Sessions

February 19-20, 2025

Registration closes February 5.

Day 1: February 19, 2025

Keynote: CMMC Requirements, Assessments, and Rollout in 2025

Matt Travis, Cyber AB

For 5 years we planned and organized. In December, 2024 we poured the cement. The CMMC regulation is on the books. The CAP (the documented assessment process) is published. Catch up on all the changes and requirements from the source, Matt Travis, CEO, CyberAB. 

12 Steps to Compliance

Nancy Laney, RPO

Nancy Laney, and experienced RP and advisor to companies on their CMMC journey will provide a companion talk to the 12 Steps to Compliance that are documented in FutureFeed's Everything You Need to Get Started with CMMC book that will be provided to all attendees. Technology can often be the easy part when compared to the culture change of living in an organization to follows documented procedures and can prove it. Learn tips and get advice from the best. 

A Brand New DFARS Clause and CUI

Rachel Leidy, FutureFeed

Why are we here? The DFARS clause in our contracts demands that we properly handle CUI. And a new DFARS clause for DoD contracts was just introduced. So, there is much to dissect.

In general, CMMC is all about CUI. A common misunderstanding is that CMMC is the government's way to evaluate the overall cybersecurity stature of the organization. It is not. It is about the government gaining assurance that your organization can be trusted with the People's information - CUI. Learn the government's expectations about the nature of CUI, why it matters, and how to mark and handle it.

 

Day 2: February 20, 2025

Keynote: Protecting CUI, Federal Contractors and the Future of CMMC

Katie Arrington

Katie Arrington's magnetic personality moved the Pentagon into action. Her inability to stay silent while our nation loses $180 million per day to our adversaries ruffles feathers, for good. Listen as she demonstrates how we cannot afford individually, and as a nation, to ignore the threat.

Her session will cover:

  • Our current risk to CUI across the federal supply chain
  • The need to standardize the protection of CUI across all Federal contracts and subcontracts
  • The need to reduce the regulatory burden by streamlining cybersecurity and data protection standards for federal suppliers and tier suppliers under a single certification
     

Power Session

Regan Edens, DTC Global

This special 90-minute session will dive deep into the process, the technicalities, and tools used to evidence 3 controls. Regan's expertise was vital as a founding member of the CyberAB board. It continues today as his depth and breadth of knowledge on the latest rulemaking will provide practical insights as to how to get the work done.

The session will cover Critical Controls, Documentation, Evidence, and AI.

Plus, deep dive on three controls that drive scoping your environment:

  • Understanding scoping and understand the controls.
  • Understand the key impact of the three controls on scoping.
  • How to document & develop evidence for each control.
  • Are AI tools ready to help?

We Did It. So Can You.

The rubber meets the road at the assessment. Meet and hear from people who started and completed the same journey on which you are now embarking. Learn from their mistakes and successes. Even more, learn how delivering compliance has affected the organization, from sales to quality delivery. 

Keynote: Why Compliance is So Important

Mitch Thornton, Darwin Deason Institute for Cybersecurity, 天美传媒

As artificial intelligence and machine learning (AI/ML) continue to mature and become key components of systems and products, this talk explores how AI/ML can affect cybersecurity. Examples of new forms of attacks based upon data rather than malware will be included.

The Prime Panel

Panel: Representatives from Safran and GE

Facilitated by Jerry LeishmanFor most of us we are beholden to our primes which "pay the bills." The government expectations are important, but the prime's requirements put the bread on the table daily. Learn where the primes are in terms of managing their supply chains and directly responding to the government's new CMMC regulation. How fast will they implement? How will they do so? What is the penalty if you are not responsive in a timely manner? What help can the prime offer its subs? 

Documentation - Too Much, Too Little and Just Right

Mark Berman, FutureFeed and Robert Hill

The big question you will ask yourself, as so many before you have as well, is "how much is enough?" We could document everything and anything that is even tangentially related to the CMMC controls and cybersecurity. Hear from the CEOs of two of the leading Cyber-GRC tools for organizing and storing your documentation. 

Choosing a Service Provider

Stuart Itkin & Leia Shilobod

Your current MSP or MSSP may not be qualified, or be investing in the right resources, to be qualified to be your future ESP (External Service Provider). The service provider may have some compliance requirements of their own. In addition, if you outsource work to them, they become responsible for providing the evidence and artifacts that your auditor will need to evaluate your organization. Are they ready? How to find someone who is? 

Mock Assessment Walk-through Panel

Panelists: Rob Teague, David Bedard

Facilitated by Jerry Leishman

Formal CMMC assessments from a C3PAO will be expensive, especially as the broad availability of providers has not as yet happened. So, how do you pick from the choices available? The pitfalls of price as a driving factor. What is the difference anyway? And how might those differences matter depending on what your organization does?

Once selected, what is the actual assessment process like? The CAP was published to create a "standard" process. What secrets does it hold? 

 

Speakers and agenda subject to change.