Securing the Supply Chain and Managing Modern Cyber Threats

Pick up your badge and enjoy networking with your peers!

Washington Technology will kick off day by introducing our 1st speaker and setting the stage for today’s discussions.

As CMMC shifts from policy framework to acquisition reality, agencies and contractors are beginning to see how requirements will be enforced in solicitations, evaluations, and contract performance. This session will provide an update on the Phase 1 rollout, how CMMC is being integrated into acquisition and program oversight, and what early implementation is revealing about readiness across the defense industrial base. Hon. Kirsten Davies, CIO at the Department of War, will outline what organizations should prioritize now to prepare for Phase 2, align internal stakeholders, and reduce friction between security, contracting, and mission teams.

With ISACA now managing CMMC assessor certifications, contractors and assessors alike are adapting to a new landscape. During this session, Todd Gagnon from ISACA will examine how assessor credentialing, training pathways, and quality assurance processes are evolving, and what those changes mean for contractors planning for certification. This session will also address assessor capacity, market readiness, and practical steps organizations can take to position themselves for successful assessments amid growing demand.

Protecting the defense industrial base depends on more than policy; it requires organizations to implement CMMC across every level of operations. This session will feature practitioners and industry leaders sharing real-world lessons from early implementation efforts, including scoping and boundary definition, control prioritization, tooling versus process decisions, and managing cost and timeline expectations. Speakers will discuss common pitfalls, proven approaches, and how organizations can build sustainable cybersecurity programs that strengthen security posture while supporting mission delivery. 

As cybersecurity requirements expand beyond the Pentagon, civilian agencies are developing their own frameworks that mirror CMMC. This conversation will explore how agencies are approaching Controlled Unclassified Information (CUI) protection, vendor risk management, and supply chain security. Speakers will discuss where priorities are converging, what contractors should expect in future solicitations, and how organizations can build a unified approach that supports both markets.