Orlando 2024 CUI-CON Speakers

Keynote Speakers

Matt Travis
Matt TravisCEO, The CyberAB

Mr. Travis is the first chief executive officer of the Cyber Accreditation Body (the Cyber AB). Previously, Travis served as the first deputy director of the Cybersecurity and Infrastructure Security Agency (CISA), the nation’s leading civilian cybersecurity agency. There he oversaw the day-to-day operations of the $2+ billion, 2000+ employee organization across the full range of its mission in cybersecurity, infrastructure protections and emergency communications. Prior to this position, he was the deputy undersecretary for national protection (NPPD) within the Department of Homeland Security.

Before entering government service in 2018, Travis served as vice president of homeland security for Cadmus, a security, energy, and environmental professional services firm. He joined Cadmus when the security consultancy he co-founded, Obsidian Analysis, Inc., was acquired by Cadmus in 2016.

A former naval officer, Travis served as an engineering auxiliaries officer aboard the guided-missile frigate U.S.S. CARR (FFG 52). He then served a tour as White House Liaison to the Secretary of the Navy and was also a White House Military Aide. He is a 1991 graduate of the University of Notre Dame and holds a master’s in national security studies from Georgetown University.

CUI-CON Session Speakers

David Bedard
David Bedard

CMMC Registered Practitioner, CCP, Security+, and A+
Lead Security and Compliance Analyst
Worked with over 100+ DIB on compliance efforts in aligning with DFARS 7012 and NIST 800-171 requirements…..and eventually CMMC

David Driggers
David DriggersPartner, HTGRC

David Driggers is a seasoned cybersecurity practitioner with over 25 years experience working with customers in highly regulated OT environments.

James Goepel
James GoepelGeneral Counsel and Director of Education and Content

Summary: Author of CUI Fundamentals and CUI Informed. Attorney. Professor. Lecturer.
Expert Witness. Former Systems Administrator for Congress.

Jim is the Director of Education and Content at FutureFeed.co, where he brings a broad range of legal, technical, and business expertise to the team. He is a Founding Director and former Board Treasurer of the CMMC Accreditation Body (now called the CyberAB), a Certified CMMC Assessor, Certified CMMC Professional, CMMC Provisional Instructor, and CMMC Provisional Assessor. Jim also authored and taught the CyberAB’s initial Registered Practitioner program, co-authored two Certified CMMC Professional (“CCP”) curricula, and is the author of two books on Controlled Unclassified Information (“CUI”).

Jim earned a BSECE from Drexel University and JD and LLM degrees from George Mason University. Jim spent most of his professional career working in the cybersecurity field. He has worked for and counseled a variety of organizations, from various portions of the United States government, including the U.S. House of Representatives and United States Coastguard; to government contractors, including Unisys Corporation and The Johns Hopkins University Applied Physics Laboratory; to start-up technology and consulting companies.

Jim regularly speaks at domestic and international cybersecurity conferences and has been called upon as an expert witness on cybersecurity, IT, and government contracts issues. Jim’s research into the application of Enterprise Risk Management techniques to the field of cyber and privacy governance has been published by the Supreme Court of Singapore in their National Law Journal and in two different books published by LexisNexis.

Jim is also a co-founder of the CMMC Information Institute, a non-profit organization helping small businesses to better understand and meet their cybersecurity and data privacy obligations. When he isn’t working, teaching, or volunteering with the Institute, Jim can be found swimming, kayaking, and fishing with his kids.

Travis Goldbach
Travis Goldbach AWS CMMC GTM Leader

Travis has over 15 years experience as a cybersecurity and compliance professional with demonstrated ability to map key business drivers to ensure client success.

He started at AWS in 2021 to help AWS customers and partners accelerate their DFARS, NIST, and CMMC compliance requirements while reducing their level of effort and risk.

Prior to AWS Travis was a CMMC Program Leader at a top Managed Security Service Provider (MSSP) where he also led a team of cybersecurity consultants with a focus on helping Aerospace & Defense companies build their cybersecurity programs to meet some of the most stringent compliance requirements.

Thomas Graham, Ph.D
Thomas Graham, Ph.DVP and CISO

Dr. Thomas Graham, Ph.D., is the VP and CISO at Redspin, a leading Cybersecurity Maturity Model Certification (CMMC) service provider. He is a recognized expert in CMMC and holds multiple certifications, including Certified Assessor (CCA) and CMMC Certified Professional (CCP). Dr. Graham played a pivotal role in Redspin becoming the first authorized C3PAO and conducting DIBCAC High CMMC assessments under JSVAP. With a Ph.D. in Information Assurance and Security, he oversees internal security matters at Redspin. Dr. Graham’s accomplishments include receiving a FedHealthIT award while supporting the Defense Health Agency and speaking at industry events like the National Cyber Summit and ISC2 Security Congress. 

Stuart Itkin
Stuart ItkinVice President, NeoSystems

Stuart Itkin brings unique perspective to CMMC and the challenges organizations, both large and small face in satisfying government regulations and operating their businesses. As Vice President of NeoSystems, Itkin is focused on bringing managed services, software, and consulting to address the compliance, cybersecurity, and back office needs of small and medium businesses. Formerly Vice President of CMMC and FedRAMP Assurance at Coalfire Federal, Itkin led the company through its DIBCAC assessment and the process of becoming one of the first authorized C3PAOs. Itkin earlier served as Vice President of Product Management and Marketing at Exostar, a Boeing, Lockheed Martin, Raytheon Technologies, BAE Systems, Rolls Royce formed joint venture company, where he had responsibility over the company’s compliance management, supply chain risk management, and secure collaboration platforms, and for establishing its CMMC practice area. Stuart has served in leadership roles with cybersecurity companies PivotPoint Risk Analytics, SAIFE, and ThreatTrack Security, as lead mentor at the Virginia State Government funded MACH37 cybersecurity product accelerator, and as an advisor and board member to several early and growth stage cybersecurity companies. Stuart earned a BA and an MA and is an ABD from the University of Illinois at Urbana-Champaign.

Jerry Leishman, CCA, CCP
Jerry Leishman, CCA, CCPStrategic Alliance Manager, NeoSystems

Jerry is a board advisor, trusted cybersecurity & compliance expert and advocate for in-house counsel, compliance officers and senior leadership to ensure they can effectively navigate complex regulatory, legal, and contractual risks and obligations. Jerry is currently a Strategic Alliance Manager at NeoSystems Corp, supporting Defense and Critical Infrastructure suppliers of all sizes and cybersecurity postures. Prior to NeoSystems, Jerry was EVP & National Security & Compliance Director at CORTAC Group.

He is an expert at risk-based approaches embracing right-size outcomes that are cost-optimized to meet an organizations required security and compliance requirements. He is closely aligned with industry and technology leaders including Microsoft, AWS, and Google in delivering world- class solutions.

Jerry is active nationally on the CMMC Standards Council, member of the CMMC AB Standards Workgroup, a Provisional CMMC Assessor (PA), Certified CMMC Assessor (CCA), and Certified CMMC Professional (CCP).

Jerry speaks nationally on Cybersecurity and DFARS/CMMC impacts, supply chain, and partners with private/public organizations to increase the Pacific Northwest Defense and Aerospace manufacturer awareness and adoption.

Fernando Machado
Fernando MachadoManaging Principal, Cybersec Investments

Fernando is the Managing Principal & Chief Information Security Officer for Cybersec Investments. Fernando was was one of the earliest CMMC Provisional Assessors & was a member of the CMMC Accreditation Body’s Standards Management Industry Working Group, which helped develop guidance on CMMC’s assessment criteria & scoping with over 17,000 volunteer hours. This has led to being formally recognized with the President’s Volunteer Service Award.

 Carter Schoenberg
Carter Schoenberg VP & Chief Cybersecurity Officer, CISSP | CCA | QTE

Carter Schoenberg is the Vice President of Cybersecurity and Chief Cybersecurity Officer at SoundWay Consulting, Inc. He is a Certified Information Systems Security Professional (CISSP), Boardroom Qualified Technology Expert (QTE), and a CMMC Certified Assessor (CCA). His company is an approved CMMC Third Party Assessing Organization (C3PAO) and has been helping defense contractors prepare for CMMC and DFARs obligations since 2021.

Carter has over 29 years of combined experience in criminal investigations, cyber threat intelligence, cybersecurity, cyber risk management, and cyber law. His past works include comprehensive assessments of U.S. Government Contractors to align with what are now formal requirements set forth by the Defense Department including NIST SP 800-171 and now the Cybersecurity Maturity Model Certification (CMMC).

His expertise has been featured at MITRE’s quarterly Cyber Supply Chain Risk Forum at the request of DOD and DHS, InfoSec World, SecureWorld Expo, and the National Association of Insurance Commissioners (NAIC).

Mr. Schoenberg actively contributed to the GSA/DoD Final Report to the White House “Improving Cybersecurity and Resiliency through Acquisition”. His work products have been actively used by DOD, Department of Education, DHS, the ISAC communities, Smart Cities, and the Georgia Bar Association for Continuing Learning Educational (CLE) credits on the topic of cybersecurity risk and liability. Mr. Schoenberg also recently co-authored “Guidance for Smart Cities and Municipalities Cyber Supply Chain Risk Management (C-SCRM)” published by NIST.

Scott Singer
Scott SingerCEO, Cybernines

CAPT, USN (retired) Scott Singer brings 30 years of military experience in both active duty and reserve rolls along with 31 years of industry experience.  Scott co-founded CyberNINES and serves as the Chief Executive Officer.  Most recently Scott was at PaR Systems, where he was Chief Information Officer since 2010.  At PaR, Scott had responsibility for information systems, global quality, export control, security, and continuous process improvement. Previously, Scott spent 16 years with Medtronic in various leadership positions including the European Infrastructure Manager, the Vascular division CIO, and the head of global security.  At Medtronic, Scott was a member of the ISPE GAMP 5 Risk Special Interest Group and led the development of the Software Development and Validation Life Cycle (SDVLC).  Scott has extensive experience with regulatory frameworks and government contracting including Federal Acquisition Regulations (FAR/DFARS), HIPAA, medical device (ISO 13485), and cybersecurity (ISO 27001, NIST), aerospace (AS9100) and nuclear (NQA-1).

Scott is the past board chair for the Minnesota Technology Association (MnTech), past President of the University of Wisconsin, Madison NROTC Alumni Association, and past board member of InfraGard.  In June 2021, he testified before Congress on the costs to small business to comply with the DoDs Cybersecurity Maturity Model Certification (CMMC).  He currently chairs the C3PAO (CMMC Third-Party Assessment Organization) Stakeholder Forum (C3PAOForum.org).

Scott has an MBA in Information Systems from the University of Minnesota, Carlson School of Management, and BS is Meteorology from the University of Wisconsin at Madison.  He also has a certification in Joint Professional Military Education from The Naval War College.

For the DoD cybersecurity ecosystem, Scott is a Certified CMMC Assessor (CCA), Certified CMMC Professional (CCP), and CMMC Provisional Instructor (PI).  CyberNINES is an Authorized C3PAO.

Leia Shilobod, CISM, CCP
Leia Shilobod, CISM, CCPChief Security Officer | IT Princess of Power

Leia Kupris Shilobod, CISM is the CEO and CSO of CompliancyIT, author of Cyber Warfare: Protecting Your Business From Total Annihilation and co-producer of the documentary “Cybercrime: The Dark Web Uncovered.” As a cyber security advisor and CMMC Compliance SME, Leia speaks frequently and has been heard at IT Security Conferences, industry podcasts, and webinars. To help MSP’s get and keep their clients compliant, and internal IT to have a roadmap to functional CMMC success, Leia created the CMMC IT Documentation Toolkit. She leads CompliancyIT in providing cybersecurity compliance, as well as compliant helpdesk, infrastructure, and security services to help her clients meet their strategic goals.

Matthew Titcombe
Matthew TitcombeCEO, Peak InfoSec

As the founder of Peak InfoSec, Matt left the Federal government sector as an Air Force Program Manager to reapply his 25+ years of Information Security & Technology experience to the commercial sector. Matt now leads an organization that specializes in Information Security Turn Around efforts supporting federal and commercial sectors. Matt has been brought in to consult with organizations across the globe like United Launch Alliance, Sony, ConocoPhillips, and Munich Re-Insurance. His commitment to supporting the military and Defense Industrial Base did not stop when he left the Air Force. Matt is a recognized leader in the DoD’s new Cybersecurity Maturity Model Certification (CMMC). His leadership efforts led him to lead one of the first Authorized CMMC 3rd Party Assessor Organizations (C3PAO); being certified as a CMMC Provisional Assessor; volunteering on the CMMC Accreditation Body Industry Standards Working Group; and, as a Subject Matter Expert, helping several institutions develop CMMC training curricula.

Tom Tollerton
Tom TollertonPrincipal, CMMC Practice Leader with FORVIS, LLP

Tom has more than 20 years of experience in the cybersecurity industry and leads the firm’s CMMC and federal compliance advisory services. His firm, FORVIS, LLP was one of the earliest C3PAO firms and Tom is a CMMC Provisional Assessor. Tom’s clients include organizations in the defense, technology, energy, logistics, and financial services industries, including multiple Fortune 500 enterprises.

Prior to joining the firm, Tom developed and implemented cybersecurity risk and compliance solutions for a Fortune 500 defense contractor. He has been published in national publications and is a regular speaker on cybersecurity and privacy topics at various industry events. Tom is a graduate of Florida State University, Tallahassee, with M.B.A. and B.S. degrees.

Richard Wakeman
Richard WakemanChief Architect for Cybersecurity of Aerospace & Defense, Microsoft

Richard Wakeman is the Chief Architect for cybersecurity of Aerospace & Defense at Microsoft. He specializes in the Defense Industrial Base adopting cloud services from Microsoft. Richard engages with Microsoft partners and customers end-to-end to drive adoption of Azure Government, Microsoft 365 GCC High / DoD and Dynamics 365 GCC High as solutions within the Microsoft US Sovereign Clouds.

Richard joined Microsoft in 2007 as a developer, identity and messaging expert at the dawn of Microsoft Online Services. Shortly after joining, he was engaged by the Exchange Product Group to lead cloud deployments worldwide for Live@edu as part of the Exchange Labs program. He led the charge for integration of MCS and Premier services with cloud offerings, becoming a Senior Architect for the Microsoft Enterprise Services Business Productivity Global Domain Solution Architecture Office.

In his role guiding customer journeys to the cloud, Richard has worked with hundreds of the most prominent world-wide accounts, adopting the evolving Microsoft Online Services from Live@edu to BPOS to Office 365 and Azure, and now our new sovereign clouds.

Amy Williams PhD CISSP, CMMC-CCA, PA, PI
Amy Williams PhD CISSP, CMMC-CCA, PA, PIVice President of CMMC at Coalfire Federal

Amy Williams began her career in Accounting Information Systems, a precursor to cybersecurity that imbued her with the talents and knowledge that she uses today. A member of multiple fields of study, Dr. Williams has ample experience understanding fraud, system errors in internal systems, and internet security protection. She has been on the forefront of developing cyber strategies for supply chains since the world wide web made the internet popular for sharing data in business. With both a Master’s Degree and PhD from Virginia Tech, Amy Williams has held prestigious positions with the NY Crime Commission where she built an alliance with the FBI, and she led the development of BlueVoyant’s CMMC and CIS Advisory Practices prior to joining Coalfire Federal.

As Vice President of CMMC at Coalfire Federal, Dr. Williams has proudly built and led the current CMMC advisory and certification programs. She spends her time following industry leaders on LinkedIn, and is regularly and invited speaker at industry conferences for CMMC and cybersecurity in general and has authored many peer reviewed and thought leadership papers on various cybersecurity topics.

Marci Womack, CISA, CISSP
Marci Womack, CISA, CISSPDirector of Federal Services at Schellman

Marci Womack is a Managing Director at Schellman where she focuses on Schellman’s Federal Practice, specifically overseeing both the emerging CMMC assessment program and the established FedRAMP assessment program. Marci also serves as the 3PAO (third party assessment organization) representative on the Federal Secure Cloud Advisory Committee (FSCAC). Prior to joining Schellman in 2016 as a senior associate, Marci worked as a federal contractor implementing and assessing federal cybersecurity programs, as well as an FFIEC/GLBA security controls assessor and consultant. Marci has over 10 years of information security experience across various industries and holds key certifications, including CISSP, CISA, CEH, and (CMMC) CCA. Marci is also experienced in other related frameworks, including StateRAMP, IRS 1075, MARS-E, and CJIS.