Issue link: https://iconnect007.uberflip.com/i/1491409
16 SMT007 MAGAZINE I FEBRUARY 2023 the engineering—that's when we hand it off to Carson City to make it very smooth. Everyone that we've hired at Carson City has needed to be trained; it's not like they have a ready labor pool for PCBs in Carson City . It really is a different mentality in Carson City compared to the Bay Area. When we opened the Carson City facility, for exam- ple, we posted our job openings using the title "SMT operator" in the job description. Nobody applied. So, we changed the job title to "machine operator" and said we would pro- vide training. We got 100 applicants. No one knew what an SMT machine was, so it's been a bit of a learning curve. Johnson: Michael, you have a staff in India, and you have two facilities in the U.S., so where does cybersecurity fit into all this? You must do a lot of communicating with regard to elec- tronics, which means balancing IP risks. I'm sure you have clients that are very careful about their IP. Kottke: You're right, cybersecurity is a big con- cern. Because our IT group is doing prelimi- nary work for NIST, we did a cybersecurity audit and, overall, we did really well. ere are areas to improve, but the auditors were impressed with our level of security. at has a lot to do with the Voyager soware, but it con- trols who can see specific documents. anks to Voyager, we are extremely good at navigat- ing that kind of scenario. Johnson: Was that audit for CMMC compli- ance? Kottke: Yes, the assessment was for CMMC L e vel 2. I think May 2023 i s the dead- line for compliance, but this audit says we're ready. ankfully, my security/IT guy is very paranoid. Johnson: at's a good trait for that job. Kottke: It is, right? If he walks around with a tin- foil hat and covers his phone in a Faraday cage bag, then you've got the right guy (laughs). We're constantly going through different sce- narios and upgrades; I would say at least once a year he breaks something by making it too secure. Johnson: Obviously, you see cybersecurity and the CMMC certifications as important to your business. It follows that, given the kinds of cus- tomers you're talking to, it's important to them as well. Have any of them been pushing you to do this? Kottke: We've had three or four that have been gently nudging us. Luckily, we've been ahead of most of the requirements they've asked for, which has been cool. We have two custom- ers that want to engage with us in May, but for the most part, we've done pretty good on our security audits. I expect that we will get much better in Q1 and Q2 of 2023. Johnson: Is it fair to say that pursuing these security audits and your audit results are help- ing you win new business? Kottke: I wouldn't say that exactly, but it is helping us secure our business. at goes back to what you asked earlier about sales and mar- keting. We're not winning business because we market our security levels. We'll engage with a potential customer, and usually we start at the NPI level. Once they see our service and qual- ity, they start exploring projects with us. at's when the customer starts pulling in their secu- rity people and running audits. No one knew what an SMT machine was, so it's been a bit of a learning curve.