About CS2 Tampa
- CMMC 2.0
- NIST 800-171
- The DFARS 70 Series (7012, 7019, 7020)
- ITAR regulations
- Handling CUI and FCI
- And much more
These events are specifically curated towards aerospace and defense contractors and those in higher education institutions looking for practical approaches to address security threats, invest in the culture of cybersecurity for their organization, and glean best practices for their cloud investments.
(In-Person and Virtual Attendance)
Director DIBCAC (Acting), Director of Software DCMA, US Department of Defense
Senior Director, Aerospace & Defense MS Azure Global, Microsoft
Chief Cybersecurity Evangelist, Summit 7
President, Win-Tech, Inc.
VP CMMC and FedRAMP Assurance, Coalfire Federal
Founder and CEO, DEFCERT
Information Systems Supervisor, Charles River Analytics
IT and Cybersecurity Advisory Service Lead, Chess Consulting
Manager - IT Risk Assurance and Advisory, DGC
President and CEO, Summit 7
07:00 - Registration & Check-In [Breakfast Offered at 07:30]
Breakfast, Coffee, Tea, Custom Beverages
08:00 - An Update on CMMC 2.0, DFARS, & NIST 800-171 Assessment Requirements
John Ellis, DIBCAC / DCMA - The Department of Defense has been working on timelines and rulemaking for 2022, as well as what these regulations require from defense contractors. In this talk, John Ellis will cover timelines for assessments and what contractors must be doing to prepare for CMMC 2.0 and existing DFARS, NIST 800-171 requirements.
09:00 - The Price of Security: Cost Accounting Considerations for CMMC
Mike Tomaselli - As DOD contractors enhance their security capabilities in response to CMMC, they are experiencing a subsequent increase in their costs. There is much confusion and anxiety regarding the ability of contractors to recover these costs under DOD contracts. Join Mike for a discussion on government contract cost accounting standards and principles, including allowability and allocability, that we can apply to CMMC costs with an aim towards compliance and competitiveness.
10:00 - CMMC Is About Cybersecurity, Remember? Perspectives from a Penetration Tester
Scott Goodwin - When most people hear "DFARS" or "CMMC" they hear "compliance". As a result, many organizations implement security controls to check the box rather than provide real security benefits. This talk will outline how a security-first CMMC implementation allows companies to maximize the security return on their compliance investment by helping to eliminate the top five attack vectors used to compromise networks across the defense industrial base.
11:00 - Microsoft's CMMC Acceleration Program Update
Richard Wakeman - In this session, Mr. Wakeman will discuss the Microsoft Product Placemat for CMMC 2.0 and the Technical Reference Guide for CMMC 2.0, along with a deeper dive into the Microsoft Sentinel CMMC 2.0 Solution. He will also cover Microsoft 365 Cross-Cloud Collaboration Scenarios such as Cross-Tenant Access Settings in Microsoft 365 US Government (GCC High).
12:00 Lunch Break
Lunch provided by CS2
13:00 - Finding Signal in the Noise: Understanding Common CMMC Vendor Tactics
Allison Giddens - Small and medium-sized DoD suppliers are flooded by offers and emails from consultants and service providers to help with CMMC requirements. Unfortunately, many sales claims aren't accurate, honest, or helpful. This talk will step through the key questions that businesses should ask to properly evaluate potential partners.
14:00 - Living on Borrowed Time: How To Work with Your MSP to Avoid a CMMC Assessment Disaster
Ryan Bonner - Managed IT service providers are great at supporting technical requirements. However, most MSPs don't adequately support governance, system baselining, or threat intelligence. How do we decide who does what in a CMMC compliance program? This session explains how managing your MSP like a traditional supplier accelerates CMMC compliance.
07:30 - Breakfast
Breakfast, Coffee, Tea, Custom Beverages
08:00 - Make NIST SP 800-171 A Framework Again
Jacob Horne - As CMMC assessments draw closer, many defense contractors are treading water while they wait for DoD to provide clear and specific guidance about how to meet cybersecurity requirements. The truth is, most people struggle to understand the requirements in NIST SP 800-171 and CMMC because they were purposely designed to be non-specific and open-ended. By examining the evolution of NIST controls over time, this talk will show how we can not only better understand, navigate, and comply with current requirements, but reasonably anticipate upcoming requirements as well - even before the government might know what they are.
10:00 - Lessons Learned: Recommendations from a Successful DIBCAC Audit
Matt Carson - Although tens of thousands of DoD contractors will need to undergo CMMC assessments, very few companies have experienced a DIBCAC cybersecurity audit. As a result, most companies are unsure of how to prepare for assessment and typically underestimate the level of effort required to be successful. This talk will provide tips, tricks, and lessons learned by a DoD contractor who successfully passed a DIBCAC audit in Q1 2022.
11:00 - The C3PAO Perspective: Timelines For Assessments
Stuart Itkin - CMMC’s realization has been a longer journey than most realize. This session will explain the remaining path for CMMC 2.0 to be enacted and certifications to begin. The session will provide an overview of the certification assessment process and provide guidance for preparing for a successful assessment.
#CS2TPA will be held in the Renaissance Tampa International Hotel. Breakfast and lunch (Day One only) are included with in-person registration.
For the safety of event attendees and staff, capacity will be limited to allow for distancing throughout the event. Masks will also be optional as is recommended by the venue.