Agenda

As we near the implementation of CMMC, Industry continually realigns itself to support the Defense Industrial Base and increase cyber resilience. The breadth and depth of offerings for advisory, managed services, and purpose-built technology platforms to enable CMMC compliance continues to grow. There are many challenges DIB organizations will have to solve and this growing variety of choice helps accelerate the CMMC journey. One key area of innovation has been GRC platforms tuned manage the CMMC lifecycle. From establishing a baseline, managing remediation efforts and certification assessments, and the ongoing management of cyber risk, GRC platforms provide great value for advisory organizations, managed providers, and Organizations Seeking Certification.

Alex Whitworth

Sales Director
Carahsoft Technology Corp.

Robert Hill

Founder & CEO
Cyturus Technologies, Inc.

The highly anticipated Title 32 rule that will govern CMMC  is under review at the Office of Management and Budget’s Office of Information and Regulatory Affairs, and could be released within days of this summit.  This expert panel will discuss the latest developments, the timeline for actual implementation and the near-term implications for the Defense Industrial Base.

Bob Metzger

Chair
Cybersecurity and Privacy Practice Group

Jack Wilmer

Chief Executive Officer
Core4ce

Nick Wakeman

Editor-in-Chief
Washington Technology

Automated security and compliance evaluation through real-time analytics and continuous monitoring reduces the burden of attaining and maintaining compliance by over 50%. By automating DFARS and CMMC, along with other NIST compliance efforts, we enable the Defense Industrial Base (DIB), critical infrastructure organizations, and other forward-looking organizations to strengthen their compliance and security posture.

Jim Barge

CEO and Founding Partner
SP6

George Perezdiaz

Practice Leader, Cyber Risk and Compliance
SP6

In today's data-driven world, the need for robust cybersecurity measures is more critical than ever. In this breakout session, attendees will learn how Google Cloud's comprehensive security solutions can help their organizations achieve and maintain CMMC compliance. We will review Google Cloud's commitment to security and Responsible AI in the public sector. We will also discuss how Google Cloud's security solutions help public sector entities protect sensitive data while ensuring that your AI projects are aligned with your ethical and compliance obligations.

Matt Ashton

Partner, Solutions Engineer
Google Cloud

What is it like to be part of the defense industrial base (DIB) but with a huge worldwide set of customers, partners, and integrators that you work with? CMMC is born of legitimate concerns about the cyber security for the DIB. The supply chain represents an enormous, complex variety of products, partners, integrators and other providers. We're going to examine some of the requirements that have flowed down and from the perspective of a technology and IT provider and vendor that services the DoD. We'll go into the impacts, how we are handling and processes the application of CMMC to our environments, how it overlaps with existing & continuous efforts to improve our cyber posture. We'll also look at where commonalities lie and can be leveraged with other efforts around supply chain and security to improve the state of the art for all.

John Dvorak

Chief Technology Officer, North America Public
Red Hat

With CMMC rulemaking progressing and the pending draft CMMC documentation updates, the CMMC ecosystem is learning what may come with CMMC L3 based on NIST 800-172. In this session, Schellman CMMC Practice Leaders and SMEs Marci Womack and Tim Walsh will provide the assessor's perspective on the 172 requirements, what assessors will be looking for from OSCs when assessing the requirements, considerations for testing, and potentially impactful new requirements to be prepared for.

Marci Womack

Director, Federal Practice
Schellman

Tim Walsh

Manager, Federal Practice
Schellman

In this session, attorney Michael Gruden joins Washington Technology for a closer look at the legal considerations and associated risks of working in CMMC. Topics include risk assessment and management, supply chain considerations, and working with the defense industrial base on proper cloud service and FEDRAMP certification.

Michael Gruden

Counsel
Crowell & Moring LLP

A perspective on the importance of understanding the risks in your supply chain, what are the right questions to ask, how to conduct surveys or otherwise understand their CMMC readiness, and share examples. This will include sharing summary information about JCFS' survey results.

Amit Reizes, P.E., CISSP, MBA

Director - Information Technology Security & Compliance
Johnson Controls Federal Systems

Matt Gilbert, CISA, CRISC

Principal
Baker Tilly

Join us for a session dedicated to helping Organizations Seeking Certification (OSCs) make well-informed decisions when vetting Managed Service Providers (MSPs) for their CMMC requirements.

During this session, we'll share best practices for MSP selection and offer insights into the crucial questions you should pose during the vetting process. We'll also explore how to assess MSP capabilities, including incident response and data protection, providing you with actionable guidance to ensure secure data management.

By the session's conclusion, you'll be fully equipped to confidently choose an MSP that aligns with your organization's CMMC goals and objectives, ensuring a successful partnership.

Dr. Thomas Graham, CISSP, MBA, CCA/PI

VP and CISO
Redspin

Tara Lemiuex, PA/PI/CCP/CCA/ISO

Lead Auditor, CMMC Consultant
Redspin

In this session, Matt Travis, CEO of The Cyber AB, will address some of the common misperceptions about CUI, FCI, and ITAR and what both industry and government needs to do on this front in order to enable CMMC success.

Matt Travis

Chief Executive Officer
The Cyber AB

Helping small business get beyond the fear, uncertainty, and doubt (FUD) to understand CMMC and set realistic expectations.

• Learn to understand the complexity of CMMC without getting bogged down in details.
• Translating compliance-focused language around controls/objectives to pragmatic answer.
• Scaling solutions to a less than 10-person business.
• Pacing yourself to avoid burnout and giving up.

Sharing lessons learned from working with over a dozen small business this year.

Emery Csulak

vCISO and Director of Cybersecurity Compliance
Boston Government Services, LLC (BGS)

Join Daniel Akridge to explore the most common questions that need to be answered to determine if a CMMC Enclave is a good fit for your organization.

Daniel Akridge

Director of Engagement
Summit 7 Systems

CMMC preparation is not in a silo, nor is it a sunk cost.  Many CMMC requirements overlap with other compliance regimes, so meeting them can kill two -- or more -- birds with one stone. This session will explain how CMMC provides value beyond its core scope of securely doing business with DOD.

Don MacLean

Independent
Consultant

Every purchase decision is a security decision. HP makes the world’s most secure PCs, and I can tell you how.

Andy Levitt

Security Sales Principal
HP Inc.

NIST Special Publication 800-171 plays a foundational role in the CMMC Ecosystem, and the latest revision – currently in Initial Public Draft stage – is a road map for how organizations should approach their controlled unclassified information.  This conversation with NIST leaders will detail the most important guidelines in SP 800-171 for organizations looking to lay the groundwork for CMMC certification. 

Victoria Yan Pillitteri

Manager, Security Engineering & Risk Management Group
NIST

Troy Schneider

President
GovExec 360