Join the North Carolina Military Business Center and North Carolina State University for a “CMMC Implementation Workshop: Your Path to Cybersecurity Compliance” on December 3 in Raleigh, North Carolina.
CMMC Day is designed to prepare NC defense contractors for their Cybersecurity Maturity Model Certification assessments by providing them with the latest information about CMMC 2.0 and the associated DFARS clauses, and how to implement them. The goal of the event is for defense contractors and their IT/cyber staff and/or IT managed service providers to gain a thorough understanding of the requirements in CMMC and have a plan to get started or continue with their cybersecurity program. By the end of the day, attendees should know what the next steps are and what resources are available to help them develop their cybersecurity programs.
December 3, 2024
North Carolina State University – McKimmon Conference Center
1101 Gorman Street
Raleigh, North Carolina 27606
Parking is available in lot D. Campus Map.
Agenda
8:30 – 9:00: Check-in
9:00 – 9:10: Welcome Remarks
9:10 – 9:50: Overview of CMMC Model, DFARS Clauses, NIST SP 800-171 r2, Controlled Unclassified Information, Civil Cyber Fraud Initiative, etc.
9:50 – 10:00: Break
10:00– 12:00: Break-out sessions: Leadership Track and Technical Track
12:00 – 12:30: Lunch
12:30 – 1:00: “Ask Us Anything” Panel
1:00 – 1:15: Break
1:15 – 3:30: Break-out sessions: Leadership Track and Technical Track
3:30 – 3:45: Break
3:45 – 4:00: Tie It All Together
4:15 – 4:45: “Ask Us Anything Panel”
Leadership Track. Will include a high-level overview of what is being discussed in the technical track, with the goal being to reduce the friction between leadership and technical professionals. We will also discuss the topics below.
- Cybersecurity Overview
- How to build a culture of cybersecurity/tone at the top
- Things to do now: DoD CUI training, Medium Assurance Certificate, awareness training
- Cyber risks
- CMMC Scope
- Compliance documentation
- Questions to ask your MSP/MSSP/Consultant
- Share responsibility matrices for “inherited” cybersecurity controls
- What cybersecurity information to include in service level agreements
- Supply chain risk management
- CMMC implementation strategies
- Cost of implementation
Technical Track
- Asset and data inventories
- Network diagrams
- Data flow diagrams
- Physical security
- CMMC Scope
- System Security Plan
- How to perform a gap assessment
- How to put a score in the Supplier Performance Risk System
- NIST controls – where to start
Who Should Attend: Defense contractors- Leadership and those responsible for implementing CMMC AND their Managed Service/Security Providers (MSP/MSSP) or consultants. The new CMMC rule requires MSP/MSSPs to be CMMC Level 2 certified if they store, process, or transmit controlled unclassified information (CUI) on behalf of their defense contractor clients. MSP/MSSPs that provide security protection for their clients will be considered in-scope to their client’s CMMC assessment. The content of the workshop will be geared toward preparing attendees for a CMMC Level 2 assessment, however contractors preparing for CMMC Level 1 will benefit from attending.
Why attend: The CMMC Program rule is final and was published in the Federal Register on October 15th, with an effective date of Dec. 14th. CMMC third party assessments can begin, but the DoD will not put CMMC in contracts until the Defense Federal Acquisition Regulation Supplement (DFARS) has been changed to include a CMMC clause. We expect the DFARS clause rule to be final by the end of the second quarter in 2025 with an effective date in the late summer or early fall of 2025. If you wait until the new DFARS rule is final, you will be behind. It takes most contractors 18 – 24 months to develop a secure, compliant cybersecurity program.
Registration. Registration is open!
Early Bird Registration (prior to November 10, 2024): $115/person
Registration (on or after November 10, 2024): $130/person
Registration includes access to the full program, materials and catering throughout the day.
ONLINE REGISTRATION IS CLOSED.
WALK-IN REGISTRATION IS WELCOME.
Speakers:
- Laura Rodgers: Laura is the Director of Cybersecurity Practice in the Secure Computing Institute at NC State University and the Director of the North Carolina Partnership for Cybersecurity Excellence (NC-PaCE). Laura has been working with defense contractors in North Carolina for several years and teachers a DoD Cybersecurity Compliance course. She was a defense contractor for over 20 years with Lockheed Martin and General Dynamics IT, and held positions in business operations, business development, governance, risk, compliance, and policy.
- Lori Jackson: Lori is the founder and President of White Raven Security, a certified WOSB cybersecurity consulting company in Charlotte, NC. She has over 20 years of technical and management experience in cybersecurity compliance, cyber engineering, and corporate governance, and she is committed to supporting defense contractors with CMMC compliance and security. Lori is a Certified Information Systems Security Professional (CISSP). She holds the Certified CMMC Professional (CCP) and Certified CMMC Assessor (CCA) certifications and is a Registered Practitioner (RP) in the CMMC ecosystem.
- Myriam Batista: Myriam is the Chief Information and Compliance officer at Reef Systems, which is headquartered in Cary, North Carolina. She works with companies to understand their security posture and help them comply with Federal Government requirements and commercial frameworks such as NIST SP 800-171, NIST SP 800-53, ISO 27001, and CMMC. Myriam has over 20 years of experience leading the implementation of cybersecurity and technology solutions in support of commercial customers, educational institutions, and government agencies, as well as expertise in conducting independent assessments and audits. Myriam’s credentials include Project Management Professional (PMP), Certified CMMC Assessor, CMMC Provisional Instructor, ISO Lead Auditor and Cloud Security Alliance CCSK Authorized Instructor.
- Lawrence Cruciana, founder and president of Corporate Information Technologies (CorpInfoTech), brings over 20 years of expertise in IT and cybersecurity, with a focus on risk management for regulated businesses and supply chains. A recognized leader in implementing cybersecurity frameworks like NIST CSF and CIS Controls, he specializes in risk mitigation for mid-sized and governmental organizations, especially through MSPs and third-party vendors. Lawrence is an active speaker and commentator, addressing key cybersecurity topics, including supply chain vulnerabilities, the impacts of U.S. cybersecurity policies, and the need for accessible risk management for small and medium businesses.
- Jon Sternstein: Jon is the founder and CEO of Stern Security, a cyber security company headquartered in Raleigh, NC. He is a co-author of the Cisco Press course titled “Security Penetration Testing (The Art of Hacking) LiveLessons”. Jon holds many security certifications including GIAC Penetration Tester and Certified Information Systems Security Professional (CISSP). Jon has been a featured cybersecurity expert on ABC News, WRAL News, ISSA Journal, PenTest Magazine, North Carolina Dental Gazette, and Business North Carolina Magazine.
- Rad Rouzky: Rad is the founder and President of Reef Systems, providing solutions to customers nationwide in cybersecurity, information technology, healthcare and administration/program management. He provides security architecture and implementation guidance to customers needing to enhance their cyber posture and comply with government and commercial security standards such as NIST SP 800-171, ISO 27001 and Cybersecurity Maturity Model Certification (CMMC). Rad holds CISSP and HCISPP certifications from (ISC)², is a CMMC Registered Practitioner (RP), and earned Bachelor’s and Master’s degrees in Electrical Engineering.
- Craig Williams: Craig is the President of the Cyber Synergy Consulting Group and is a seasoned Cybersecurity consultant, drawing on his over 20 years of Network Engineer and Application Architect Information Technology experience, combined with two decades of teaching basic and advanced IT courses. He was employed by Cisco for 19 years as a technical and Java developer for Advanced Services IT. Craig holds a Bachelor’s degree in Computer Engineering from NC State University as well as numerous industry-led certification courses, including Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), and CompTIA Security+.