THE OFFICIAL CONFERENCE OF THE CYBER AB

CMMC Ecosystem Summit + CMMC Implementation Conference

CMMC Ecosystem Summit +
CMMC Implementation Conference

Presented by CIC in Partnership with The Cyber AB
NOVEMBER 21-22, 2024
Gaylord National Resort & Convention Center, md
BECOME A SPONSOR

Explore the Progress and Challenges of CMMC

That’s why we created the CEIC conference.  We have carefully designed CEIC so it has something for everyone in the broader CMMC ecosystem!  Whether you are a CMMC novice looking for help getting started, a seasoned pro looking for advanced training and continuing education units ("CEUs")*, or a service provider who wants a sneak peek into next-generation solutions to help you more efficiently maintain CMMC-compliant environments at scale, CEIC East has something for everyone.  Join us November 21-22 to learn the latest updates on the CMMC program and much more!

The Venue

Gaylord National Resort & Convention Center
National Harbor, MD
LEARN MORE
Standing on the shores of the Potomac River, Gaylord National Resort & Convention Center offers convenient access to many of Maryland’s most beloved attractions, some of which are right under this hotel’s roof. From the 19-story glass atrium overlooking the river to fountain shows, distinct restaurants and signature seasonal attractions, you’ll experience it all. 

OUR SPONSORS

Title Sponsor
Title Sponsor
Gold Sponsor 
TRACK SPONSOR
TRACK SPONSOR
TRACK SPONSOR
TRACK SPONSOR
LANYARD SPONSOR
BAG SPONSOR
PROMOTION SPONSOR

Now Accepting Sponsors

Limited quantities available. First come, first served basis.
SPONSOR NOW

CMMC Speed-Dating for 2024. Bringing Expertise to Those in Need.

Efficiently matching DIB participants with the knowledge, expertise and C3PAOs they need to achieve CMMC certification.
LEARN MORE

EXPRESS CONNECT HOSTS

CEIC East 2024 EXHIBITORS

SPEAKERS

Amira Armond

 Kieri Solutions LLC

READ BIO

READ BIO

Beth Ball

Cyturus Technologies

READ BIO

READ BIO

David Bedard

KTL Solutions
READ BIO

Joy Beland

Summit7
READ BIO

Mark Berman

FutureFeed.co
READ BIO

Eric Crusius

Holland & Knight
READ BIO

READ BIO

Shawn Duffy

Duffy Compliance 

READ BIO

READ BIO

Regan Edens

DTC Global
READ BIO

READ BIO

Adam Evans

 Axiom

READ BIO

READ BIO

READ BIO

Ken Fanger

OnTechnologies Partners

READ BIO

READ BIO

James Goepel

FutureFeed.co
READ BIO

Thomas Graham

Redspin
READ BIO

Michael Gruden

Crowell & Moring LLP
READ BIO

Justin Hensley

CloudFit Software

READ BIO

READ BIO

READ BIO

READ BIO

Alex Imani

Forvis Mazars
READ BIO

READ BIO

Stuart Itkin

NeoSystems
READ BIO

Rachel Leidy

Cybersage Solutions

READ BIO

READ BIO

Tara Lemieux

Redspin
READ BIO

Jerry Leishman

NeoSystems
READ BIO

Carly Logan

Summit7
READ BIO

Fernando Machado

CyberSec Investments
READ BIO

Dr. Jyoti K. Malhotra

National Institute of Standards and Technology (NIST)
READ BIO

Robert Metzger

Rogers Joseph O’Donnell
READ BIO

Jacob Nix

RISC Point

READ BIO

READ BIO

John Nolan

IsI Enterprises
READ BIO

George Perezdiaz

Certified CMMC Assessor
READ BIO

Carley Salmon

Microsoft
READ BIO

Matt Titcombe

Peak InfoSec
READ BIO

Matt Travis

The Cyber AB
READ BIO

Thad Wellin

TRW Security Solutions

READ BIO

READ BIO

Koren Wise

Wise Technical Solutions

READ BIO

READ BIO

Amy Williams

Coalfire Federal
READ BIO

Bill Wootton

C3 Integrated Solutions

READ BIO

READ BIO

READ BIO

AGENDA

Agenda is subject to change.
*Continuing Education Units
are available and awarded based on individual attendance records for both in-person and virtual attendees. In-person attendees will be responsible for checking in to each session to ensure accurate records are made. While we make great efforts to ensure our conference sessions are informative, we cannot guarantee that all certificate-issuing organizations will accept credit for all sessions.

Please consult with your certificate-issuing organization for more details about their certification requirements.

Full Agenda
Day 1
Day 2
Day 1

8:00 AM EST

Registration and Breakfast
Day 1

9:00 AM EST

OPENING KEYNOTE
Annual Report on the CMMC Ecosystem

READ MORE

- State of the Industry
- What is new?
- What is coming?
Matthew Travis, CEO, The Cyber AB
Day 1

9:50 AM EST

GENERAL SESSION
Contracting Officer & General Counsel Perspectives on CMMC Supply Chain Security

READ MORE

-CMMC Supply Chain Common Pitfalls
-Prime Contractor Flowdown Risks
-Subcontractor Representation & Certification Challenges
-Critical Supplier Risk Management
-Prime-Sub Dispute Best Practices
Eric Crusius, Partner, Holland & Knight
Michael Gruden, Counsel, Crowell & Moring LLP
Christopher Page, Assistant General Counsel, Huntington Ingalls Industries
Day 1

10:40 AM EST

GENERAL SESSION
The NOW and the FUTURE of CMMC

READ MORE

- Escalating Threats
- Beyond Compliance
- Futureproofing
- Insurability
Robert S. Metzger, Shareholder, Rogers Joseph O'Donnell, PC
Mark Berman, CEO, FutureFeed.co
Day 1

11:30 AM EST

GENERAL SESSION
Competitive Advantage Through Cybersecurity

READ MORE

TBD
Dr. Jyoti Malhotra, Division Chief for National Programs with the 
Hollings Manufacturing Extension Partnership (MEP) at the National Institute of Standards and Technology (NIST)

Day 1

12:30 PM EST

Patriot's Lunch
Exhibit Hall
Day 1

2:00 PM EST

BREAKOUT SESSIONS
OSC Breakout 1
12 Steps to Compliance

READ MORE

  • Walk-through of what needs to happen before scheduling an official assessment
  • List of milestones

Koren Wise, Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Wise Technical Innovations
Thomas Graham, Registered Practitioner (RP), Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Redspin

Service Provider Breakout 1
Deep Dive on Two Controls – Start to Prepped

READ MORE

  • Assess, Document, Evidence -> Repeat 
  • Initial assessment of the control 
  • Document how the control is to be met 
  • Proving it with evidence 

Amira Armond, Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Certified CMMC Instructor (CCI), Kieri Solutions LLC
John Nolan, Registered Practitioner (RP), ISI Enterprises

Innovation Breakout 1
Practice Management that Works

READ MORE

  • Advertise, Engage, Qualify, Execute and Deliver – Best Practices
  • Protecting your Brand - Standardization Strategies
  • Building Quality Relationships with other Service Providers and CCAs

Shawn Duffy, CISSP & C3PAO Candidate, Duffy Compliance Services
Bill Wootton, Chief Revenue Officer, C3

Day 1

3:30 PM EST

BREAKOUT SESSIONS
OSC Breakout 2
Documentation – Too Much, Too Little and Just Right

READ MORE

  • Examine: Evidence and Artifacts needed to validate a control
  • Interview: How to direct the assessor to the right interviewees and tips for the interviewee
  • Control Summaries
  • Objective Statements
  • Best Practices for keeping policies and procedures up-to-date
  • Reference Documents – what is needed and how frequently to refresh their content

Alex Imani, Certified CMMC Assessor (CCA), Forvis Mazars
George Perezdiaz, Registered Practitioner (Rp), Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), CISA, CRISC, CCSK, SP6

 

Service Provider Breakout 2
Communicating with your Client

READ MORE

  • Kickoff – Setting Expectations 
  • RACI – Who Owns What? 
  • Project Updates 
  • Bad Guy or Good Guy?  Leading or Nagging to Ensure Evidence Creation Follow-Through 

David Bedard, Certified CMMC Professional (CCP), Security+, A+, KTL Solutions
Jerry Leishman, Vice-Chair of CMMC Industry Standards Council (CISC), Certified CMMC Assessor, Certified CMMC Professional, (CCA), Certified CMMC Professional (CCP), Professional CMMC Assessor

Innovation Breakout 2
The Real Threats in 2024

READ MORE

  • Social Engineering War Stories 
  • The Tricks of the Adversary 
  • The Evolution of our Defense 

Tara Lemieux, Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Certified CMMC Instructor (CCI), Lead Auditor ISO 9001, ISO/IEC 20000-1, 27001; Author, Redspin
Beth Ball, CISSP, GICSP and others, Cyturus Technologies, Inc

Day 1

4:30 PM EST

Happy Hour
Day 2

8:00 AM EST

Registration and Breakfast
Day 2

9:00 AM EST

BREAKOUT SESSIONS
OSC Provider Breakout 3
Outsourcing CMMC Responsibilities - The Value and Challenge of Leveraging ESPs

READ MORE

  • Training for MSPs, MSSPs, and Consultants
  • Templating Your Practice – SOPs that Produce Artifacts and Evidence
  • Building Partnerships Between Service Providers – the rules and the benefits

Stuart Itkin, Certified CMMC Instructor (CCI), and Exec responsible for MSP, RPO, and C3PAO, NeoSystems
Joy Beland, CISM, QTE, SSAP, CMMC CCA & PI, Summit7

Service Provider Breakout 3
ESP Participation by Control

READ MORE

  • Training for MSPs, MSSPs, and Consultants
  • Templating Your Practice – SOPs that Produce Artifacts and Evidence
  • Building Partnerships Between Service Providers – the rules and the benefits

Adam Evans, CISSP, Axiom
Justin Hensley, Certified CMMC Professional (CCP), CloudfitSoftware

Innovation Breakout 3
AI – The Scary, The Useful, and The Wrong

READ MORE

  • The Scary – Unchecked convenience creates false confidence 
  • The Useful – How to use AI to get a start, or inspire improvement 
  • The Wrong – Findings, Reputation Risk and Breach 

Regan Edens, Certified CMMC Professional (CCP), Certified CMMC Instructor (CCI), DTC Global 
Ken Fanger, Registered Practitioner (RP), OnTechnologies Partners

Day 2

10:45 AM EST

BREAKOUT SESSIONS
OSC Breakout 4
Building a Culture of Evidence

READ MORE

  • The challenge of creating evidence regularly 
  • CMMC Benefits of SOPs to management and quality product delivery  

Amy Williams, Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Certified CMMC Instructor (CCI), Coalfire Federal 
Thad Wellin, Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), TRW Security Solutions

Service Provider Breakout 4
CUI – Comply or Die

READ MORE

  • Identifying 
  • Marking (And dealing with unmarked CUI) 
  • Tracking 
  • CUI Footprint and the Impact on Scope (And Assessment Cost) 

James Goepel, Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Certified CMMC Instructor (CCI), Future Feed
Jacob Nix, Registered Practitioner (RP), RISC Point 

Innovation Breakout 4
Inheritance and SRMs

READ MORE

  • What inheritance is, and when you can (and can't) use it
  • How to document inheritance using a Service Responsibility Matrix ("SRM")
  • Who should create the SRM
  • Other ways to document responsibility (e.g., RACI) when a service provider is involved

Carley Salmon, Senior Security Technical Specialist, Microsoft
Carly Logan, Certified CMMC Assessor (CCA), Summit7
Rachel Leidy, Certified CMMC Professional (CCP) and Certified CMMC Assessor (CCA), PA/PI, CISSP, Network+, Security+, Linux+, CyberSage Solutions

Day 2

12:30 PM EST

Defender's Lunch
Exhibit Hall
Day 2

1:45 PM EST

Mock Assessment

READ MORE

  • Finding a C3PAO 
  • The kickoff 
  • Qualifying document review 
  • Interviews 
  • Tests 
  • Findings 

Matt Titcombe, Founder of Peak InfoSec
Fernando Machado, Managing Principal & Chief Information Security Officer, Cybersec Investments

Day 2

2:30 PM EST

End of Conference
Day 1

8:00 AM EST

Registration and Breakfast
Day 1

9:00 AM EST

OPENING KEYNOTE
Annual Report on the CMMC Ecosystem

READ MORE

- State of the Industry
- What is new?
- What is coming?
Matthew Travis
Chief Executive Officer
Cyber Accreditation Body
Day 1

10:45 AM EST

GENERAL SESSION
The Importance of a Secure Supply Chain

READ MORE

Insert info here
DoD CIO or other High-Profile Speaker
Potentially Joined by Members of the Military with Actual Stories
Day 1

12:30 PM EST

Patriot's Lunch
Exhibit Hall
Day 1

2:00 PM EST

BREAKOUT SESSIONS
OSC Breakout 1
12 Steps to Compliance

READ MORE

  • Walk-through of what needs to happen before scheduling an official assessment
  • List of milestones
RPO Speaker TBD
Service Provider Breakout 1
The ESP (and other Service Providers) in 2024

READ MORE

  • Training for MSPs, MSSPs, and Consultants
  • Templating Your Practice – SOPs that Produce Artifacts and Evidence
  • Building Partnerships Between Service Providers – the rules and the benefits
LTP Rep, RPO Rep, C3PAO Rep, Cyber AB Rep TBD
Innovation Breakout 1
Practice Management that Works

READ MORE

  • Advertise, Engage, Qualify, Execute and Deliver – Best Practices
  • Protecting your Brand - Standardization Strategies
  • Building Quality Relationships with other Service Providers and CCAs
Speaker TBD
Day 1

3:30 PM EST

BREAKOUT SESSIONS
OSC Breakout 2
Documentation – Too Much, Too Little and Just Right

READ MORE

  • Examine: Evidence and Artifacts needed to validate a control
  • Interview: How to direct the assessor to the right interviewees and tips for the interviewee
  • Control Summaries
  • Objective Statements
  • Best Practices for keeping policies and procedures up-to-date
  • Reference Documents – what is needed and how frequently to refresh their content
Shared Session: TBD
Service Provider Breakout 2
Communicating with your Client

READ MORE

  • Kickoff – Setting Expectations 
  • RACI – Who Owns What? 
  • Project Updates 
  • Bad Guy or Good Guy?  Leading or Nagging to Ensure Evidence Creation Follow-Through 
Panel TBD
Innovation Breakout 2
The Real Threats in 2024

READ MORE

  • Social Engineering War Stories 
  • The Tricks of the Adversary 
  • The Evolution of our Defense 
Small Panel TBD
Day 1

4:30 PM EST

Happy Hour
Day 2

8:00 AM EST

Registration and Breakfast
Day 2

9:00 AM EST

BREAKOUT SESSIONS
OSC Provider Breakout 3
Outsourcing CMMC Responsibilities - The Value and Challenge of Leveraging ESPs

READ MORE

  • Training for MSPs, MSSPs, and Consultants
  • Templating Your Practice – SOPs that Produce Artifacts and Evidence
  • Building Partnerships Between Service Providers – the rules and the benefits
  • Stuart Itkin, Certified CMMC Instructor (CCI), and Exec responsible for MSP, RPO, and C3PAO, NeoSystems
  • Joy Beland, CISM, QTE, SSAP, CMMC CCA & PI, Summit7
Service Provider Breakout 3
ESP Participation by Control

READ MORE

  • Training for MSPs, MSSPs, and Consultants
  • Templating Your Practice – SOPs that Produce Artifacts and Evidence
  • Building Partnerships Between Service Providers – the rules and the benefits
Adam Evans, CISSP, Axiom
&
Justin Hensley, Certified CMMC Professional (CCP), CloudfitSoftware

Innovation Breakout 3
AI – The Scary, The Useful, and The Wrong

READ MORE

  • The Scary – Unchecked convenience creates false confidence 
  • The Useful – How to use AI to get a start, or inspire improvement 
  • The Wrong – Findings, Reputation Risk and Breach 
Regan Edens, Certified CMMC Professional (CCP), Certified CMMC Instructor (CCI), DTC Global 
&
Ken Fanger, Registered Practitioner (RP), OnTechnologies Partners
Day 2

10:45 AM EST

BREAKOUT SESSIONS
OSC Breakout 4
Building a Culture of Evidence

READ MORE

  • The challenge of creating evidence regularly 
  • CMMC Benefits of SOPs to management and quality product delivery  
A facilitator and a successful OSC TBD
Service Provider Breakout 4
CUI – Comply or Die

READ MORE

  • Identifying 
  • Marking (And dealing with unmarked CUI) 
  • Tracking 
  • CUI Footprint and the Impact on Scope (And Assessment Cost) 
Speaker TBD
Innovation Breakout 4
Inheritance and SRMs

READ MORE

  • How to document it when it is “Someone Else’s Job”
Speaker TBD
Day 2

12:30 PM EST

Defender's Lunch
Exhibit Hall
Day 2

1:45 PM EST

Mock Assessment

READ MORE

  • Finding a C3PAO 
  • The kickoff 
  • Qualifying document review 
  • Interviews 
  • Tests 
  • Findings 
Panel TBD
C3PAO and a person representing OSC
Day 2

2:30 PM EST

End of Conference
Day 1

8:00 AM EST

Registration and Breakfast
Day 1

9:00 AM EST

OPENING KEYNOTE
Annual Report on the CMMC Ecosystem

READ MORE

- State of the Industry
- What is new?
- What is coming?
Matthew Travis
Chief Executive Officer
Cyber Accreditation Body
Day 1

10:45 AM EST

GENERAL SESSION
The Importance of a Secure Supply Chain

READ MORE

Insert info here
DoD CIO or other High-Profile Speaker
Potentially Joined by Members of the Military with Actual Stories
Day 1

12:30 PM EST

Patriot's Lunch
Exhibit Hall
Day 1

2:00 PM EST

BREAKOUT SESSIONS
OSC Breakout 1
12 Steps to Compliance

READ MORE

  • Walk-through of what needs to happen before scheduling an official assessment
  • List of milestones
RPO Speaker TBD
Service Provider Breakout 1
The ESP (and other Service Providers) in 2024

READ MORE

  • Training for MSPs, MSSPs, and Consultants
  • Templating Your Practice – SOPs that Produce Artifacts and Evidence
  • Building Partnerships Between Service Providers – the rules and the benefits
LTP Rep, RPO Rep, C3PAO Rep, Cyber AB Rep TBD
Innovation Breakout 1
Practice Management that Works

READ MORE

  • Advertise, Engage, Qualify, Execute and Deliver – Best Practices
  • Protecting your Brand - Standardization Strategies
  • Building Quality Relationships with other Service Providers and CCAs
Speaker TBD
Day 1

3:30 PM EST

BREAKOUT SESSIONS
OSC Breakout 2
Documentation – Too Much, Too Little and Just Right

READ MORE

  • Examine: Evidence and Artifacts needed to validate a control
  • Interview: How to direct the assessor to the right interviewees and tips for the interviewee
  • Control Summaries
  • Objective Statements
  • Best Practices for keeping policies and procedures up-to-date
  • Reference Documents – what is needed and how frequently to refresh their content
Shared Session: TBD
Service Provider Breakout 2
Communicating with your Client

READ MORE

  • Kickoff – Setting Expectations 
  • RACI – Who Owns What? 
  • Project Updates 
  • Bad Guy or Good Guy?  Leading or Nagging to Ensure Evidence Creation Follow-Through 
Panel TBD
Innovation Breakout 2
The Real Threats in 2024

READ MORE

  • Social Engineering War Stories 
  • The Tricks of the Adversary 
  • The Evolution of our Defense 
Small Panel TBD
Day 1

4:30 PM EST

Happy Hour
Day 2

8:00 AM EST

Registration and Breakfast
Day 2

9:00 AM EST

BREAKOUT SESSIONS
OSC Breakout 3
Deep Dive on Two Controls – Start to Prepped

READ MORE

  • Assess, Document, Evidence -> Repeat 
  • Initial assessment of the control 
  • Document how the control is to be met 
  • Proving it with evidence 
Speaker: RPO TBD
Service Provider Breakout 3
ESP Participation by Control

READ MORE

  • Controls that you can’t do 
  • Control by Control Survey of typical ESP-Responsible Services 
  • Offloading Control Responsibilities to a CMMC Secure Cloud 
Speaker TBD
Innovation Breakout 3
AI – The Scary, The Useful, and The Wrong

READ MORE

  • The Scary – Unchecked convenience creates false confidence 
  • The Useful – How to use AI to get a start, or inspire improvement 
  • The Wrong – Findings, Reputation Risk and Breach 
Speaker TBD
Day 2
Day 2

10:45 AM EST

BREAKOUT SESSIONS
OSC Breakout 4
Building a Culture of Evidence

READ MORE

  • The challenge of creating evidence regularly 
  • CMMC Benefits of SOPs to management and quality product delivery  
A facilitator and a successful OSC TBD
Service Provider Breakout 4
CUI – Comply or Die

READ MORE

  • Identifying 
  • Marking (And dealing with unmarked CUI) 
  • Tracking 
  • CUI Footprint and the Impact on Scope (And Assessment Cost) 
Speaker TBD
Innovation Breakout 4
Inheritance and SRMs

READ MORE

  • How to document it when it is “Someone Else’s Job”
Speaker TBD
Day 2

12:30 PM EST

Defender's Lunch
Exhibit Hall
Day 2

1:45 PM EST

Mock Assessment

READ MORE

  • Finding a C3PAO 
  • The kickoff 
  • Qualifying document review 
  • Interviews 
  • Tests 
  • Findings 
Panel TBD
C3PAO and a person representing OSC
Day 2

2:30 PM EST

End of Conference

Agenda is subject to change.
Continuing Education Units
are available and awarded based on individual attendance records for both in-person and virtual attendees. In-person attendees will be responsible for checking in to each session to ensure accurate records are made. While we make great efforts to ensure our conference sessions are informative, we cannot guarantee that all certificate-issuing organizations will accept credit for all sessions.

Please consult with your certificate-issuing organization for more details about their certification requirements.

CEIC EAST 2024

a Production of ForumMakers.com

Highlights from the most recent Forum Makers event - CIC 2024.
  • "I'm really blown away by the number of individuals I've seen. A lot of people here are promoting themselves. They're here to see what's going on, to see how we're growing this ecosystem."
    Katherine "Kat" Adams
    Sr. Cybersecurity Consultant, Instructor
    Edwards Performance Solutions
  • "I've noticed that there seems to be a lot more productive conversation. One of the things that I really appreciate about the people that attend this event is that they're all trying to make each other stronger."
    Jon Bierer
    Sr. Compliance Consultant, C3 Integrated Solutions
  • "Really impressed with the attendance, really impressed with the different learning tracks, three different learning tracks this year. And so I'm kind of picking and choosing sessions across all three tracks."
    James Bowman
    Sr. Director, Federal Security Compliance SME
    Diligent

FAQ

What are the registration costs?

Where is CEIC being held?

CEIC 2024 will be held at the Gaylord National Harbor Resort & Convention Center in Maryland. Learn more.

What is the dress code for CEIC 2024?

Business Casual to Business Professional.

Is there a room block available for CEIC?

Save on your hotel by registering with our reserved room block! Click here:  https://book.passkey.com/go/CMMC2024
support@forummakers.com
(888) 800-4071
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram