Go Back Up

Agenda

All times are in Eastern Time (ET).

Day One: April 3

  1. 08:00 - 09:00AM Check-In Open

    Networking Breakfast

  2. 09:00 - 10:00AM Main Session One

    Battlefield Cyber and The Fight for US Intellectual Property

    The United States is being bombarded by cyberattacks. Russia attracts the most attention, but China is vastly more sophisticated. If we are waiting for a “cyber 9/11” or “cyber Pearl Harbor” we are misunderstanding how our adversaries wage cyber warfare. In this session Michael McLaughlin, author of Battlefield Cyber will use language everyone can understand to dive into how China and Russia are undermining our Democracy and national security – and what to do about it.
    Read More
    • Michael-McLaughlin

      Michael McLaughlin

      Author of Battlefield Cyber
  3. 10:15 - 11:15AM Main Session Two

    It’s 10pm, do you know where your MSP is?

    Managed Service Providers (MSPs) play a critical role in a company’s CMMC success. The CMMC proposed ups the stakes by requiring MSPs to achieve the same certification level as their clients. Most people are unaware just how long it takes for the average MSP to achieve CMMC – if they are able to transform their service delivery at all. With the CMMC final rule less than a year away organizations have critical decisions to make without much time to make them. This session explores the realities and obstacles posed by CMMC for MSPs and what it means for defense contractors.
    Read More
    • Daniel-Akridge

      Daniel Akridge

      Director of Engagement, Summit 7

    • Ryan-Bonner

      Ryan Bonner

      CEO, DEFCERT

  4. 11:30 - 12:30PM Main Session Three

    A Former Contract Officer's Peek Into Your Supply Chain

    When it comes to DFARS clauses, NIST requirements, and CMMC levels all roads lead to the Contracting Officer. The problem is most defense contractors never speak with the contracting officer and most “KOs” have so much to juggle that the particulars of cybersecurity just don’t filter to the top. In this session you will hear directly from two former contracting officers about the realities of the KO world and what it means for granting CMMC waivers, exceptions to NIST requirements, and negotiating DFARS clauses out of contracts.
    Read More
    • Ayers-1

      Lauren Ayers

      President & Founder, Ayers & Associates
    • gruden-michael-g-1515942_headshot

      Michael Gruden

      Privacy & Cybersecurity Attorney, Crowell & Moring LLP

    • Jacob Horne Headshot-1

      Jacob Horne

      Chief Cybersecurity Evangelist, Summit 7

  5. 12:30PM

    Networking and Lunch

  6. 14:00 - 15:00PM Executive Breakout One

    Prime Contractor Perspectives on CMMC, Security, and Supply Chain Resiliency

    The biggest factor affecting CMMC requirements for defense contractors isn’t DoD rulemaking – it’s the decisions of the large prime contractors. Minimizing the flow of CUI; requiring different CMMC levels; and the expected timeline for achieving certification are all dependent on the primes. In this session you will hear the perspectives of three large prime contractors on timelines, expectations, and success strategies for defense subcontractors.
    Read More
    • BradShannon2023_400x400

      Brad Shannon

      Director of Product Management, Managed Services, Summit 7

    • Matt_Ramsey_1X1

      Matthew Ramsey

      CIO, BlueHalo

    • JeffSmedleyHeadshot

      Jeff Smedley

      Vice President and CIO, J&J Worldwide Services

    • SamSalinas

      Sam Salinas

      Enterprise Compliance Services, RTX

  7. 14:00 - 15:00PM Technical Breakout One

    DoD Cyber Crime Center: Tales from the Front Lines of Supporting the DIB

    The DoD-Defense Industrial Base Collaborative Information Sharing Environment (DCISE) is focused on protecting intellectual property and safeguarding DoD content residing on contractor networks. This session will cover the services offered by DC3 and case studies about what happens when companies skip them.
    Read More
    • TerryKalka

      Terry Kalka

      Director, DoD Cyber Crime Center (DC3)

  8. 15:15 - 16:15PM Executive Breakout Two

    The Truth about the False Claims Act

    The False Claims Act is the boogeyman of the CMMC world. Is the threat of millions of dollars of legal fees just FUD? How should defense suppliers approach a situation where their technical staff stand to get paid significant amounts of money for blowing the whistle? This session will cover what companies need to know about the realities of the “FCA” and strategies for avoiding investigations in the first place.
    Read More
    • Stephanie Siegmann

      Stephanie Siegmann

      Cybersecurity & White Collar Defense Partner

    • crusius-eric-s

      Eric Crusius

      Partner, Holland & Knight

    • JasonSproesser2

      Jason Sproesser

      Director of Product Management, Compliance Services, Summit 7

  9. 15:15 - 16:15PM Technical Breakout Two

    Vulnerable to Viable: Leveraging MxDR Services for CMMC Compliance

    • PatrickRoland

      Patrick Roland

      Director of Vigilance (MSSP), Summit 7

Day Two: April 4

  1. 08:00 - 09:00AM Check-In Open

    Networking Breakfast

  2. 09:00 - 10:00AM Main Session One

    Pulling Back the Curtain – Inviting a C3PAO and DIBCAC to Come On In

    When your defense contracts fall in the category of a critical program or high value asset, you expect DIBCAC to come knocking on your door, asking to look behind the curtain and assess your security posture. It’s not if, but when.

    At Marvin Engineering, the decision to pivot to JSVA instead of a DIBCAC assessment meant more time, money and resources. Many questions were hard to find answers to, like: What are the differences between a DIBCAC assessment and a C3PAO assessment and how do you plan and prepare for both? How do you secure the support of the stakeholders? And how much control do you really have over the results?

    Matt Reynolds, CIO is willing to pull back the curtains, sharing the wins (and hangover remedies) leveraged by his team in the wake of their JVSA in this engaging session with Joy Beland, CCA and Caleb Leidy, CCA and former DIBCAC assessor. Spoiler alert: The curtain stays open long after DIBCAC goes home.
    Read More
    • matt_reynolds_bio_photo (002)

      Matt Reynolds

      Chief Information Officer, The Marvin Group

    • Leadership_JoyBeland_499x499

      Joy Beland

      VP of Partner Strategy and Cybersecurity Education, Summit 7

    • Caleb-Leidy-Headshot1.18.23

      Caleb Leidy

      Compliance Manager, Summit 7

  3. 10:15 - 11:15AM Main Session Two

    Ecosystem Update from The Cyber AB

    CMMC will be here sooner rather than later. How will the assessment ecosystem handle the spike in demand? Will there be enough assessors? Hear from The Cyber AB CEO Matt Travis on what the near-term future looks like and what’s in store over the long run.
    Read More
    • MatthewTravisSquare

      Matthew Travis

      CEO, CYBER AB

  4. 11:30 - 12:30PM Main Session Three

    Compliance vs Security: Exploring the Real-World Security Value of CMMC

    CMMC is often criticized for being ineffective against the cyber threats that motivated its creation. But many of those criticisms are just as unfounded as the rhetoric used to promote CMMC as a cybersecurity silver bullet. Like most things, the truth lies somewhere in the middle. What level of security does a company get when they achieve CMMC certification? This session will explore what you get when CMMC is all you’ve got by comparing CMMC baselines against real-world cyber threat profiles.
    Read More
    • Jacob Horne Headshot-1

      Jacob Horne

      Chief Cybersecurity Evangelist, Summit 7

  5. 12:30PM

    Networking and Lunch

  6. 14:00 - 15:00PM Executive Breakout One

    Moderately Confused: Decoding FedRAMP Equivalence for Defense Contractors

    The Proposed Final Rule allows Defense Industrial Base (DIB) contractors to utilize Cloud Service Providers (CSPs) that are either FedRAMP Moderate Authorized or have implemented security requirements equivalent to FedRAMP Moderate. This distinction is particularly important for industry-specific cloud solutions, like manufacturing software, which may not have a direct market in the federal government and thus lack a clear path to Authorization. In these situations, contractors must confirm the CSP is equivalent, as defined in a recent DOD memo. This presentation will provide contractors with a comprehensive overview of why a CSP might pursue equivalency, what it takes for a CSP to be compliant (including the process, costs, and timeline required), and what to look for in a CSP’s Body of Evidence. By better understanding the requirements and evidence, you will be better equipped to make a well-informed decision about whether to include a particular CSP in your CMMC boundary.
    Read More
    • ScottSawyer

      Scott Sawyer

      Co-Founder & Chief Scientist, Paperless Parts

  7. 14:00 - 15:00PM Technical Breakout One

    CMMC Security: Going on the ATT&CK

    PKFOD’s Cybersecurity and Privacy practice works with organizations across the Defense Industrial Base and other industries on both compliance and security-focused initiatives. This provides a unique perspective that has allowed the team to develop compliance strategies that address genuine information security threats, as well as a penetration testing methodology that targets these commonly identified security weaknesses throughout the DIB. This talk features a deep dive into three MITRE ATT&CK techniques that the team has used to compromise DIB companies within the last year, as well as corresponding implementations of specific CMMC requirements that can help to eliminate these real-world attack vectors.
    Read More
    • ScottGoodwin_Small

      Scott Goodwin

      Principal – Cybersecurity & Privacy Advisor, PKF O’Conner Davies Advisory, LLC

  8. 15:15 - 16:15PM Executive Breakout Two

    Defining Boundaries:
    The Critical Role of External Service Providers (ESPs) in Securing the DIB

    It’s no secret - the DoD has stated that CMMC Level 2 validation will be required for MSPs and MSSPs who serve in the capacity or performing IT or security capabilities on behalf of an OSC.  What does this mean to the defense contractor ecosystem?

    This session will introduce MSPs for the Protection of Critical Infrastructure, review the mission of the collective, and walk through key positions the industry group is taking, with a deep-dive into the recently published paper on ESP Scoping and Program Recommendations submitted as part of the CMMC Proposed Rule comments.

    Even if you are not leveraging an MSP, it is important to understand the impact this could have on your supply chain.
    Read More
    • GeorgePerezdiaz

      George Perezdiaz

      Practice Leader, Cyber Risk and Compliance, SP6

    • Leadership_JoyBeland_499x499

      Joy Beland

      VP of Partner Strategy and Cybersecurity Education, Summit 7

  9. 15:15 - 16:15PM Technical Breakout Two

    Microsoft Copilot for Security and NIST 800-171

    Despite no public timeline on the availability of Microsoft Copilot for Security in Microsoft’s US Gov cloud (Microsoft 365 GCC/GCC High and Azure Government), it’s worthwhile exploring how companies in the DIB may use these AI-powered capabilities to meet NIST 800-171 security requirements, and ultimately defend against threats with finite or limited resources. In this session, attendees will gain a glimpse at future solutions and how they align to some of the core elements of CMMC – before, during and after assessment. 
    Read More
    • ShawnHays

      Shawn Hays

      Senior Product Marketing Manager, Microsoft