CMMC and the Federal Civilian Government

What’s Next for CMMC

1 Hour

In this session of the Ankura CMMC series a group of commercial and government experts will focus on how CMMC fits into the overall government cybersecurity taxonomy, how the regulation might be adopted across the civilian federal acquisition landscape, and how it might align/conflict with or replace other frameworks as a standard broader than for just defense procurements. Our speakers will discuss where they foresee CMMC going and how they predict it will affect domestic and multinational organizations that sell to the government outside the DIB.

If your organization supplies or works with the Federal Civilian Government, or your firm is a supply chain partner with an organization that does, this webinar will help you consider your likely coming cybersecurity obligations. If CMMC becomes required in non-defense federal acquisitions, what will your organization have to do to be ready? If you don’t know what CMMC is, attend and find out if it could be in your future.

What makes this course unique?

A really well positioned and experienced group of speakers that participate at the highest levels of the federal conversation about cybersecurity will offer compelling insight.

An attendee will learn:

View the potential future of CMMC thorough multiple views.

Why CMMC may be important to non-defense government contractors.

Why you should embrace CMMC, even if you have nothing to do with Defense today.

That good cyber hygiene matters, regardless of what compliance obligations you are obligated to.

CSF / ISO 27001 / CIS / CMMC / FedRAMP – what framework(s) will matter.

How to interpret the hints coming out of Washington about potentially wider adoption of CMMC, and why this isn’t idle speculation.

What happens if CMMC is required for non-defense businesses that sell to the federal government?

Who these changes would affect.

Why a governing body like Congress, State Governments, or others would benefit from a uniform approach to cybersecurity.

Why you should start now.

Industry Focus

Anyone who isn’t in the defense sector today.

Audience

Chief Risk Officers

Data Protection Officers

Chief Executive Officers

Chief Information Officers

Data Privacy Officers

Product Development Manager

Chief Compliance Officers

Chief Legal Officers

Chief Information Security Officer

Procurement

Program Managers

Sales and Business Development leaders

Presenters

Stephen Gilmer

Senior Director at Ankura

Stephen P. Gilmer is a Senior Director at Ankura based out of Washington, DC. Stephen is a Certified Chief Information Security Officer (CISO) with more than 25 years of experience as a technical expert and executive leader focused on securing technology companies’ most sensitive and valuable data and systems. Stephen previously was in-house CISO at both a biotechnology startup and at two Fortune 10 aerospace, defense, and technology companies. In these roles, Stephen designed and implemented sensitive data and IP security control programs; shaped policy at the national level and security framework formation; and proactively resolved complex investigation, audit, and regulatory oversight issues. Stephen is a Six Sigma Black Belt who led the transition of the IT infrastructure of a private start-up to address the regulator and operational requirements of becoming a publicly traded company. As a CISO executive in an aerospace defense company subject to a consent agreement with the United States Government, Stephen also led global cyber investigations, risk analysis, engagement, and mitigation controls necessary for the organization to successfully navigate oversight requirements and re-establish credibility with government customers. Concurrently, Stephen built an led the cybersecurity components required to support winning and executing multi-billion-dollar government contracts. Stephen frequently speaks at global cybersecurity conferences, publishes articles on the business necessity of proactive cyber risk management, and advises on and conducts cybersecurity education/training for corporate leadership including the board of directors, the C-suite and compliance officers.

Daniel V. Medina

CIO, Native American Industrial Solutions LLC (NAIS)

Dan has over 20 years of experience as an information security principal in the United States government and in the private sector. He is a proven national security, cybersecurity, strategic risk planner, and operations leader who has managed various security engagements, including security architecture reviews, security baseline standards development, enhancing the protection of controlled unclassified information, and incident response cases around the world and in austere environments.

Dan specializes in designing pragmatic standards-based solutions to complex information security problems in order to meet business needs and ensure success. Previously, Dan worked as a Senior Director for National Security, Trade, and Technology enabling technology firms companies, investors, and their counsel navigate the rapidly changing business and compliance environment in areas such as: CMMC, DFARS, CFIUS, C-SCRM. Dan also worked at an international private sector software company where he was responsible for developing and leading strategic engagement, thought leadership, and business development. Before moving to the private sector Dan was the Chief of Staff of the Office of Cybersecurity and Communications, for the Department of Homeland Security which includes the management of a workforce of more than 1044 federal employees and a budget of over $1 billion. In this position Dan was as a key advisor on statue, strategy, and performance to the Assistant Secretary of Cybersecurity and Communications in planning the overall management policies, programs, and short and or long-range initiatives to lead the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure. Dan is a Harvard Kennedy School Senior Executive Fellow, a graduate of the Carnegie Mellon Executive Chief Information Security Officer (CISO) Program, has a Master’s Degree in Business Administration and a Bachelor’s Degree in Information Technology.

Cory Simpson

Managing Director, Ankura

Cory Simpson is a Managing Director at Ankura with more than 15 years of experience as a U.S. Army officer, federal prosecutor, national security law practitioner, in-house senior leader and counsel, and strategist. He is based out of Washington D.C. and Philadelphia and specializes in working the intersection of strategy, law, policy, and perception. Providing decision-makers with forward-looking 360° insights, he enables them to artfully navigate the most difficult terrain. Cory has an extensive background advising on cybersecurity policy development, federal legislation and its implications, complex investigations, and risk management strategies. He brings knowledge and experience to the broad spectrum of challenges and opportunities presented by emerging technologies empowered by stronger and more capable digital networks to government and private organizations.

Daniel Sutherland

Chief Counsel for CISA

Daniel Sutherland is the Chief Counsel for CISA, the Cybersecurity and Infrastructure Security Agency. CISA is the nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.

Sutherland’s office negotiates complex technology agreements, provides daily operational support to the largest cyber operations center in the civilian government, advocates the agency’s positions in litigation, drafts and negotiates legislation, and responds to audits and investigations. He has been engaged in many major cyber incidents of the past several years, including the OPM data breach, threats to the nation’s election infrastructure, and risks posed by the Kaspersky Lab and the resulting litigation (909 F.3d 463 (2018)). His office was integrally involved in the drafting and negotiation of the Cybersecurity Information Sharing Act of 2015, the Federal Acquisition Supply Chain Security Act of 2018, the National Cybersecurity Protection Act of 2014, and the Cybersecurity and Infrastructure Security Agency Act of 2018. In 2018, Sutherland stood up the Department’s Countering Foreign Interference Task Force, seeking to respond to nation-states that use social and traditional media to sow discord among the American public. He is active in bar association activities focused on building the legal profession’s proficiency in cybersecurity, such as with the American Bar Association, the Association of Corporate Counsels, and the Sedona Conference. He holds certifications in information privacy (CIPP-G) and incident response management.

Sutherland started his federal career as an attorney with the U.S. Department of Justice, where for 14 years, he litigated cases in courts across the country. He is a graduate of the University of Louisville and University of Virginia School of Law.

1 Hour