CUI-CON Speakers

Keynote Speakers

Matt Travis
Matt TravisCEO, The CyberAB

Mr. Travis is the first chief executive officer of the Cyber Accreditation Body (the Cyber AB). Previously, Travis served as the first deputy director of the Cybersecurity and Infrastructure Security Agency (CISA), the nation’s leading civilian cybersecurity agency. There he oversaw the day-to-day operations of the $2+ billion, 2000+ employee organization across the full range of its mission in cybersecurity, infrastructure protections and emergency communications. Prior to this position, he was the deputy undersecretary for national protection (NPPD) within the Department of Homeland Security.

Before entering government service in 2018, Travis served as vice president of homeland security for Cadmus, a security, energy, and environmental professional services firm. He joined Cadmus when the security consultancy he co-founded, Obsidian Analysis, Inc., was acquired by Cadmus in 2016.

A former naval officer, Travis served as an engineering auxiliaries officer aboard the guided-missile frigate U.S.S. CARR (FFG 52). He then served a tour as White House Liaison to the Secretary of the Navy and was also a White House Military Aide. He is a 1991 graduate of the University of Notre Dame and holds a master’s in national security studies from Georgetown University.

CUI-CON Session Speakers

David Bedard
David Bedard

CMMC Registered Practitioner, CCP, Security+, and A+
Lead Security and Compliance Analyst
Worked with over 100+ DIB on compliance efforts in aligning with DFARS 7012 and NIST 800-171 requirements…..and eventually CMMC

Michael Dempsey
Michael DempseyChief Operating Officer & Founder

Highly accomplished leader with a distinguished 20+ year career introducing strategies to decrease exposure and minimize risks to government entities and businesses. Experienced in assessing Federal, DoD and commercial organizations. He is one of the first CMMC Provisional Assessors (PA) and Certified CMMC Professionals (CCP); he led CISEVE to being one of the first 10 Authorized C3PAOs. He has participated in one of the first “joint surveillance voluntary program” assessments with DIBCAC.

Expert in leading teams in assessing controls, infrastructures, and environments; identifying and communicating issues and risks; and recommending and implementing policies, standards and strategies. Holds CISSP, CISA, PMP and CIPP.

David Driggers
David DriggersPartner, HTGRC

David Driggers is a seasoned cybersecurity practitioner with over 25 years experience working with customers in highly regulated OT environments.

James Goepel
James GoepelGeneral Counsel and Director of Education and Content

Summary: Author of CUI Fundamentals and CUI Informed. Attorney. Professor. Lecturer.
Expert Witness. Former Systems Administrator for Congress.

Jim is the Director of Education and Content at, where he brings a broad range of legal, technical, and business expertise to the team. He is a Founding Director and former Board Treasurer of the CMMC Accreditation Body (now called the CyberAB), a Certified CMMC Assessor, Certified CMMC Professional, CMMC Provisional Instructor, and CMMC Provisional Assessor. Jim also authored and taught the CyberAB’s initial Registered Practitioner program, co-authored two Certified CMMC Professional (“CCP”) curricula, and is the author of two books on Controlled Unclassified Information (“CUI”).

Jim earned a BSECE from Drexel University and JD and LLM degrees from George Mason University. Jim spent most of his professional career working in the cybersecurity field. He has worked for and counseled a variety of organizations, from various portions of the United States government, including the U.S. House of Representatives and United States Coastguard; to government contractors, including Unisys Corporation and The Johns Hopkins University Applied Physics Laboratory; to start-up technology and consulting companies.

Jim regularly speaks at domestic and international cybersecurity conferences and has been called upon as an expert witness on cybersecurity, IT, and government contracts issues. Jim’s research into the application of Enterprise Risk Management techniques to the field of cyber and privacy governance has been published by the Supreme Court of Singapore in their National Law Journal and in two different books published by LexisNexis.

Jim is also a co-founder of the CMMC Information Institute, a non-profit organization helping small businesses to better understand and meet their cybersecurity and data privacy obligations. When he isn’t working, teaching, or volunteering with the Institute, Jim can be found swimming, kayaking, and fishing with his kids.

Travis Goldbach AWS CMMC GTM Leader

Coming Soon

Fernando Machado
Fernando MachadoManaging Principal, Cybersec Investments

Fernando is the Managing Principal & Chief Information Security Officer for Cybersec Investments. Fernando was was one of the earliest CMMC Provisional Assessors & was a member of the CMMC Accreditation Body’s Standards Management Industry Working Group, which helped develop guidance on CMMC’s assessment criteria & scoping with over 17,000 volunteer hours. This has led to being formally recognized with the President’s Volunteer Service Award.

 Carter Schoenberg
Carter Schoenberg VP & Chief Cybersecurity Officer, CISSP | CCA | QTE

Carter Schoenberg is the Vice President of Cybersecurity and Chief Cybersecurity Officer at SoundWay Consulting, Inc. He is a Certified Information Systems Security Professional (CISSP), Boardroom Qualified Technology Expert (QTE), and a CMMC Certified Assessor (CCA). His company is an approved CMMC Third Party Assessing Organization (C3PAO) and has been helping defense contractors prepare for CMMC and DFARs obligations since 2021.

Carter has over 29 years of combined experience in criminal investigations, cyber threat intelligence, cybersecurity, cyber risk management, and cyber law. His past works include comprehensive assessments of U.S. Government Contractors to align with what are now formal requirements set forth by the Defense Department including NIST SP 800-171 and now the Cybersecurity Maturity Model Certification (CMMC).

His expertise has been featured at MITRE’s quarterly Cyber Supply Chain Risk Forum at the request of DOD and DHS, InfoSec World, SecureWorld Expo, and the National Association of Insurance Commissioners (NAIC).

Mr. Schoenberg actively contributed to the GSA/DoD Final Report to the White House “Improving Cybersecurity and Resiliency through Acquisition”. His work products have been actively used by DOD, Department of Education, DHS, the ISAC communities, Smart Cities, and the Georgia Bar Association for Continuing Learning Educational (CLE) credits on the topic of cybersecurity risk and liability. Mr. Schoenberg also recently co-authored “Guidance for Smart Cities and Municipalities Cyber Supply Chain Risk Management (C-SCRM)” published by NIST.

Leia Shilobod, CISM, CCPChief Security Officer | IT Princess of Power

Coming Soon

Rob Teague
Rob TeagueDirector, CMMC Services at Redspin

Interested in Speaking at CUI-CON?  Please submit a proposal at

Matthew Titcombe
Matthew TitcombeCEO, Peak InfoSec

As the founder of Peak InfoSec, Matt left the Federal government sector as an Air Force Program Manager to reapply his 25+ years of Information Security & Technology experience to the commercial sector. Matt now leads an organization that specializes in Information Security Turn Around efforts supporting federal and commercial sectors. Matt has been brought in to consult with organizations across the globe like United Launch Alliance, Sony, ConocoPhillips, and Munich Re-Insurance. His commitment to supporting the military and Defense Industrial Base did not stop when he left the Air Force. Matt is a recognized leader in the DoD’s new Cybersecurity Maturity Model Certification (CMMC). His leadership efforts led him to lead one of the first Authorized CMMC 3rd Party Assessor Organizations (C3PAO); being certified as a CMMC Provisional Assessor; volunteering on the CMMC Accreditation Body Industry Standards Working Group; and, as a Subject Matter Expert, helping several institutions develop CMMC training curricula.

Tom Tollerton
Tom TollertonPrincipal, CMMC Practice Leader with FORVIS, LLP

Tom has more than 20 years of experience in the cybersecurity industry and leads the firm’s CMMC and federal compliance advisory services. His firm, FORVIS, LLP was one of the earliest C3PAO firms and Tom is a CMMC Provisional Assessor. Tom’s clients include organizations in the defense, technology, energy, logistics, and financial services industries, including multiple Fortune 500 enterprises.

Prior to joining the firm, Tom developed and implemented cybersecurity risk and compliance solutions for a Fortune 500 defense contractor. He has been published in national publications and is a regular speaker on cybersecurity and privacy topics at various industry events. Tom is a graduate of Florida State University, Tallahassee, with M.B.A. and B.S. degrees.

Richard Wakeman
Richard WakemanChief Architect for Cybersecurity of Aerospace & Defense, Microsoft

Richard Wakeman is the Chief Architect for cybersecurity of Aerospace & Defense at Microsoft. He specializes in the Defense Industrial Base adopting cloud services from Microsoft. Richard engages with Microsoft partners and customers end-to-end to drive adoption of Azure Government, Microsoft 365 GCC High / DoD and Dynamics 365 GCC High as solutions within the Microsoft US Sovereign Clouds.

Richard joined Microsoft in 2007 as a developer, identity and messaging expert at the dawn of Microsoft Online Services. Shortly after joining, he was engaged by the Exchange Product Group to lead cloud deployments worldwide for Live@edu as part of the Exchange Labs program. He led the charge for integration of MCS and Premier services with cloud offerings, becoming a Senior Architect for the Microsoft Enterprise Services Business Productivity Global Domain Solution Architecture Office.

In his role guiding customer journeys to the cloud, Richard has worked with hundreds of the most prominent world-wide accounts, adopting the evolving Microsoft Online Services from Live@edu to BPOS to Office 365 and Azure, and now our new sovereign clouds.

Marci Womack, CISA, CISSP
Marci Womack, CISA, CISSPDirector of Federal Services at Schellman

Marci Womack is Director in Schellman’s Federal Assessment Practice overseeing both the emerging CMMC assessment program and the established FedRAMP assessment program. Prior to joining Schellman in 2016 as a senior associate, Marci worked as a federal contractor implementing and assessing federal cybersecurity programs, as well as an FFIEC/GLBA security controls assessor and consultant. Marci has over 10 years of information security experience across various industries and holds several key certifications including CISSP, CISA, CEH, Certified CMMC Professional, and CMMC Provisional Assessor.