Skip to content
CS2 Full Logo White-1

CMMC Industry Days and Modern Information Security Topics

March 22-23 2022

Tampa, FL


About CS2 Tampa

The Cloud Security and Compliance Series (CS2) is strictly for government contractors and those in higher education research institutions looking to meet cybersecurity regulations, address security threats, and glean best practices for their cloud investments.
Areas of focus for CS2 events include, but are not limited to
  • CMMC 2.0
  • NIST 800-171
  • The DFARS 70 Series (7012, 7019, 7020)
  • ITAR regulations
  • Handling CUI and FCI
  • And much more

These events are specifically curated towards aerospace and defense contractors and those in higher education institutions looking for practical approaches to address security threats, invest in the culture of cybersecurity for their organization, and glean best practices for their cloud investments.


(In-Person and Virtual Attendance)

CS2TPA Speakers


Director DIBCAC (Acting), Director of Software DCMA, US Department of Defense


Senior Director, Aerospace & Defense MS Azure Global, Microsoft


Chief Cybersecurity Evangelist, Summit 7


President, Win-Tech, Inc.


VP CMMC and FedRAMP Assurance, Coalfire Federal


Founder and CEO, DEFCERT


Information Systems Supervisor, Charles River Analytics


IT and Cybersecurity Advisory Service Lead, Chess Consulting


Manager - IT Risk Assurance and Advisory, DGC


President and CEO, Summit 7


Day One

07:00 - Registration & Check-In [Breakfast Offered at 07:30]

Breakfast, Coffee, Tea, Custom Beverages

08:00 - An Update on CMMC 2.0, DFARS, & NIST 800-171 Assessment Requirements

John Ellis, DIBCAC / DCMA - The Department of Defense has been working on timelines and rulemaking for 2022, as well as what these regulations require from defense contractors. In this talk, John Ellis will cover timelines for assessments and what contractors must be doing to prepare for CMMC 2.0 and existing DFARS, NIST 800-171 requirements.

09:00 - The Price of Security: Cost Accounting Considerations for CMMC

Mike Tomaselli - As DOD contractors enhance their security capabilities in response to CMMC, they are experiencing a subsequent increase in their costs. There is much confusion and anxiety regarding the ability of contractors to recover these costs under DOD contracts. Join Mike for a discussion on government contract cost accounting standards and principles, including allowability and allocability, that we can apply to CMMC costs with an aim towards compliance and competitiveness.

10:00 - CMMC Is About Cybersecurity, Remember? Perspectives from a Penetration Tester

Scott Goodwin - When most people hear "DFARS" or "CMMC" they hear "compliance". As a result, many organizations implement security controls to check the box rather than provide real security benefits. This talk will outline how a security-first CMMC implementation allows companies to maximize the security return on their compliance investment by helping to eliminate the top five attack vectors used to compromise networks across the defense industrial base.

11:00 - Microsoft's CMMC Acceleration Program Update

Richard Wakeman - In this session, Mr. Wakeman will discuss the Microsoft Product Placemat for CMMC 2.0 and the Technical Reference Guide for CMMC 2.0, along with a deeper dive into the Microsoft Sentinel CMMC 2.0 Solution. He will also cover Microsoft 365 Cross-Cloud Collaboration Scenarios such as Cross-Tenant Access Settings in Microsoft 365 US Government (GCC High).

12:00 Lunch Break

Lunch provided by CS2

13:00 - Finding Signal in the Noise: Understanding Common CMMC Vendor Tactics

Allison Giddens - Small and medium-sized DoD suppliers are flooded by offers and emails from consultants and service providers to help with CMMC requirements. Unfortunately, many sales claims aren't accurate, honest, or helpful. This talk will step through the key questions that businesses should ask to properly evaluate potential partners.

14:00 - Living on Borrowed Time: How To Work with Your MSP to Avoid a CMMC Assessment Disaster

Ryan Bonner - Managed IT service providers are great at supporting technical requirements. However, most MSPs don't adequately support governance, system baselining, or threat intelligence. How do we decide who does what in a CMMC compliance program? This session explains how managing your MSP like a traditional supplier accelerates CMMC compliance.

Day Two

07:30 - Breakfast

Breakfast, Coffee, Tea, Custom Beverages

08:00 - Make NIST SP 800-171 A Framework Again

Jacob Horne - As CMMC assessments draw closer, many defense contractors are treading water while they wait for DoD to provide clear and specific guidance about how to meet cybersecurity requirements. The truth is, most people struggle to understand the requirements in NIST SP 800-171 and CMMC because they were purposely designed to be non-specific and open-ended. By examining the evolution of NIST controls over time, this talk will show how we can not only better understand, navigate, and comply with current requirements, but reasonably anticipate upcoming requirements as well - even before the government might know what they are.

10:00 - Lessons Learned: Recommendations from a Successful DIBCAC Audit

Matt Carson - Although tens of thousands of DoD contractors will need to undergo CMMC assessments, very few companies have experienced a DIBCAC cybersecurity audit. As a result, most companies are unsure of how to prepare for assessment and typically underestimate the level of effort required to be successful. This talk will provide tips, tricks, and lessons learned by a DoD contractor who successfully passed a DIBCAC audit in Q1 2022.

11:00 - The C3PAO Perspective: Timelines For Assessments

Stuart Itkin - CMMC’s realization has been a longer journey than most realize. This session will explain the remaining path for CMMC 2.0 to be enacted and certifications to begin. The session will provide an overview of the certification assessment process and provide guidance for preparing for a successful assessment.

The Venue

#CS2TPA will be held in the Renaissance Tampa International Hotel. Breakfast and lunch (Day One only) are included with in-person registration.

Virtual Ticket Pricing

Livestream Access:
Vendor Ticket Pricing
Vendor Access:
IMPORTANT: Vendors are limited to Virtual seats only.
In-Person Ticket Pricing  Closed 

For the safety of event attendees and staff, capacity will be limited to allow for distancing throughout the event. Masks will also be optional as is recommended by the venue.



In-Person Ticket
[Closes March 16th]

Virtual Ticket / Livestream Access

What to Expect



Event Sponsors