Get Your Company and Team On Track for Cybersecurity Maturity Model Certification (CMMC)
βGet Your Company and Team On Track for Cybersecurity Maturity Model Certification (CMMC) Risk Awareness Now | GeoCyber Systems LLC
βπ Saturday, April 18, 2026 β° 9:30 AM β 1:45 PM PT | 11:30 AM β 3:45 PM CT | 12:30 β 4:45 PM ET π Virtual Event β YouTube Live π° Free
βAbout This Event
βAccording to a 2025 industry study, only 1% of Defense Industrial Base organizations surveyed feel fully prepared for CMMC assessments. Fewer than 50% have completed foundational documentation. Between 33,000 and 44,000 companies are expected to exit the defense market by 2027 because compliance costs exceed their ability to absorb them.
βAnd now the GAO has confirmed what practitioners have been saying for months: as of March 2026, the Department of Defense does not have a documented plan to address the assessor shortage. Certified assessors are already booked well into 2026. Organizations that wait are not buying time. They are losing it.
βMost organizations know CMMC is coming. Fewer know what to actually do about it.
βPhase 1 of the CMMC rollout began November 10, 2025. Phase 2 -- which requires third-party certification for most contractors handling Controlled Unclassified Information -- begins November 10, 2026. Under 600 certified assessors exist today against a need of 2,000 to 3,000. Many C3PAOs are already booked through 2026. The window to get on track is closing faster than most organizations realize.
βThis practitioner-led event brings together compliance specialists, organizational leaders, and workforce advocates to cut through the confusion and give you a clear, actionable picture of what CMMC means for your company, your team, and your career.
βWhether you are a small business owner trying to keep your DoD contracts, a leader who has been handed a compliance mandate, a cybersecurity professional building toward certification, or someone looking to enter the field through the compliance pathway -- this event is built for you.
βEach session stands on its own. Attend one or attend all four hours.
βWho Should Attend
βSmall business owners and defense contractors navigating CMMC compliance
βOrganizational leaders responsible for cybersecurity posture and readiness
βCybersecurity professionals pursuing CCP, CCA, or related certifications
βWorkforce professionals and career pivoters entering the cybersecurity and compliance space
βProgram managers and prime contractors managing subcontractor compliance requirements
βAnyone who has heard of CMMC and does not yet know what it means for their organization
βWhat You Will Learn
βWhat CMMC actually requires at each level and what the deadlines mean for your contracts
βHow to assess your organization's readiness and where most companies fall short
βWhat the three dimensions of CMMC look like from a leadership and organizational perspective
βHow small businesses can navigate compliance without being overwhelmed by cost and complexity
βWhat the CCP and CCA certification pathways look like and how RMF and NIST 800-171 fit in
βHow AI and automation are reshaping compliance workflows and what that means for the future of DIB security
βAgenda
βπ Opening - The CMMC Landscape: Where We Are and What It Means
βπ€ 9:30 β 10:00 AM PT | 11:30 AM β 12:00 PM CT | 12:30 β 1:00 PM ET
βHost and Moderator: Philippa Burgess, NICE Cybersecurity Career Ambassador | GeoCyber Systems LLC
βTopics include:
βWhy CMMC exists and what problem it was designed to solve
βWhere we are in the phased rollout and what the November 2026 deadline means
βWhat the GAO's March 2026 findings reveal about systemic gaps in program implementation
βThe readiness gap across the DIB and why most organizations are still behind
βHow this event is structured and how to get the most from each session
βπ΅ Session 1 - CMMC from Three Sides: Compliance, Leadership, and the Workforce
βπ 10:00 β 10:45 AM PT | 12:00 β 12:45 PM CT | 1:00 β 1:45 PM ET
βPanelists: Dirce Eduardo Hernandez, A-CCISO, CISM, CRISC, CISA, CDPSE, CSX, Rae McElroy, CMMC RP, John McNicholas, and Frank Unpingco III
βModerator: Philippa Burgess
βThis panel brings together three practitioners with distinct vantage points on CMMC -- the organizational, the technical, and the human. Together they map the full picture of what getting on track actually requires.
βTopics include:
βThe three dimensions of CMMC most organizations overlook
βWhere leadership, IT, and compliance ownership break down inside organizations
βWhat small businesses face that larger contractors do not
βWorkforce pathways into the compliance ecosystem
βThe most common misconceptions about what CMMC requires and when
βTakeaway: Leave with a clear mental model of CMMC as an organizational challenge -- not just a technical checklist -- and understand which dimension applies most urgently to your situation.
βπ’ Session 2 - CMMC and the Small Business Reality: Compliance Without Getting Overwhelmed
βπ₯ 10:45 β 11:30 AM PT | 12:45 β 1:30 PM CT | 1:45 β 2:30 PM ET
βSpeaker: Rae McElroy, CMMC RP
βTopics include:
βWhat CMMC Level 1 and Level 2 actually mean for small businesses and subcontractors
βHow prime contractors are using CMMC readiness to filter their supply chains right now
βCost realities: what self-assessment vs. third-party certification actually involves
βPractical first steps: gap analysis, SSP, POA&M, and SPRS scoring
βResources and support available to small businesses navigating compliance
βTakeaway: Walk away with a realistic starting point -- what to prioritize, what it will cost, and what happens if you wait.
βπ‘ Session 3 - Organizational Readiness for CMMC: What Leadership Needs to Own
βπ¦ 11:30 AM β 12:15 PM PT | 1:30 β 2:15 PM CT | 2:30 β 3:15 PM ET
βSpeaker: Frank Unpingco III
βTopics include:
βThe three sides of CMMC every leadership team needs to understand
βWhy CMMC is not just an IT problem and what organizational ownership looks like
βHow to align leadership, operations, and cybersecurity teams around a compliance roadmap
βWhat happens when compliance is delegated without adequate resourcing or authority
βBuilding a culture of cybersecurity readiness that goes beyond certification
βTakeaway: A leadership-level framework for assigning ownership, resourcing compliance properly, and building the internal momentum needed to meet the deadline.
βπ Session 4 - CMMC Certification Pathways: CCP, CCA, RMF, and NIST 800-171
βπ§ 12:15 β 1:00 PM PT | 2:15 β 3:00 PM CT | 3:15 β 4:00 PM ET
βSpeaker: John McNicholas, CISSP, CISA, CMMC CCP, CEH, CCSK
βTopics include:
βWhat the CCP and CCA certifications require and who should pursue them
βHow RMF experience maps to CMMC compliance work
βNIST SP 800-171 as the foundation of Level 2 and what full implementation looks like
βThe C3PAO assessment process and what to expect during a third-party review
βCareer pathways into CMMC compliance work for cybersecurity professionals and career pivoters
βTakeaway: Whether you are building credentials or building a team, leave with a clear picture of the certification landscape and where to start.
βπ£ Session 5 - CMMC Beyond Compliance: AI Governance, Identity, and the Future of DIB Security
βπ 1:00 β 1:45 PM PT | 3:00 β 3:45 PM CT | 4:00 β 4:45 PM ET
βSpeaker: Dirce Eduardo Hernandez, A-CCISO, CISM, CRISC, CISA, CDPSE, CSX
βTopics include:
βHow AI governance frameworks intersect with CMMC compliance programs and what organizations need to own now
βIdentity security as a foundational layer of CMMC readiness and where most organizations leave it exposed
βInsider threat considerations specific to the DIB and how to build detection into your compliance posture
βWhat GRC maturity from the financial sector can teach defense contractors about sustained compliance
βThe evolving regulatory landscape and why CMMC certification is a floor, not a ceiling
βTakeaway: Compliance gets you certified. This session shows you what a mature, AI-informed security posture looks like past the audit -- and why identity and insider threat are the two variables most organizations underestimate until it is too late.
βWhy This Event Exists
βA March 2026 GAO report found that the DoD does not have a documented strategy to address the external factors most likely to derail CMMC implementation, including the assessor shortage that is already pushing wait times for new clients past 18 months.
βThe burden of figuring this out falls on contractors, small businesses, and the workforce. This event exists to help carry that burden.
βHost and Moderator: Philippa Burgess | GeoCyber Systems LLC
βIn Association with NICE Cybersecurity Career Community of Interest & Ambassador Program