Controlled Unclassified Information (CUI) Conference
(#cui-con)
The goal of CUI-CON is to prepare DoD Contractors for Cybersecurity Maturity Model Certification
What is driving this?
The DoD will implement its Cybersecurity Maturity Model Certification (CMMC) program beginning ~May 2023. The CMMC Program will require Defense Contractors to be certified to keep working for DoD.
CUI-CON Feb 2023 Speakers
Mr. Buddy Dees serves as the Director, Cybersecurity Maturity Model Certification (CMMC) Program, Office of the Deputy Chief Information Officer for Cybersecurity, Office of the DoD Chief Information Officer (CIO). In this position, he serves as the focal point within the Department to implement the CMMC program across the Defense Industrial Base (DIB).
As the CMMC Director, Mr. Dees is responsible for shepherding this critical program though the rulemaking process for both the 32 and the 48 Code of Federal Regulations and ultimately implementing CMMC across the more than 220,000 companies that make up the DIB. In this role, he is responsible for collaborating across the Federal Government with partners such as the Department of Homeland Security and the other members of the Federal Acquisition Security Council, to standardize this process and truly federalize it.
William R. Spence is a highly accomplished and respected cybersecurity expert, who currently
serves as the Group Chief for the Defense Industrial Base Cybersecurity Assessment Center
(DIBCAC) with the Defense Contract Management Agency (DCMA). In this role, William leads
six teams of assessment experts that verify the implementation and enforcement of policies
and security requirements in accordance with Defense Federal Acquisition Regulation
Supplement (DFARS) Clauses 252.204-7012. This position is a testament to William's
expertise in the field and his commitment to ensuring the highest level of cybersecurity for the
defense industry.
Amy Starzynski Coddens joined the REN-ISAC in 2019 and currently serves as a Strategic Partnerships Manager. As a graduate of the Indiana University School of Education (M.S. ’06 & M.S. ’09), Amy comes from a background in P-16 education, research, and outreach. She has worked in the governmental, industrial, and academic sectors. Through that work, she has contributed to projects with the CMMC Accreditation Body, National Science Foundation, the New England Research Institute, Harvard’s PEAR Institute, the United States Department of Education’s Office of Special Education Programs, NASA Education, Indiana University’s Center for Applied Cybersecurity Research, TrustedCI and the Indiana University Kelley School of Business.
Highly accomplished leader with a distinguished 20+ year career introducing strategies to decrease exposure and minimize risks to government entities and businesses. Experienced in assessing Federal, DoD and commercial organizations. He is one of the first CMMC Provisional Assessors (PA) and Certified CMMC Professionals (CCP); he led CISEVE to being one of the first 10 Authorized C3PAOs. He has participated in one of the first “joint surveillance voluntary program” assessments with DIBCAC.
Expert in leading teams in assessing controls, infrastructures, and environments; identifying and communicating issues and risks; and recommending and implementing policies, standards and strategies. Holds CISSP, CISA, PMP and CIPP.
Stuart Itkin brings unique perspective to CMMC and the challenges organizations, both large and small face in satisfying government regulations and operating their businesses. As Vice President of NeoSystems, Itkin is focused on bringing managed services, software, and consulting to address the compliance, cybersecurity, and back office needs of small and medium businesses. Formerly Vice President of CMMC and FedRAMP Assurance at Coalfire Federal, Itkin led the company through its DIBCAC assessment and the process of becoming one of the first authorized C3PAOs. Itkin earlier served as Vice President of Product Management and Marketing at Exostar, a Boeing, Lockheed Martin, Raytheon Technologies, BAE Systems, Rolls Royce formed joint venture company, where he had responsibility over the company’s compliance management, supply chain risk management, and secure collaboration platforms, and for establishing its CMMC practice area. Stuart has served in leadership roles with cybersecurity companies PivotPoint Risk Analytics, SAIFE, and ThreatTrack Security, as lead mentor at the Virginia State Government funded MACH37 cybersecurity product accelerator, and as an advisor and board member to several early and growth stage cybersecurity companies. Stuart earned a BA and an MA and is an ABD from the University of Illinois at Urbana-Champaign.
Jerry is a trusted advisor and advocate for in-house counsel, compliance officers and senior leadership to ensure they can effectively navigate complex regulatory and contractual risks and obligations. He leads CROWN Information Security supporting Defense and critical infrastructure suppliers of all sizes and cybersecurity postures.
He is an expert at risk-based approaches embracing right-size outcomes that are cost-optimized to meet an organizations required security and compliance requirements. He is closely aligned with industry and technology leaders including Microsoft, AWS, and Google in delivering world- class solutions.
Fernando is the Managing Principal & Chief Information Security Officer for Cybersec Investments. Fernando was one of the earliest CMMC Provisional Assessors & was a member of the CMMC Accreditation Body’s Standards Management Industry Working Group, which helped develop guidance on CMMC’s assessment criteria & scoping with over 17,000 volunteer hours. This has led to being formally recognized with the President’s Volunteer Service Award.
Michael is currently the Schellman Knowledge and Learning Development Lead for Schellman. He has participated in and helped author the CMMC learning objectives, exam objectives, standards and methodology for the Cyber-AB.
As a recognized RMF SME, Michael has served as the Chief Sr. Cybersecurity advisor to 1, 2 and 3 Star commander(s) across the Army, Navy, and Marine Corps. Specializing in advanced cyber techniques and countermeasures. As a recognized SME by the CSIAC, CompTIA, and ISC2, Michael has authored courses for Cisco, EC|Council, CompTIA, ISACA, and ISC2; Twice awarded the National Science Foundation Scholarship; Served as the Chair – Cybersecurity Training Working Group for the US Army, and awarded “Outstanding Educator” by the Southern Association of Colleges in 2010.
As the founder of Peak InfoSec, Matt left the Federal government sector as an Air Force Program Manager to reapply his 25+ years of Information Security & Technology experience to the commercial sector. Matt now leads an organization that specializes in Information Security Turn Around efforts supporting federal and commercial sectors. Matt has been brought in to consult with organizations across the globe like United Launch Alliance, Sony, ConocoPhillips, and Munich Re-Insurance. His commitment to supporting the military and Defense Industrial Base did not stop when he left the Air Force. Matt is a recognized leader in the DoD’s new Cybersecurity Maturity Model Certification (CMMC). His leadership efforts led him to lead one of the first Authorized CMMC 3rd Party Assessor Organizations (C3PAO); being certified as a CMMC Provisional Assessor; volunteering on the CMMC Accreditation Body Industry Standards Working Group; and, as a Subject Matter Expert, helping several institutions develop CMMC training curricula.
Fred Tschirgi is the Sr. Cybersecurity Compliance Consultant at Guernsey, an authorized C3PAO. With a career that started as a Tactical Network Specialist in the United States Marine Corps, Fred understands the importance of a well-maintained and comprehensive security strategy at the deepest level. He has spent years in the professional, academic, and volunteering spaces to help bring CMMC compliance into the future of the defense industrial base.
I have a consulting company that specializes in Governance, Risk Management and Compliance. I am a CISSP and earned my MS in Information Security and Assurance from Norwich University. I have over 20 years of experience in IT and Security. I am retired from the USAF after 24 years of service.
Marci Womack is Director in Schellman’s Federal Assessment Practice overseeing both the emerging CMMC assessment program and the established FedRAMP assessment program. Prior to joining Schellman in 2016 as a senior associate, Marci worked as a federal contractor implementing and assessing federal cybersecurity programs, as well as an FFIEC/GLBA security controls assessor and consultant. Marci has over 10 years of information security experience across various industries and holds several key certifications including CISSP, CISA, CEH, Certified CMMC Professional, and CMMC Provisional Assessor.
Ben Tchoubineh is a serial entrepreneur in the fields of cybersecurity and education. He received his BS in Computer Science from the University of Maryland, and after a few years as a programmer decided to move into independent consultancy. He’s since founded multiple businesses focusing on IT and cybersecurity training, government contracting and consulting. Ben was a founding member of the board of directors of the CMMC Accreditation Body and headed the creation and development of the CMMC training and certification ecosystem. He lives in Columbia, MD with his wife of 25 years and two children.
CUI-CON Feb 2023 Sponsors
Office: 1-888-4CISEVE | https://CISEVE.com
Office: : (888) 676-6367 | https://www.neosystemscorp.com/
Office: (301) 360‑0001 / (866) 960-0001 | Email: info@ktlsolutions.com | https://www.ktlsolutions.com/
Office: 410-560-5602 | Email: sales@futurefeed.co | https://futurefeed.co
