CUI-CON Speakers

Mr. Buddy Dees serves as the Director, Cybersecurity Maturity Model Certification (CMMC) Program, Office of the Deputy Chief Information Officer for Cybersecurity, Office of the DoD Chief Information Officer (CIO). In this position, he serves as the focal point within the Department to implement the CMMC program across the Defense Industrial Base (DIB).

As the CMMC Director, Mr. Dees is responsible for shepherding this critical program though the rulemaking process for both the 32 and the 48 Code of Federal Regulations and ultimately implementing CMMC across the more than 220,000 companies that make up the DIB. In this role, he is responsible for collaborating across the Federal program across the Government with partners such as the Department of Homeland Security and the other members of the Federal Acquisition Security Council, to standardize this process and truly federalize it. He also directs the Department’s efforts to educate DIB partners on programmatic requirements and ensures that DoD implements risk information sharing though the program’s execution. Additionally, Mr. Dees’ responsibilities include ensuring the defense acquisition community is trained and capable of including these requirements in their programs and acquisitions.

Prior to joining the DoD CIO, Mr. Dees served as a Nuclear Command, Control and Communications (NC3) portfolio management analyst for the Office of the Under Secretary of Defense for Acquisition and Sustainment and as the CMMC Director and Deputy Director when the CMMC program was initiated and overseen by the Under Secretary of Defense for Acquisition and Sustainment.

Mr. Dees began his government career as an officer in the U.S. Air Force where he served on active duty for 20 years. He has extensive headquarters staff and operational experience in both tactical and strategic nuclear operations; command, control and communications; acquisition oversight; and program and resource management.

William R. Spence is a highly accomplished and respected cybersecurity expert, who currently serves as the Group Chief for the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) with the Defense Contract Management Agency (DCMA). In this role, William leads six teams of assessment experts that verify the implementation and enforcement of policies and security requirements in accordance with Defense Federal Acquisition Regulation Supplement (DFARS) Clauses 252.204-7012. This position is a testament to William’s expertise in the field and his commitment to ensuring the highest level of cybersecurity for the defense industry.

Before assuming his current role with the DIBCAC, William served as DCMA’s Security Engineering, Standards, & Architecture Chief. During his time with DCMA, William made significant contributions to the organization by establishing DCMA’s enterprise classified network and serving as the system owner under the Risk Management Framework (RMF). His expertise in this area allowed him to create a secure and efficient network infrastructure, ensuring the confidentiality, integrity, and availability of classified information.

William was also an original implementer of the DCMA’s cybersecurity program, establishing a Cyber Security Service Provider (CSSP) under the Department of Defense (DoD) original Computer Network Defense (CND) program. His work has had a lasting impact on the security of the organization.

Before his time at DCMA, William served as a Sergeant in the United States Marine Corps. This experience taught him the importance of discipline, teamwork, and leadership, which he has applied to his career in the cybersecurity field. His military background has given him a unique perspective and has equipped him with the skills necessary to lead and motivate his team towards success.

William is also a Certified Information Systems Security Professional (CISSP), this designation is a testament to his expertise and dedication to the field, and is a clear indication of his commitment to maintaining the highest standards of professionalism and excellence.

William R. Spence is a highly accomplished and respected cybersecurity expert, who has made significant contributions to the field throughout his career. His work with the Defense Contract Management Agency has had a lasting impact on the security of the defense

industry, and his leadership and innovation continue to inspire those around him.

Amy Starzynski Coddens joined the REN-ISAC in 2019 and currently serves as a Strategic Partnerships Manager. As a graduate of the Indiana University School of Education (M.S. ’06 & M.S. ’09), Amy comes from a background in P-16 education, research, and outreach. She has worked in the governmental, industrial, and academic sectors. Through that work, she has contributed to projects with the CMMC Accreditation Body, National Science Foundation, the New England Research Institute, Harvard’s PEAR Institute, the United States Department of Education’s Office of Special Education Programs, NASA Education, Indiana University’s Center for Applied Cybersecurity Research, TrustedCI and the Indiana University Kelley School of Business.

Amy is a current active member of the WiCys, Big Ten Academic Alliance, and EDUCAUSE communities, and is pursuing a Certificate in Cybersecurity Law and Policy via Indiana University’s Maurer School of Law.

Highly accomplished leader with a distinguished 20+ year career introducing strategies to decrease exposure and minimize risks to government entities and businesses. Experienced in assessing Federal, DoD and commercial organizations. He is one of the first CMMC Provisional Assessors (PA) and Certified CMMC Professionals (CCP); he led CISEVE to being one of the first 10 Authorized C3PAOs. He has participated in one of the first “joint surveillance voluntary program” assessments with DIBCAC.

Expert in leading teams in assessing controls, infrastructures, and environments; identifying and communicating issues and risks; and recommending and implementing policies, standards and strategies. Holds CISSP, CISA, PMP and CIPP.

Stuart Itkin brings unique perspective to CMMC and the challenges organizations, both large and small face in satisfying government regulations and operating their businesses. As Vice President of NeoSystems, Itkin is focused on bringing managed services, software, and consulting to address the compliance, cybersecurity, and back office needs of small and medium businesses. Formerly Vice President of CMMC and FedRAMP Assurance at Coalfire Federal, Itkin led the company through its DIBCAC assessment and the process of becoming one of the first authorized C3PAOs. Itkin earlier served as Vice President of Product Management and Marketing at Exostar, a Boeing, Lockheed Martin, Raytheon Technologies, BAE Systems, Rolls Royce formed joint venture company, where he had responsibility over the company’s compliance management, supply chain risk management, and secure collaboration platforms, and for establishing its CMMC practice area. Stuart has served in leadership roles with cybersecurity companies PivotPoint Risk Analytics, SAIFE, and ThreatTrack Security, as lead mentor at the Virginia State Government funded MACH37 cybersecurity product accelerator, and as an advisor and board member to several early and growth stage cybersecurity companies. Stuart earned a BA and an MA and is an ABD from the University of Illinois at Urbana-Champaign.

Jerry is a trusted advisor and advocate for in-house counsel, compliance officers and senior leadership to ensure they can effectively navigate complex regulatory and contractual risks and obligations.  He leads CROWN Information Security supporting Defense and critical infrastructure suppliers of all sizes and cybersecurity postures.

He is an expert at risk-based approaches embracing right-size outcomes that are cost-optimized to meet an organizations required security and compliance requirements. He is closely aligned with industry and technology leaders including Microsoft, AWS, and Google in delivering world- class solutions.

Jerry is active nationally on the CMMC Standards Council, member of the CMMC AB Standards Workgroup, a Provisional CMMC Assessor & Registered Practitioner (RP).  Jerry speaks nationally on Cybersecurity and DFARS/CMMC impacts, and partners with private/public organizations to increase the Pacific Northwest Defense and Aerospace manufacturer awareness.

Fernando is the Managing Principal & Chief Information Security Officer for Cybersec Investments. Fernando was was one of the earliest CMMC Provisional Assessors & was a member of the CMMC Accreditation Body’s Standards Management Industry Working Group, which helped develop guidance on CMMC’s assessment criteria & scoping with over 17,000 volunteer hours. This has led to being formally recognized with the President’s Volunteer Service Award.

Dr. O’Connor’s research has centered on computer security, emphasizing cybersecurity education, the security and privacy of IoT devices, wireless protocols, software-defined networking, and machine learning approaches for security. He has authored a book in the area and published his research in the proceedings of several academic conferences. Dr. O’Connor served 20 years as an US Army Officer, retiring in 2019 at the rank of Lieutenant Colonel. His service included an academic appointment to the Electrical Engineering and Computer Science Department at the US Military Academy and four assignments supporting the Special Forces from the tactical level in Afghanistan and culminated as the Chief Information Officer for the 1st Special Forces Command Headquarters. Dr. O’Connor is active in cyber security competitions and is the current coach for the FITSec Cybersecurity Team and previously coached the US Cyber Games Team.

Michael is currently the Schellman Knowledge and Learning Development Lead for Schellman. He has participated in and helped author the CMMC learning objectives, exam objectives, standards and methodology for the Cyber-AB.

As a recognized RMF SME, Michael has served as the Chief Sr. Cybersecurity advisor to 1, 2 and 3 Star commander(s) across the Army, Navy, and Marine Corps. Specializing in advanced cyber techniques and countermeasures. As a recognized SME by the CSIAC, CompTIA, and ISC2, Michael has authored courses for Cisco, EC|Council, CompTIA, ISACA, and ISC2; Twice awarded the National Science Foundation Scholarship; Served as the Chair – Cybersecurity Training Working Group for the US Army, and awarded “Outstanding Educator” by the Southern Association of Colleges in 2010.

With an active TS/SCI, he’s been a keynote speaker for national and regional Cybersecurity and Risk and conventions and informational workshops for corporate companies like HP, Booze Allen and Northrup Grumman, Harris Communications and others.

As the founder of Peak InfoSec, Matt left the Federal government sector as an Air Force Program Manager to reapply his 25+ years of Information Security & Technology experience to the commercial sector. Matt now leads an organization that specializes in Information Security Turn Around efforts supporting federal and commercial sectors. Matt has been brought in to consult with organizations across the globe like United Launch Alliance, Sony, ConocoPhillips, and Munich Re-Insurance. His commitment to supporting the military and Defense Industrial Base did not stop when he left the Air Force. Matt is a recognized leader in the DoD’s new Cybersecurity Maturity Model Certification (CMMC). His leadership efforts led him to lead one of the first Authorized CMMC 3rd Party Assessor Organizations (C3PAO); being certified as a CMMC Provisional Assessor; volunteering on the CMMC Accreditation Body Industry Standards Working Group; and, as a Subject Matter Expert, helping several institutions develop CMMC training curricula.

Fred Tschirgi is the Sr. Cybersecurity Compliance Consultant at Guernsey, an authorized C3PAO.  With a career that started as a Tactical Network Specialist in the United States Marine Corps, Fred understands the importance of a well-maintained and comprehensive security strategy at the deepest level.   He has spent years in the professional, academic, and volunteering spaces to help bring CMMC compliance into the future of the defense industrial base.

Ben Tchoubineh is a serial entrepreneur in the fields of cybersecurity and education. He received his BS in Computer Science from the University of Maryland, and after a few years as a programmer decided to move into independent consultancy. He’s since founded multiple businesses focusing on IT and cybersecurity training, government contracting and consulting. Ben was a founding member of the board of directors of the CMMC Accreditation Body and headed the creation and development of the CMMC training and certification ecosystem.  He lives in Columbia, MD with his wife of 25 years and two children.

I have a consulting company that specializes in Governance, Risk Management and Compliance. I am a CISSP and earned my MS in Information Security and Assurance from Norwich University. I have over 20 years of experience in IT and Security. I am retired from the USAF after 24 years of service.

Marci Womack is Director in Schellman’s Federal Assessment Practice overseeing both the emerging CMMC assessment program and the established FedRAMP assessment program. Prior to joining Schellman in 2016 as a senior associate, Marci worked as a federal contractor implementing and assessing federal cybersecurity programs, as well as an FFIEC/GLBA security controls assessor and consultant. Marci has over 10 years of information security experience across various industries and holds several key certifications including CISSP, CISA, CEH, Certified CMMC Professional, and CMMC Provisional Assessor.