WashTech 2nd Annual CMMC Ecosystem Summit - Agenda
Register    ➤

Agenda

Times are subject to change.

8:00 AM EST Wednesday, November 08

9:05 AM EST Wednesday, November 08

Main Stage

Welcome

10 minutes
ON DEMAND
Nick Wakeman
Nick Wakeman
Editor-in-Chief
Washington Technology
Nick Wakeman
Nick Wakeman
Editor-in-Chief
Washington Technology
Read More
9:15 AM EST Wednesday, November 08

Keynote

CMMC: Where We Are and What to Expect

25 minutes
ON DEMAND
Matt Travis
Matt Travis
Chief Executive Officer
The Cyber AB
Matt Travis
Matt Travis
Chief Executive Officer
The Cyber AB
Read More
9:40 AM EST Wednesday, November 08

Underwriter

Carahsoft

Spotlight

Industry’s Evolution to Support CMMC and Reduce Supply Chain Risk

20 minutes
ON DEMAND

As we near the implementation of CMMC, Industry continually realigns itself to support the Defense Industrial Base and increase cyber resilience. The breadth and depth of offerings for advisory, managed services, and purpose-built technology platforms to enable CMMC compliance continues to grow. There are many challenges DIB organizations will have to solve and this growing variety of choice helps accelerate the CMMC journey. One key area of innovation has been GRC platforms tuned manage the CMMC lifecycle. From establishing a baseline, managing remediation efforts and certification assessments, and the ongoing management of cyber risk, GRC platforms provide great value for advisory organizations, managed providers, and Organizations Seeking Certification.

Alex Whitworth
Alex Whitworth
Sales Director
Carahsoft Technology Corp.
Robert Hill
Robert Hill
Founder & CEO
Cyturus Technologies, Inc.

As we near the implementation of CMMC, Industry continually realigns itself to support the Defense Industrial Base and increase cyber resilience. The breadth and depth of offerings for advisory, managed services, and purpose-built technology platforms to enable CMMC compliance continues to grow. There are many challenges DIB organizations will have to solve and this growing variety of choice helps accelerate the CMMC journey. One key area of innovation has been GRC platforms tuned manage the CMMC lifecycle. From establishing a baseline, managing remediation efforts and certification assessments, and the ongoing management of cyber risk, GRC platforms provide great value for advisory organizations, managed providers, and Organizations Seeking Certification.

Alex Whitworth
Alex Whitworth
Sales Director
Carahsoft Technology Corp.
Robert Hill
Robert Hill
Founder & CEO
Cyturus Technologies, Inc.
Read More
Carahsoft
10:00 AM EST Wednesday, November 08

Panel

The New Rule: What We Know and What's Next

40 minutes
ON DEMAND

The highly anticipated Title 32 rule that will govern CMMC  is under review at the Office of Management and Budget’s Office of Information and Regulatory Affairs, and could be released within days of this summit.  This expert panel will discuss the latest developments, the timeline for actual implementation and the near-term implications for the Defense Industrial Base.

Bob Metzger
Bob Metzger
Chair
Cybersecurity and Privacy Practice Group
Jack Wilmer
Jack Wilmer
Chief Executive Officer
Core4ce
Nick Wakeman
Nick Wakeman
Editor-in-Chief
Washington Technology

The highly anticipated Title 32 rule that will govern CMMC  is under review at the Office of Management and Budget’s Office of Information and Regulatory Affairs, and could be released within days of this summit.  This expert panel will discuss the latest developments, the timeline for actual implementation and the near-term implications for the Defense Industrial Base.

Bob Metzger
Bob Metzger
Chair
Cybersecurity and Privacy Practice Group
Jack Wilmer
Jack Wilmer
Chief Executive Officer
Core4ce
Nick Wakeman
Nick Wakeman
Editor-in-Chief
Washington Technology
Read More
10:40 AM EST Wednesday, November 08

10:55 AM EST Wednesday, November 08

Underwriter

Ascerca_SP6

Breakout Session

Minimizing the Burden of Security & Compliance with Automated Evidence Collection

15 minutes
ON DEMAND

Automated security and compliance evaluation through real-time analytics and continuous monitoring reduces the burden of attaining and maintaining compliance by over 50%. By automating DFARS and CMMC, along with other NIST compliance efforts, we enable the Defense Industrial Base (DIB), critical infrastructure organizations, and other forward-looking organizations to strengthen their compliance and security posture.

Jim Barge
Jim Barge
CEO and Founding Partner
SP6
George Perezdiaz
George Perezdiaz
Practice Leader, Cyber Risk and Compliance
SP6

Automated security and compliance evaluation through real-time analytics and continuous monitoring reduces the burden of attaining and maintaining compliance by over 50%. By automating DFARS and CMMC, along with other NIST compliance efforts, we enable the Defense Industrial Base (DIB), critical infrastructure organizations, and other forward-looking organizations to strengthen their compliance and security posture.

Jim Barge
Jim Barge
CEO and Founding Partner
SP6
George Perezdiaz
George Perezdiaz
Practice Leader, Cyber Risk and Compliance
SP6
Read More
Ascerca_SP6
10:55 AM EST Wednesday, November 08

Underwriter

Red Hat

Breakout Session

The View of CMMC from One Corner of the DoD Defense Industrial Base

15 minutes
ON DEMAND

What is it like to be part of the defense industrial base (DIB) but with a huge worldwide set of customers, partners, and integrators that you work with? CMMC is born of legitimate concerns about the cyber security for the DIB. The supply chain represents an enormous, complex variety of products, partners, integrators and other providers. We're going to examine some of the requirements that have flowed down and from the perspective of a technology and IT provider and vendor that services the DoD. We'll go into the impacts, how we are handling and processes the application of CMMC to our environments, how it overlaps with existing & continuous efforts to improve our cyber posture. We'll also look at where commonalities lie and can be leveraged with other efforts around supply chain and security to improve the state of the art for all.

John Dvorak
John Dvorak
Chief Technology Officer, North America Public
Red Hat

What is it like to be part of the defense industrial base (DIB) but with a huge worldwide set of customers, partners, and integrators that you work with? CMMC is born of legitimate concerns about the cyber security for the DIB. The supply chain represents an enormous, complex variety of products, partners, integrators and other providers. We're going to examine some of the requirements that have flowed down and from the perspective of a technology and IT provider and vendor that services the DoD. We'll go into the impacts, how we are handling and processes the application of CMMC to our environments, how it overlaps with existing & continuous efforts to improve our cyber posture. We'll also look at where commonalities lie and can be leveraged with other efforts around supply chain and security to improve the state of the art for all.

John Dvorak
John Dvorak
Chief Technology Officer, North America Public
Red Hat
Read More
Red Hat
10:55 AM EST Wednesday, November 08

Underwriter

Google Cloud

Breakout Session

Securing the Future: Google Cloud's AI-Powered Approach to Security and Compliance

15 minutes
ON DEMAND

In today's data-driven world, the need for robust cybersecurity measures is more critical than ever. In this breakout session, attendees will learn how Google Cloud's comprehensive security solutions can help their organizations achieve and maintain CMMC compliance. We will review Google Cloud's commitment to security and Responsible AI in the public sector. We will also discuss how Google Cloud's security solutions help public sector entities protect sensitive data while ensuring that your AI projects are aligned with your ethical and compliance obligations.

Matt Ashton
Matt Ashton
Partner, Solutions Engineer
Google Cloud

In today's data-driven world, the need for robust cybersecurity measures is more critical than ever. In this breakout session, attendees will learn how Google Cloud's comprehensive security solutions can help their organizations achieve and maintain CMMC compliance. We will review Google Cloud's commitment to security and Responsible AI in the public sector. We will also discuss how Google Cloud's security solutions help public sector entities protect sensitive data while ensuring that your AI projects are aligned with your ethical and compliance obligations.

Matt Ashton
Matt Ashton
Partner, Solutions Engineer
Google Cloud
Read More
Google Cloud
11:10 AM EST Wednesday, November 08

11:20 AM EST Wednesday, November 08

Breakout Session

Legal Considerations

25 minutes
ON DEMAND

In this session, attorney Michael Gruden joins Washington Technology for a closer look at the legal considerations and associated risks of working in CMMC. Topics include risk assessment and management, supply chain considerations, and working with the defense industrial base on proper cloud service and FEDRAMP certification.

Michael Gruden
Michael Gruden
Counsel
Crowell & Moring LLP

In this session, attorney Michael Gruden joins Washington Technology for a closer look at the legal considerations and associated risks of working in CMMC. Topics include risk assessment and management, supply chain considerations, and working with the defense industrial base on proper cloud service and FEDRAMP certification.

Michael Gruden
Michael Gruden
Counsel
Crowell & Moring LLP
Read More
11:20 AM EST Wednesday, November 08

Breakout Session

What to Expect in CMMC L3: Breaking Down NIST 800-172 from an Assessor's Perspective

25 minutes
ON DEMAND

With CMMC rulemaking progressing and the pending draft CMMC documentation updates, the CMMC ecosystem is learning what may come with CMMC L3 based on NIST 800-172. In this session, Schellman CMMC Practice Leaders and SMEs Marci Womack and Tim Walsh will provide the assessor's perspective on the 172 requirements, what assessors will be looking for from OSCs when assessing the requirements, considerations for testing, and potentially impactful new requirements to be prepared for.

Marci Womack
Marci Womack
Director, Federal Practice
Schellman
Tim Walsh
Tim Walsh
Manager, Federal Practice
Schellman

With CMMC rulemaking progressing and the pending draft CMMC documentation updates, the CMMC ecosystem is learning what may come with CMMC L3 based on NIST 800-172. In this session, Schellman CMMC Practice Leaders and SMEs Marci Womack and Tim Walsh will provide the assessor's perspective on the 172 requirements, what assessors will be looking for from OSCs when assessing the requirements, considerations for testing, and potentially impactful new requirements to be prepared for.

Marci Womack
Marci Womack
Director, Federal Practice
Schellman
Tim Walsh
Tim Walsh
Manager, Federal Practice
Schellman
Read More
11:20 AM EST Wednesday, November 08

Breakout Session

Coaching to Operationalize Your CMMC Program

25 minutes
ON DEMAND
Tony Buenger (CCISO, CISSP, CISM, CGEIT)
Tony Buenger (CCISO, CISSP, CISM, CGEIT)
Vice President, Cyber Advisory Services
SecureStrux, LLC
Tony Buenger (CCISO, CISSP, CISM, CGEIT)
Tony Buenger (CCISO, CISSP, CISM, CGEIT)
Vice President, Cyber Advisory Services
SecureStrux, LLC
Read More
11:45 AM EST Wednesday, November 08

11:55 AM EST Wednesday, November 08

Breakout Session

Supply Chain Risk from the Prime's Perspective

25 minutes
ON DEMAND

A perspective on the importance of understanding the risks in your supply chain, what are the right questions to ask, how to conduct surveys or otherwise understand their CMMC readiness, and share examples. This will include sharing summary information about JCFS' survey results.

Amit Reizes, P.E., CISSP, MBA
Amit Reizes, P.E., CISSP, MBA
Director - Information Technology Security & Compliance
Johnson Controls Federal Systems
Matt Gilbert, CISA, CRISC
Matt Gilbert, CISA, CRISC
Principal
Baker Tilly

A perspective on the importance of understanding the risks in your supply chain, what are the right questions to ask, how to conduct surveys or otherwise understand their CMMC readiness, and share examples. This will include sharing summary information about JCFS' survey results.

Amit Reizes, P.E., CISSP, MBA
Amit Reizes, P.E., CISSP, MBA
Director - Information Technology Security & Compliance
Johnson Controls Federal Systems
Matt Gilbert, CISA, CRISC
Matt Gilbert, CISA, CRISC
Principal
Baker Tilly
Read More
11:55 AM EST Wednesday, November 08

Breakout Session

Vetting your MSPs

25 minutes
ON DEMAND

Join us for a session dedicated to helping Organizations Seeking Certification (OSCs) make well-informed decisions when vetting Managed Service Providers (MSPs) for their CMMC requirements.

Read More
Dr. Thomas Graham, CISSP, MBA, CCA/PI
Dr. Thomas Graham, CISSP, MBA, CCA/PI
VP and CISO
Redspin
Tara Lemiuex, PA/PI/CCP/CCA/ISO
Tara Lemiuex, PA/PI/CCP/CCA/ISO
Lead Auditor, CMMC Consultant
Redspin

Join us for a session dedicated to helping Organizations Seeking Certification (OSCs) make well-informed decisions when vetting Managed Service Providers (MSPs) for their CMMC requirements.

During this session, we'll share best practices for MSP selection and offer insights into the crucial questions you should pose during the vetting process. We'll also explore how to assess MSP capabilities, including incident response and data protection, providing you with actionable guidance to ensure secure data management.

By the session's conclusion, you'll be fully equipped to confidently choose an MSP that aligns with your organization's CMMC goals and objectives, ensuring a successful partnership.

Dr. Thomas Graham, CISSP, MBA, CCA/PI
Dr. Thomas Graham, CISSP, MBA, CCA/PI
VP and CISO
Redspin
Tara Lemiuex, PA/PI/CCP/CCA/ISO
Tara Lemiuex, PA/PI/CCP/CCA/ISO
Lead Auditor, CMMC Consultant
Redspin
Read More
12:20 PM EST Wednesday, November 08

1:00 PM EST Wednesday, November 08

Underwriter

The Cyber AB

Main Stage

Understanding CUI, FCI, and ITAR

20 minutes
ON DEMAND

In this session, Matt Travis, CEO of The Cyber AB, will address some of the common misperceptions about CUI, FCI, and ITAR and what both industry and government needs to do on this front in order to enable CMMC success.

Matt Travis
Matt Travis
Chief Executive Officer
The Cyber AB

In this session, Matt Travis, CEO of The Cyber AB, will address some of the common misperceptions about CUI, FCI, and ITAR and what both industry and government needs to do on this front in order to enable CMMC success.

Matt Travis
Matt Travis
Chief Executive Officer
The Cyber AB
Read More
The Cyber AB
1:20 PM EST Wednesday, November 08

Main Stage

CMMC for the Small Business

25 minutes
ON DEMAND

Helping small business get beyond the fear, uncertainty, and doubt (FUD) to understand CMMC and set realistic expectations.

Read More
Emery Csulak
Emery Csulak
vCISO and Director of Cybersecurity Compliance
Boston Government Services, LLC (BGS)

Helping small business get beyond the fear, uncertainty, and doubt (FUD) to understand CMMC and set realistic expectations.

  • Learn to understand the complexity of CMMC without getting bogged down in details.
  • Translating compliance-focused language around controls/objectives to pragmatic answer.
  • Scaling solutions to a less than 10-person business.
  • Pacing yourself to avoid burnout and giving up.

Sharing lessons learned from working with over a dozen small business this year.

Emery Csulak
Emery Csulak
vCISO and Director of Cybersecurity Compliance
Boston Government Services, LLC (BGS)
Read More
1:45 PM EST Wednesday, November 08

Underwriter

Summit 7 Systems

Main Stage

CMMC Enclaves: Will They Work for My Company?

15 minutes
ON DEMAND

Join Daniel Akridge to explore the most common questions that need to be answered to determine if a CMMC Enclave is a good fit for your organization.

Daniel Akridge
Daniel Akridge
Director of Engagement
Summit 7 Systems

Join Daniel Akridge to explore the most common questions that need to be answered to determine if a CMMC Enclave is a good fit for your organization.

Daniel Akridge
Daniel Akridge
Director of Engagement
Summit 7 Systems
Read More
Summit 7 Systems
2:00 PM EST Wednesday, November 08

Main Stage

Leveraging CMMC for Maximum Value

25 minutes
ON DEMAND

CMMC preparation is not in a silo, nor is it a sunk cost.  Many CMMC requirements overlap with other compliance regimes, so meeting them can kill two -- or more -- birds with one stone. This session will explain how CMMC provides value beyond its core scope of securely doing business with DOD.

Don MacLean
Don MacLean
Independent
Consultant

CMMC preparation is not in a silo, nor is it a sunk cost.  Many CMMC requirements overlap with other compliance regimes, so meeting them can kill two -- or more -- birds with one stone. This session will explain how CMMC provides value beyond its core scope of securely doing business with DOD.

Don MacLean
Don MacLean
Independent
Consultant
Read More
2:25 PM EST Wednesday, November 08

2:45 PM EST Wednesday, November 08

Main Stage

Go ahead. Click on it

20 minutes
ON DEMAND

Every purchase decision is a security decision. HP makes the world’s most secure PCs, and I can tell you how.

Andy Levitt
Andy Levitt
Security Sales Principal
HP Inc.

Every purchase decision is a security decision. HP makes the world’s most secure PCs, and I can tell you how.

Andy Levitt
Andy Levitt
Security Sales Principal
HP Inc.
Read More
3:05 PM EST Wednesday, November 08

Main Stage

SP 800-171 (rev 3)

30 minutes
ON DEMAND

NIST Special Publication 800-171 plays a foundational role in the CMMC Ecosystem, and the latest revision – currently in Initial Public Draft stage – is a road map for how organizations should approach their controlled unclassified information.  This conversation with NIST leaders will detail the most important guidelines in SP 800-171 for organizations looking to lay the groundwork for CMMC certification. 

Victoria Yan Pillitteri
Victoria Yan Pillitteri
Manager, Security Engineering & Risk Management Group
NIST
Troy Schneider
Troy Schneider
President
GovExec 360

NIST Special Publication 800-171 plays a foundational role in the CMMC Ecosystem, and the latest revision – currently in Initial Public Draft stage – is a road map for how organizations should approach their controlled unclassified information.  This conversation with NIST leaders will detail the most important guidelines in SP 800-171 for organizations looking to lay the groundwork for CMMC certification. 

Victoria Yan Pillitteri
Victoria Yan Pillitteri
Manager, Security Engineering & Risk Management Group
NIST
Troy Schneider
Troy Schneider
President
GovExec 360
Read More
3:35 PM EST Wednesday, November 08

Main Stage

Closing Remarks

10 minutes
ON DEMAND
Nick Wakeman
Nick Wakeman
Editor-in-Chief
Washington Technology
Nick Wakeman
Nick Wakeman
Editor-in-Chief
Washington Technology
Read More
3:45 PM EST Wednesday, November 08

Post Event Reception

Networking Reception

2 hours