Call for Speakers

CUI-CON | Seattle is opening a Call for Speakers to present and share their expertise. Unlike other conference, CUI-CON is not set up as a pay-to-speak arrangement or a sales pitch for your company/product.

Speakers are asked to present in an agnostic manner such that a company in the Defense Industrial Base can benefit.

CUI-CON | Seattle Call for Speakers is looking for two groups of speakers:

• Speakers for Curated Sessions: Speakers to address a CUI-CON specified topic and bring their knowledge and expertise on that topic.
• Speakers for Tech Talks: Tech talks are meant to be 20-minute short sessions that address a specific how-to do something to meet a compliance Security Requirement from NIST SP 800-171. Examples include how to use Azure Sentinel to identify inactive accounts per 3.5.6 or how Microsoft Cloud App Security can control the use of External systems per 3.1.20. This is not a sales pitch for your product, but a tech how-to session

Curated sessions are meant to incrementally walk a “newcomer to intermediate person” through topics that address the need to implement the Security Requirements in NIST SP 800-171, CMMC, and underlying programmatic guidance. The following are the curated sessions for CUI-CON | Seattle:

• Crash Intro to CUI, FAR 52, NIST SP 800-171, & DFARS -7012: This is a “100” level session that applies a broad brush to the compliance requirements behind organizations having to meet DoD’s compliance requirements and eventual need to be CMMC Certified.
• CUI Deep Dive: The point of this session is a deeper dive into all things CUI with an emphasis on identifying CUI, such as how to get a Program Office to tell whether there is CUI in the contract.
• The CMMC Program & Your Business: The CMMC Program final rule may even be released by the time CUI-CON | Seattle starts. The point of this session is to describe how the CMMC program works, POA&Ms, and a quick peek at ESP and scoping.
• NIST SP 800-171 Revision 3: NIST SP 800-171 Revision 3 and sister document, NIST SP 800-171A, have been published. This will drive changes to the DIB companies in 2025 to 2026. This session should be focused on guiding organizations on the Rev 3 impacts and preparing to include it in their POA&M.
• Your ESPs, You, and Compliance: CMMC Program brings ESP into scope. This session should dive into CSPs, MSPs, & MSSPs and how a DIB company should worry about the fact their ESP may be in scope. This session should also address the FedRAMP equivalency.
• Scoping your CUI Boundary: Understanding what is in scope is critical. This also has a double-edged sword now under the CMMC program with FCI having to be attested to also.
• Commonly Screwed Up Requirements: Whether 3.1.22, 3.3.1/3.3.3, 3.14.1, et al, there are requirements everyone keeps getting wrong. The intent of this session is to help attendees understand the problem areas, definitions, and nuances in NIST SP 800-171, so they don’t make the same mistakes.

Each session is a total of 60 minutes in duration. Speakers should plan for:

• 35-40 minutes presentation time on the topic
• 10-15 minutes for questions and answers
• 10-minute break between sessions

There are five (5) Tech Talks at CUI-CON | Seattle. Each session is 20 minutes long with 5 minutes for questions and answers.

Due to its brevity, each session needs to be concise and focused on how a DIB company can achieve an effect to meet a compliance requirement. Each Tech Talk should give the attendee enough guidance via shared slides or a how-to guide to set up the solution. Again, some examples include include how to use Azure Sentinel to identify inactive accounts per 3.5.6 or how the Microsoft Cloud App Security to control the use of External systems per 3.1.20.

Beyond these rules, Tech Talks are not curated.