Taylor Turning Case Study: DoD Manufacturer Gets Compliant with STACK Cybersecurity

Executive Summary

Taylor Turning, a precision manufacturer in Wixom, Michigan, sought more than standard IT support. They needed a strategic partner to help build a secure, scalable IT infrastructure while addressing immediate cybersecurity concerns. Then they realized they also needed help with Cybersecurity Maturity Model Certification (CMMC) for their defense contracts. This case study examines how STACK Cybersecurity delivered comprehensive solutions that enabled Taylor Turning to focus on manufacturing while ensuring their IT systems remained secure and reliable.

STACK Cybersecurity provides full-service IT help desk and cybersecurity solutions to Taylor Turning since the manufacturer has no dedicated IT staff.

As a small precision machining company that supplies parts to defense contractors, Taylor Turning manages Federal Contract Information (FCI). As such, CMMC Level 1, which covers basic cyber hygiene practices, is required to continue doing business with the Department of Defense. FCI is defined as information not intended for public release that is provided by or generated for the government under a contract to develop or deliver a product or service to the government.

The manufacturer's primary compliance objective was to protect their data and meet the 15 baseline security practices defined by FAR 52.204-21 (the federal rule for basic safeguarding of contractor information).

Austin Ritz

Operations Manager, Taylor Turning

From day one, they have made us feel incredibly safe and supported in all our IT needs. They are not just a service provider but a partner who truly cares about our business.

Background

Taylor Turning recognized the importance of not only addressing current cybersecurity needs but also laying the groundwork for long-term IT resilience. Rather than settling for a transactional vendor relationship, they sought a strategic partner, one that could evolve with their business. That partner became STACK Cybersecurity.

As their IT, cybersecurity, and compliance manager, STACK Cybersecurity managed the CMMC project, starting with a comprehensive security assessment. This included network vulnerability scans, policy reviews, and interviews to gauge current practices.

The results showed gaps in basic controls. For example, the initial scan of 10 assets found 524 security vulnerabilities (307 high-risk, 179 medium, etc.) – a typical situation when systems haven’t been rigorously maintained. Many PCs lacked updates and one had no encryption, and weak passwords were common.

An authorized CMMC Registered Practitioner Organization (RPO), STACK Cybersecurity created a remediation roadmap not just to report problems but to fix them. Over about six months, STACK worked side by side with Austin to close every major gap identified. This meant applying patches, updating configurations, deploying security tools, and customizing policy templates.

From the outset, the partnership was rooted in trust, transparency, and a shared vision for sustainable growth. Austin spearheaded Taylor Turning’s CMMC Level 1 compliance project internally, coordinating policy updates, technical changes, and employee training with STACK’s support.

"Don’t be paralysed by the scope of cybersecurity and compliance challenges," advises Rich Miller, Founder and CEO of STACK Cybersecurity. "Start with the basics, and seek help where needed. Many manufacturers are still running on outdated, insecure systems, a majority have been slow to make improvements due to cost or misunderstandings. But Taylor Turning’s experience shows that with management commitment, employee engagement, and the support of security professionals, even a firm with antiquated equipment can transform its cybersecurity baseline markedly for the better.

In short order, STACK reduced the vulnerability count from 524 to just 85. All critical and the majority of medium findings were resolved – a huge improvement in network security. Then they implemented full disk encryption on 90% of devices (up from only 18% initially), leaving only one older machine unencrypted due to a hardware limitation (no TPM). This eliminated a major data protection risk. Then they rolled out a password manager and enforced stronger credentials. within a month, not one user had a weak password; all employees moved to authenticated password vaults.

Then STACK delivered security awareness training to all staff. Everyone completed training, and phishing simulations saw zero clicks on dummy phishing emails, demonstrating real cyber hygiene improvements.

"As the client, I especially appreciated the project management structure," Austin said. "STACK helped prioritize tasks, set up weekly check-ins, and provided a tracker for all CMMC requirements. We had a “CMMC Tracker” that listed each required control and its status. I was the owner for many items on that list, and we’d mark them off one by one as needs were met.

To highlight one concrete outcome: Taylor Turning had a policy gap for media sanitization. With STACK’s help, they drafted a Secure Media Destruction Policy that outlines how to destroy USB drives, hard disks, etc., according to CMMC L1 standards. That was a compliance checkbox, but also a cultural change. Now everyone knows old storage devices must be properly destroyed.

TThis compliance project was a great example of collaboration. Austin took charge of internal tasks (like policy adoption and getting leadership buy-in), while their outsourced IT provider offered technical muscle and expert guidance. In the end, the project team remediated all identified high-risk security gaps, and Taylor Turning met every CMMC Level 1 practice. The improvement was evident in their quarterly security report: their overall security posture score moved from “C” (average) to “A/B” range in multiple categories after this project.

By hiring and trusting STACK Cybersecurity to manage the manufacturer's IT, cybersecurity, and compliance, Taylor Turning went from vulnerable to a much safer state by focusing on cyber hygiene. And that’s what Level 1 is all about, with practices such as using antivirus, strong passwords, access controls, backups, and user training.

What Taylor Turning achieved is proof small manufacturers can dramatically improve security without enormous budgets. Basic steps matter. Note up to 90% of cyber attacks can be thwarted by employing basic measures.

“From our perspective, Taylor Turning’s success is a great case study, Miller said. "It demonstrates that remediation-focused compliance works. In fact, our blog about becoming a CMMC RPO highlights we not only assess but also remediate issues. We’ve shown even a small manufacturer with no IT can reach compliance with dedicated, outsourced support."

The takeaway for any firm in the defense industrial base is clear: start strengthening your cyber hygiene now. Every improvement is a step toward compliance and a step toward safeguarding your business and the broader ecosystem As the saying goes, “security is a journey, not a destination,” and CMMC Level 1 can be the first milestone on that journey.

About STACK Cybersecurity

STACK Cybersecurity provides comprehensive IT security solutions designed specifically for growing businesses. With a focus on proactive protection, strategic partnership, and exceptional service, STACK Cybersecurity helps clients transform their security posture while enabling their business objectives. STACK Cyber is a CMMC Registered Practitioner Organization, or RPO.

For more information on how STACK Cybersecurity can help your organization achieve operational excellence through proactive IT security, contact our team today.