Protect Your DoD Contracts.
Stay Compliant.
Keep Winning.
Hawaii's only flat-rate CMMC Level 2 consulting service built for small businesses in the Defense Industrial Base. No hourly billing. No surprises. A dedicated compliance management platform is included in every engagement.
CMMC 2.0 Is No Longer Optional
The DoD began phased CMMC enforcement on November 10, 2025. If your company handles Controlled Unclassified Information (CUI) and bids on DoD contracts, compliance is now a condition of doing business — not a future consideration.
Level 1 & 2 self-assessments required in new DoD contracts. SPRS score submission mandatory.
C3PAO third-party assessments required for prioritized acquisitions. Non-compliant contractors risk contract loss.
Full CMMC program rollout. All DoD contractors handling CUI must be certified.
Comprehensive CMMC Level 2 Services
Every Thynk Cyber engagement is built around a managed compliance program — not a one-time report. We stay with you from initial gap assessment through certification and beyond.
Gap Assessment & Roadmap
We evaluate your current security posture against all 110 NIST SP 800-171 controls, calculate your SPRS score, and deliver a prioritized remediation roadmap.
Compliance Management Platform
Every engagement includes access to a purpose-built CMMC compliance platform with AI-assisted evidence mapping, POA&M tracking, and audit-ready reporting.
SSP & Policy Development
We author your System Security Plan (SSP) and all required policies and procedures, customized to your specific environment and operations.
C3PAO Assessment Prep
We coordinate with Certified Third-Party Assessment Organizations, conduct pre-assessment readiness reviews, and guide you through the formal assessment process.
Incident Response Planning
We develop your incident response plan, conduct annual tabletop exercises, and provide priority support when security events occur.
Fractional vCISO Services
Our top-tier clients receive executive-level cybersecurity leadership — strategic guidance, board briefings, vendor risk assessments, and supply chain oversight.
Security Awareness Training
We run your entire security awareness training program — phishing simulations, role-based training modules, compliance tracking, and annual reporting required by NIST SP 800-171.
Three Tiers. One Mission.
We offer three service tiers scaled to the size and complexity of your organization. All tiers are flat monthly subscriptions — no hourly billing, no surprise invoices. Contact us to discuss which tier fits your needs and to receive a custom quote.
Security Awareness Training Program
Upgrade your Tier 1 plan with a fully managed security awareness training program — phishing simulations, role-based training modules, compliance tracking, and annual reporting. Required by NIST SP 800-171 and a key factor in CMMC assessments.
Included at no extra cost in Tier 2 & Tier 3 plans.
Charissa Wong
Founder & Principal Consultant, Thynk Cyber
Cybersecurity has never just been about technology to me — it's about protecting people, businesses, and the trust they work hard to build.
Born and raised in Hawaii and a proud graduate of Kamehameha Schools, I understand how closely our local businesses, communities, and relationships are connected. That connection is one of the reasons I founded Thynk Cyber: to help Hawaii businesses strengthen their cybersecurity posture in a way that respects their culture, people, and operational realities.
With more than 20 years of leadership and technology experience, I've built my career helping organizations navigate cybersecurity, compliance, operational risk, and emerging technologies in ways that are practical and understandable. My background spans IT leadership, security management, governance, security awareness training, incident response, and regulatory compliance across industries including architecture, engineering, healthcare, and defense contracting.
I believe cybersecurity programs are most effective when they support the business instead of slowing it down. My goal is to help organizations reduce risk, meet evolving requirements, and build sustainable security programs that fit how they actually work.
"In addition to consulting, I actively support Hawaii's technology and cybersecurity community. I currently serve as Vice President of the CIO Council of Hawaii and previously served as President of ISC2 Hawaii. Through the CIO Council of Hawaii, I helped start the Women in IT Leadership mixers to bring women together for mentorship, connection, and shared support — no matter where they are in their leadership journey. I also helped launch the Girls in Cyber program with Kamehameha Schools to introduce cybersecurity education and online safety to students across Hawaii."
My work today focuses heavily on helping organizations prepare for evolving cybersecurity requirements, including CMMC Level 2 readiness, security awareness programs, Microsoft 365 security, AI governance, and overall cybersecurity strategy. I recently earned the Certified CMMC Professional (CCP) certification, making me one of the few professionals in Hawaii to achieve this designation.
Whether working with executive leadership, IT teams, or small business owners, my goal is always the same: provide honest guidance, reduce risk, and help Hawaii businesses protect what they have worked so hard to build.
From Gap to Certified in Four Steps
Free Gap Assessment
We conduct a complimentary 30-minute review of your current security posture and identify your CMMC compliance gaps.
Compliance Platform Onboarding
We configure your dedicated compliance portal, map your assets, and establish your compliance baseline within the platform.
Remediation Roadmap
We deliver a prioritized action plan addressing your gaps, with clear timelines and responsibilities for each control.
Ongoing Management
We manage your compliance program monthly — tracking POA&Ms, updating evidence, and preparing you for assessment.
Schedule Your Free Gap Assessment
Not sure where you stand on CMMC compliance? We offer a complimentary 30-minute gap assessment to help you understand your current posture and which service tier is the right fit for your organization. Reach out and we'll respond within one business day.
Ready to Get Compliant?
Send us an email and tell us about your organization, your DoD contracts, and where you are in your CMMC journey. We'll respond within one business day with a recommended path forward.
Opens your email client · We respond within one business day
What to include in your email
- Your company name and number of employees
- The type of DoD contract(s) you hold or are pursuing
- Whether you handle Controlled Unclassified Information (CUI)
- Your current SPRS score (if known)