us to be transparent about goals and progress. CMMC taught us to be dogged about risk and protection. Together, they created an organization that doesn’t just talk about integrity — it operates with it.
Lessons for Leaders
If you’re a business leader reading this and thinking, “We could use some of that structure,” here are a few lessons we’ve learned along the way:
- Structure creates freedom. At first, EOS felt rigid. Then it became liberating. When everyone knows what matters most and understands how to work within the structure, people can innovate confidently within boundaries.
- Clarity builds trust — inside and out. Internally, EOS clarifies expectations. Externally, CMMC clarifies credibility. Both demonstrate to stakeholders — employees, clients, and partners — that your organization operates with integrity.
- You can’t outsource maturity. Whether it’s leadership or cybersecurity, no consultant can give you maturity. They can guide you, but your team must own the process.
- Culture eats compliance for breakfast. You can write policies all day long, but if your team doesn’t live them, they’re meaningless. EOS gave us a language of purpose and accountability; CMMC emphasized a security and process-driven mindset. Both only work when your people believe in them.
- Maturity is a mindset, not a milestone. No matter where you are on your compliance journey, or whether your Vision/Traction Organizer is perfect or still evolving, what matters most is the commitment to improvement. Progress, not perfection, is the goal.
The Outcome: A Stronger, More Resilient Company
Today, MNS Group is not just bigger — we’re stronger. We’ve seen how these systems reinforce one another. The discipline of EOS makes us better at cybersecurity and operational maturity, and the rigor of CMMC drives the necessity to use EOS. Together, they’ve created a rhythm of leadership and learning that sustains us.
In cybersecurity, we talk often about resilience — the ability to withstand and recover from disruption. But the same concept applies to business leadership. Resilience is built from preparation, consistency, and a shared sense of purpose. These programs, far from being “extra work,” have become the architecture of that resilience.
Leading Through Maturity
As leaders, it’s easy to chase growth and overlook maturity. Growth feels exciting; maturity sounds slow. But in reality, maturity is what allows growth to last. Ultimately, great leadership isn’t about being the loudest voice in the room; it’s about creating systems and cultures where there is alignment, processes are followed by all, and every person understands their purpose and can contribute toward the goal.
At MNS Group, we help other organizations achieve the same kind of maturity that transformed ours. Just as EOS provided us with structure and clarity, CMMC provides a roadmap for operational trust and accountability.
Our team partners with clients to build sustainable compliance programs. Through CMMC assessments, compliance program management, and secure enclave design, we guide organizations through the same disciplined process we use internally: assess honestly, act intentionally, and mature continuously.
In a world of complexity, both EOS and CMMC have shown us that maturity — operational, cultural, and technical — is the ultimate competitive advantage.
Special thanks to Gino Wickman, creator of the Entrepreneurial Operating System (EOS), for a framework that continues to inspire how we lead with clarity and purpose.
Don't forget to share this post!
