Get Your Company and Team On Track for Cybersecurity Maturity Model Certification (CMMC)
โGet Your Company and Team On Track for Cybersecurity Maturity Model Certification (CMMC) Risk Awareness Now | GeoCyber Systems LLC
โ๐ Saturday, April 18, 2026 โฐ 9:30 AM โ 1:45 PM PT | 11:30 AM โ 3:45 PM CT | 12:30 โ 4:45 PM ET ๐ Virtual Event โ YouTube Live ๐ฐ Free
โAbout This Event
โAccording to a 2025 industry study, only 1% of Defense Industrial Base organizations surveyed feel fully prepared for CMMC assessments. Fewer than 50% have completed foundational documentation. Between 33,000 and 44,000 companies are expected to exit the defense market by 2027 because compliance costs exceed their ability to absorb them.
โAnd now the GAO has confirmed what practitioners have been saying for months: as of March 2026, the Department of Defense does not have a documented plan to address the assessor shortage. Certified assessors are already booked well into 2026. Organizations that wait are not buying time. They are losing it.
โMost organizations know CMMC is coming. Fewer know what to actually do about it.
โPhase 1 of the CMMC rollout began November 10, 2025. Phase 2 -- which requires third-party certification for most contractors handling Controlled Unclassified Information -- begins November 10, 2026. Under 600 certified assessors exist today against a need of 2,000 to 3,000. Many C3PAOs are already booked through 2026. The window to get on track is closing faster than most organizations realize.
โThis practitioner-led event brings together compliance specialists, organizational leaders, and workforce advocates to cut through the confusion and give you a clear, actionable picture of what CMMC means for your company, your team, and your career.
โWhether you are a small business owner trying to keep your DoD contracts, a leader who has been handed a compliance mandate, a cybersecurity professional building toward certification, or someone looking to enter the field through the compliance pathway -- this event is built for you.
โEach session stands on its own. Attend one or attend all four hours.
โWho Should Attend
โSmall business owners and defense contractors navigating CMMC compliance
โOrganizational leaders responsible for cybersecurity posture and readiness
โCybersecurity professionals pursuing CCP, CCA, or related certifications
โWorkforce professionals and career pivoters entering the cybersecurity and compliance space
โProgram managers and prime contractors managing subcontractor compliance requirements
โAnyone who has heard of CMMC and does not yet know what it means for their organization
โWhat You Will Learn
โWhat CMMC actually requires at each level and what the deadlines mean for your contracts
โHow to assess your organization's readiness and where most companies fall short
โWhat the three dimensions of CMMC look like from a leadership and organizational perspective
โHow small businesses can navigate compliance without being overwhelmed by cost and complexity
โWhat the CCP and CCA certification pathways look like and how RMF and NIST 800-171 fit in
โHow AI and automation are reshaping compliance workflows and what that means for the future of DIB security
โAgenda
โ๐ Opening -- 30 Minutes The CMMC Landscape: Where We Are and What It Means
โ๐ค 9:30 โ 10:00 AM PT | 11:30 AM โ 12:00 PM CT | 12:30 โ 1:00 PM ET
โHost and Moderator: Philippa Burgess, NICE Cybersecurity Career Ambassador | GeoCyber Systems LLC
โTopics include:
โWhy CMMC exists and what problem it was designed to solve
โWhere we are in the phased rollout and what the November 2026 deadline means
โWhat the GAO's March 2026 findings reveal about systemic gaps in program implementation
โThe readiness gap across the DIB and why most organizations are still behind
โHow this event is structured and how to get the most from each session
โ๐ต Session 1 - CMMC from Three Sides: Compliance, Leadership, and the Workforce
โ๐ 10:00 โ 10:45 AM PT | 12:00 โ 12:45 PM CT | 1:00 โ 1:45 PM ET
โPanelists: Dirce Eduardo Hernandez, A-CCISO, CISM, CRISC, CISA, CDPSE, CSX, Rae McElroy, CMMC RP, John McNicholas, and Frank Unpingco III
โModerator: Philippa Burgess
โThis panel brings together three practitioners with distinct vantage points on CMMC -- the organizational, the technical, and the human. Together they map the full picture of what getting on track actually requires.
โTopics include:
โThe three dimensions of CMMC most organizations overlook
โWhere leadership, IT, and compliance ownership break down inside organizations
โWhat small businesses face that larger contractors do not
โWorkforce pathways into the compliance ecosystem
โThe most common misconceptions about what CMMC requires and when
โTakeaway: Leave with a clear mental model of CMMC as an organizational challenge -- not just a technical checklist -- and understand which dimension applies most urgently to your situation.
โ๐ข Session 2 - CMMC and the Small Business Reality: Compliance Without Getting Overwhelmed
โ๐ฅ 10:45 โ 11:30 AM PT | 12:45 โ 1:30 PM CT | 1:45 โ 2:30 PM ET
โSpeaker: Rae McElroy, CMMC RP
โTopics include:
โWhat CMMC Level 1 and Level 2 actually mean for small businesses and subcontractors
โHow prime contractors are using CMMC readiness to filter their supply chains right now
โCost realities: what self-assessment vs. third-party certification actually involves
โPractical first steps: gap analysis, SSP, POA&M, and SPRS scoring
โResources and support available to small businesses navigating compliance
โTakeaway: Walk away with a realistic starting point -- what to prioritize, what it will cost, and what happens if you wait.
โ๐ก Session 3 - Organizational Readiness for CMMC: What Leadership Needs to Own
โ๐ฆ 11:30 AM โ 12:15 PM PT | 1:30 โ 2:15 PM CT | 2:30 โ 3:15 PM ET
โSpeaker: Frank Unpingco III
โTopics include:
โThe three sides of CMMC every leadership team needs to understand
โWhy CMMC is not just an IT problem and what organizational ownership looks like
โHow to align leadership, operations, and cybersecurity teams around a compliance roadmap
โWhat happens when compliance is delegated without adequate resourcing or authority
โBuilding a culture of cybersecurity readiness that goes beyond certification
โTakeaway: A leadership-level framework for assigning ownership, resourcing compliance properly, and building the internal momentum needed to meet the deadline.
โ๐ Session 4 - CMMC Certification Pathways: CCP, CCA, RMF, and NIST 800-171
โ๐ง 12:15 โ 1:00 PM PT | 2:15 โ 3:00 PM CT | 3:15 โ 4:00 PM ET
โSpeaker: John McNicholas
โTopics include:
โWhat the CCP and CCA certifications require and who should pursue them
โHow RMF experience maps to CMMC compliance work
โNIST SP 800-171 as the foundation of Level 2 and what full implementation looks like
โThe C3PAO assessment process and what to expect during a third-party review
โCareer pathways into CMMC compliance work for cybersecurity professionals and career pivoters
โTakeaway: Whether you are building credentials or building a team, leave with a clear picture of the certification landscape and where to start.
โ๐ฃ Session 5 -- 45 Minutes CMMC Beyond Compliance: AI Governance, Identity, and the Future of DIB Security
โ๐ 1:00 โ 1:45 PM PT | 3:00 โ 3:45 PM CT | 4:00 โ 4:45 PM ET
โSpeaker: Dirce Eduardo Hernandez, A-CCISO, CISM, CRISC, CISA, CDPSE, CSX
โTopics include:
โHow AI governance frameworks intersect with CMMC compliance programs and what organizations need to own now
โIdentity security as a foundational layer of CMMC readiness and where most organizations leave it exposed
โInsider threat considerations specific to the DIB and how to build detection into your compliance posture
โWhat GRC maturity from the financial sector can teach defense contractors about sustained compliance
โThe evolving regulatory landscape and why CMMC certification is a floor, not a ceiling
โTakeaway: Compliance gets you certified. This session shows you what a mature, AI-informed security posture looks like past the audit -- and why identity and insider threat are the two variables most organizations underestimate until it is too late.
โWhy This Event Exists
โA March 2026 GAO report found that the DoD does not have a documented strategy to address the external factors most likely to derail CMMC implementation, including the assessor shortage that is already pushing wait times for new clients past 18 months.
โThe burden of figuring this out falls on contractors, small businesses, and the workforce. This event exists to help carry that burden.
โHost and Moderator: Philippa Burgess, NICE Cybersecurity Career Ambassador | GeoCyber Systems LLC