The wheels on the US Department of Defense’s Cybersecurity Maturity Model Certification (“CMMC”) program are starting to turn. The first seven contracts with CMMC requirements have already been identified, and a limited number of contractor certifications are expected to begin soon. The CMMC Accreditation Body‘s specially-trained 100 Provisional Assessors leading those certification efforts. In the meantime, the Provisional Assessors are helping certain clients (whose systems they will not be able to assess under CMMC) prepare for their CMMC assessments.
Join the CMMC Information Institute on March 8, 2021 at 11:00 AM as we talk with Tara Lemieux, Matt Gilbert, and Matt Titcombe, all CMMC-AB designated Provisional Assessors, about their experiences thus far. Tara, Matt, and Matt will share lessons learned and suggestions for how companies of all sizes and maturity can streamline their assessment preparations. To register, please visit our website. The full list of our upcoming programs is also available.
Do you have relevant questions you’d like answered during the session? If you are a Communities member, you can submit them here. Or, you can join our Communities and ask your questions in the Communities!
About our Panelists:
Tara Lemieux – (ANTS Corporation – www.antscorp.com) Tara is a Certified CMMC Provisional Assessor and Lead Auditor for ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001. With over 30 years of hands-on implementation experience guiding U.S. Government and commercial agencies, Ms. Lemieux has empowered cybersecurity fortifications and compliance efforts through innovative and meaningful solutions. Using advanced statistical techniques, she has produced threat modeling and accompanying analysis in support of federal agencies to help advance their knowledge of immediate and emerging national security threats. Ms. Lemieux serves on the Board of Directors for the Risk Management ISAO (www.rm-isao.org), a newly formed non-profit focused on helping small to mid-sized federal contractors manage and address their cybersecurity risks while assuring their compliance to federal contracting requirements.
Matt Titcombe – (Peak Infosec – www.PeakInfosec.com) As the founder of Peak InfoSec, Mr. Titcombe left the Federal government sector as an Air Force Program Manager to reapply his 25+ years of Information Security & Technology experience to the commercial sector. Mr. Titcombe now leads an organization that specializes in Information Security Turn Around efforts supporting federal and commercial sectors. Mr. Titcombe has been brought into consult with organizations across the globe like United Launch Alliance, Sony, ConocoPhillips, and Munich Re-Insurance. His commitment to supporting the military and Defense Industrial Base did not stop when he left the Air Force. Mr. Titcombe is a recognized leader in the DoD’s new Cybersecurity Maturity Model Certification (CMMC). His leadership efforts led him to leading one of the first CMMC 3rd Party Assessment Organizations (C3PAO); being certified as a CMMC Provisional Assessor; volunteering on the CMMC Accreditation Body Industry Standards Working Group; and, as a Subject Matter Expert, helping several institutions develop CMMC training curricula.
Matt Gilbert – (Baker Tilly – www.BakerTilly.com) Matt is a principal in Baker Tilly’s risk advisory practice and CMMC Provisional Assessor. Matt joined Baker Tilly in 2020 and previously worked in PwC’s risk assurance practice for 18 years. Matt leads Baker Tilly’s Cybersecurity Maturity Model Certification (CMMC) and Government Contractor IT Risk suite of services. He has led IT audits and cybersecurity assessments for large primes down to smaller 8A contractors. Matt’s expertise includes internal auditing, SOX compliance, information technology controls, business process controls, and ERP risk and controls. Examples of these engagements include CMMC Readiness assessments, 800-171 implementation projects, 800-53 based reviews, IT Risk assessments, Sarbanes-Oxley compliance, internal audit, pre- and post-implementation assessments, and privacy assessments for clients.