Damon Hacker, Vestige President, is presenting to the SAME Mt. Tacoma Post & engineering students at the University of Washington-Tacoma on April 9.

2023 SAME Joint Engineer Training Conference & Expo

2023 SAME Joint Engineer Training Conference & Expo

Henry B. Gonzalez Convention Center, 900 E Market St, San Antonio, TX 782056

2023 Society of American Military Engineers – JETC & Expo

The Society of American Military Engineers (SAME) 2023 Joint Engineer Training Conference & Expo is headed to San Antonio, TX May 2-4, 2023. Join your colleagues from across the A/E/C – Architectural/Engineering/Construction industry and joint engineer community for three days of education, training and networking opportunities. And as the Society of Military Engineer’s (SAME)  Annual Meeting, JETC offers numerous awards and recognition activities to celebrate the contributions and excellence of the Society’s Posts and members in supporting the SAME mission “to lead collaborative efforts to identify and resolve national security infrastructure-related challenges.”

Vestige is participating in 2 presentations:

1. WORKSHOP – CMMC 2.0 – A Deep Dive

May 1, from 1-5 pm  

4 PDH

PRESENTED BY: Damon Hacker, Vestige President & CEO & Jade Brown, BS, C|EH, GCTI

We will begin with an overview of the 3 breakout modules: Scoping, Domains, and the CMMC C3PAO audit preparation

    • Attendees will break into smaller teams to tackle the issues addressed within each module
    • Throughout the workshop you will complete our CMMC Planning Workbook for your organization
    • You’ll discuss, within a team setting, how you’ve dealt with, or will deal with, the 110 security controls within NIST 800-171/CMMC
    • We’ll talk about cultural changes and challenge
    • We’ll share strategies for addressing the 14 Capability Domains
    • If you have created a NIST 800-171/CMMC plan, bring it
    • We’ll take a look at where organizations are struggling and the challenges their facing similar to yours
    • We have a proven methodology for achieving compliance and we will share it
    • We will wrap up with a presentation by each of the module teams, sharing with the group their conclusions and lessons learned

Module 1 – Scoping

One of the most critical factors in succeeding at CMMC is ensuring you have an answer to the question of scoping.  Scoping is understanding how the framework fits your organization’s individual needs.  Every organization looks a little bit different in terms of its use of technology, its competitive advantages and its unique culture – all things that contribute to what CMMC will look like and how you will achieve compliance for your organization.

For example, do you know whether everyone in your organization needs access to CUI, or only an isolated few?  Knowing this answer will have a profound impact on the decision and direction your organization will take with CMMC.

Our experts will help guide the teams through the scoping conversation.  The groups will discuss what has been tried in their organization and hear about critical considerations for success.

Module 2 – Domains

At each Maturity Level, there are controls that need to be addressed.  (For example, at Maturity Level 2 there are 110 controls arranged within 14 control families/domains).  The language used by the framework’s authors is not clear and as a result many organizations falter, as too much is left to the organization’s own interpretation.  Unfortunately, you will be assessed as to what the DOD’s intent is for each control and not how you have interpreted the requirement.  If not done properly from the onset, a misunderstanding of the requirements will likely affect your C3PAO audit, your NIST 800-171 score and the potential to mis-collect the wrong evidence.

In addition, there are multiple alternatives available to the organization.  Some of those options depend on the size of an organization, some based upon complexity and still others based upon the organization’s own culture.  We will explore available options for addressing these controls.

In this module, our expert will provide guidance around these requirements by walking through each domain and its set of controls.  Each team will then be given an opportunity to engage in an open discussion about what has worked and what some of the pitfalls are when implementing change within an organization’s ongoing operations.  In addition, we will explore as a group how to shape the conversation for your return to the office.

Module 3 – Putting It All Together

In this module we bring what you’ve learned in this workshop together, to ensure success as you prepare for the C3PAO assessment.  We will explore whether you have properly evaluated your infrastructure, including policies and procedures.  You will determine: if you have well designed controls, explore how to evaluate and measure execution, and discuss requirements surrounding the evidence.

In our small group breakouts, we will hear about the teams’ collective experiences and challenges with both the C3PAO process and subcontractor compliance.  We will explore the timeline for engaging with a C3PAO, considerations for selecting a C3PAO and special circumstances such as taking advantage of the Joint Surveillance Program.  We’ll talk about what organizations should expect when going through the C3PAO assessment, including the three forms of evidence that will confirm the existence of a security control – interview, observation and testing.  Lastly, we’ll talk about how to make sure you’re ready to support each of the controls and put your best foot forward during the official assessment.

Who Should Attend

    • Individuals responsible for DoD contracts
    • Individuals responsible for protecting Controlled Unclassified Information (CUI)
    • Anyone in the Defense Industrial Base (DIB)
    • Organizations that recognize that compliance with CMMC is not an option when working with the DOD

Why Should You Attend

    • To learn how to succeed with your CMMC compliance
    • Become confident in your ability to meet the demands of the assessment
    • To hear from companies and executives about their successes, and obstacles to becoming compliant
    • To complete a planning workbook with tangible, executable next steps that you can take back to your organization
    • To get a list of applicable resources and a CMMC glossary

Learning Objectives

    • The importance of having a plan of attack for addressing CMMC
    • What applies to your organization and what doesn’t
    • How to avoid unnecessary system rework and the associated costs
    • The value of approaching the journey in an orderly, prioritized fashion
    • How to select a C3PAO and what to expect when going through the official assessment

2. PANEL – What to Know Before the CMMC Auditor Arrives

May 2, from 2:30-3:30pm 

PRESENTED BY:  Damon Hacker, Ned Childs, Ola Sage; and moderated by Jane Flynn.

Gain perspectives from a C3PAO, Lawyer and a CMMC Expert (RP).

With CMMC 2.0 right around the corner, many organizations are scrambling to come into compliance.  For organizations that are unfamiliar with an evidence-based assessment, they may be fearful of what the C3PAO is going to find or worse, unaware of the rigor that it requires – leading that organization to be woefully unprepared for such audit.  This panel discussion brings together the collective expertise from the perspectives of:

  • a Registered Practitioner (RP) who knows the ins-and-outs of how to comply and how to “get it done”,
  • a lawyer that specializes in organization’s FAR and DFARS obligations and understands the liability of the flow-down clauses between primes and subcontractors, and
  • a Certified CMMC Assessment Team Member and CEO of a CMMC Third Party Assessment Organizations (C3PAO).

Benefits of Attending:

  • Understand the value of having your CMMC Expert on-board at the time of the certification assessment,
  • Learn why organizations need to understand their liability as it pertains to their supply chain, and
  • Gain perspective from a C3PAO on what they’re going to be looking for during the certification assessment.

 

Attendees Will Learn:

  • What an evidence-based assessment means and what’s involved to comply,
  • The importance of having an advocate in the room that is both a CMMC master and IT expert to defend your control environment, and
  • What’s at stake if they and their subcontractors are not in compliance and/or misrepresent their compliance.

See you in San Antonio! Look for Vestige in Booth # 344

The 2023 JETC in Texas promises to be a must-attend reunion for members of the military engineering community and A/E/C industry! After two years of hosting JETC virtually, we are so excited to be getting together again for the premiere joint education and training conference, bringing together professionals from across the public and private sectors to learn and network in a collaborative setting.

Don’t miss this chance to reconnect with friends and colleagues, and strengthen your personal and professional development. Mark your calendars for May 2-4, 2023 at JETC!

#SAMEJETC23

Speaking

Damon Hacker, President & CEO | Founder
MBA, CISA, CSXF, CMMC-RP

Damon Hacker is President, CEO and co-owner of Vestige Digital Investigations, a leading technology company specializing in CyberSecurity (proactive & reactive as well as compliance), Digital Forensics and Electronically Stored Information (ESI). He brings more than 30 years of experience in the arena, including a background in IT Security and IT Auditing.

He helps to improve the techniques, processes and technology in cybersecurity. He actively assists clients achieve compliance across multiple cybersecurity frameworks.

Damon is an in-demand speaker on local, state and national levels. He speaks on the subjects of DoD CMMC cybersecurity compliance, IT security, IT auditing, computer fraud, white-collar crime, data breach, non-compete and intellectual property theft.

He earned both his MBA from the Weatherhead School of Management, and his undergraduate degree from Case Western Reserve University, Cleveland, OH. He is a Certified Information Systems Auditor (CISA), CSX Cybersecurity Nexus Fundamentals certification from the Information Systems Audit and Control Association (ISACA), and is Cybersecurity Maturity Model Certification – Registered Practitioner (CMMC-RP) for U.S. Department of Defense contractor cybersecurity compliance.

READ FULL BIO

Jane Flynn, Director of Sales
BS

Jane joined Vestige in June of 2019 as Director of Sales. She is based out of Vestige’s New York City office.

Her responsibilities include expanding business, increasing the company’s geographic growth initiatives, and establishing new long-term relationships with the clients in Vestige markets to enable them to make better use of digital evidence as well as effective cybersecurity compliance and utilization.

READ FULL BIO

Jade Brown, Cybersecurity Analyst
BA, C|EH, GCTI

Jade Brown resides in Beachwood, OH. She earned a Bachelor of Arts Degree in Linguistics from Ohio University in Athens, OH. Jade served as an Ambassador for the Taiwan-U.S. Sister Alliance (TUSA) and was a TUSA Scholarship recipient.  The pattern-thinking style which served Jade well in subjects such as language acquisition, and political science enabled her to cultivate her interests in technology, cyber forensics, and threat intelligence.

READ FULL BIO
Ned Childs

Ned Childs, Attorney at Law | Partner
McGuire Woods LLP
BA, JD

McGuireWoods is a full-service law firm providing legal and public affairs solutions. 

Ned Childs practice spans more than a decade in Washington, DC and encompasses a broad array of legal services, including government contract investigations, disclosures, and regulatory enforcement actions; bid protests and government contract disputes; government contract counseling; export licensing and enforcement; prime contractor-subcontractor disputes.

READ FULL BIO

Ola Sage, Founder & CEO
CyberRx
PMP, CRISC, CCP

Ola is the Founder & CEO of CyberRx, which helps small and mid-sized businesses simplify the complexity of managing cyber risk. CyberRx is also a CMMC-C3PAO (Third Party Assessment Organization).  

As a champion and advocate for cybersecurity readiness, Ola frequently meets with and speaks to business groups and CEOs about cybersecurity and has testified to Congress on issues around cybersecurity insurance, the impact of the Cybersecurity Information Sharing Act on small and mid-sized companies (SMBs), and expanded liability protections for small businesses that participate in voluntary information sharing with the federal government.

READ FULL BIO