Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: CMMC DAY: An interview with Andrew Baranich of Cnxtd Event Media
Quick Take
On this episode of Compliance Unfiltered, we are pleased to welcome Andrew Baranich of Cnxtd Event Media to the show! Andrew is heading up the coordination of the CMMC Day Event in Arlington Virginia on May 15th, 2023, where TCT will be a Sponsor.
CMMC Day is focused on Providing forward-looking discussions with guidance in the cybersecurity, secure payments, certification, secure project collaboration, and ICT product certification spheres. It also offers a comprehensive view of new certification requirements that apply to industry stakeholders.
Want to know more? Curious if there’s still time for you to get involved? The CU guys have all those answers for you and more, on this week’s episode of Compliance Unfiltered.
Visit CMMCDay.org for all event details — and remember to follow us on LinkedIn and Twitter!
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow, along side a man who you can consider your snorkel in a compliance lagoon, Mr. Adam Goslin. How the heck are you, sir? I’m good. I’m waiting for you to run out of these. Never. Not a chance in the world. Man, I couldn’t be more excited today. We have a special guest, and it actually ties into some stuff that we’ve got coming up as well.
We’re very, very pleased to be joined by Andrew Baranich from Connected Event Media, who’s joining us today to tell us a little bit more, obviously, about Connected in a cool conference that we got coming up called CMMC Day. Andrew, thank you so much for being here. Todd, thank you. Adam, thank you. I was going to say I’m really glad to be here, but I think in the TCT world, I should lead with good morning. It’s great to be here. I love it. Yeah. No, TCT culture is always morning, so it’s always morning. No, I am glad to be here. Total Compliance Tracking is one of our leading sponsors for CMMC Day. That’s cmmcday.org, which is May 15th in Arlington, Virginia, and sponsors are our partners, so I’m glad we can share part of the day and have a conversation about what’s coming up literally just in a month.
Absolutely. Connected, Connected Event Media, we’re producers of B2B conferences. We’ve been doing this going on 11 plus years. We’re actually a registered federal contractor. And really our mission is to provide and produce forward looking discussions with guidance in cybersecurity, secure payments, certification, secure project collaboration for contractors, ICT product certification. Those are kind of the spheres we play in with our conferences. And we like to think that we’re bringing a lot of value as each event really sees and enjoys support from certification bodies, from standards orgs, like NIST, NIAP, the NSA, the DOD. So that’s where we’re at. No, that’s great stuff. I mean, obviously this is a growing and budding field. only going to get bigger and stronger in the coming years. But, you know, share your compliance unfiltered, Andrew, we are people, people.
So why don’t you introduce yourself to the audience? Tell them a little bit about yourself, your background and what you do. Well, Todd, you know, we could start with business, but usually when I’m not roaming the pine forests, hiking and biking north of Raleigh, North Carolina, with my black lab or hacking my way around one of the Brazilian golf courses here, I am focused on the certification events. But having lived in Midtown Manhattan for 15 years, I’ve actually learned how to how to really grill, how to smoke some dinners. So working remotely, but working nationally from Raleigh has been tremendous the past two years. I really enjoyed the energy, the focus in the business to business conference space for 18 years, working on global and North American events, typically in finance, commercial real estate technology, smart cities. And of course, our topic, cybersecurity. So again, I’ve been in the thick of it in New York for 15 years, but I really enjoy the energy. And for me, there’s a lot of satisfaction, Todd, brokering new introductions for our sponsors. We truly view our sponsors as partners. You’ve, you’ve probably heard me say that already. Our prep work this spring. But that’s really the sweet spot that I enjoy is, is connecting sponsors with partners.
Absolutely. And we certainly notice that in the way that you’ve conducted things and the way that connected has handled things. Now, Adam, for the folks out there, let’s talk at a high level. What exactly is CMMC for the uninitiated? All right. Well, actually, before I even get into that, I want to say something real quick, and that is, you know, for the for the listeners going, what the hell are we all talking about this? So. Um, I just, I was like, hey, maybe they’d like to know, um, TCT will be, uh, you know, is a sponsor for CMMC day. Uh, we will be, uh, be, be joining up with Andrew on the 15th of May, um, you know, and all that fun stuff. So, uh, so we’ll be there via to be attending and whatnot. Um, as CMMC happens to be one of many certifications that we’ve got on the platform.
So, uh, what is CMMC? Um, CMMC is a, uh, it’s a standard that was developed, uh, coming out of the DOD, really targeted at their, um, you know, at their various vendors, uh, you know, in the DOD space, um, so that they had a mechanism, uh, whereby they, they could evaluate those, uh, those vendors, uh, based on their stance in terms of cybersecurity. There’s various levels to CMMC, depending on, you know, kind of what the exposure of the vendor is to, you know, certain sensitive data in the DOD space, you know, and it’s effectively a certification or a standard that it’d be very similar, similar in terms of, you know, kind of approach structure to, you know, something like a, you know, NIS of CSF or a, you know, a PCI, ISO, etc, it’s a series of requirements that you need to go up against, prove out that you’ve got in place, that you’re, you know, operationally effective, you know, things along those lines. And the CMMC is interesting in that for the DOD, they have a whole series of inputs that they’ll take surrounding, you know, kind of almost like vendor due diligence or vendor evaluation and CMMC and the scores that come out of CMMC is one of a plethora of inputs that head into the DOD so that they can vet and evaluate their, you know, their existing indoor perspective vendors, you know, and certainly the scores that are coming off of CMMC are very quickly becoming pivotal or critical to vendors that want to play in the, you know, in the DOD space. So it’s fast becoming very important to those that want to play in this arena. And so that’s part of the reason why, you know, we’ve been, you know, TCTs been keeping, you know, keeping their eyeball on, you know, NIST 171 and, you know, it’s kind of ramping up and then CMMC version one and then version two, you know, kind of getting, you know, getting dropped into play. I think things are starting to stabilize at this stage of the game. So that’s cool, you know, but yeah, TCT is just excited to, you know, to be able to participate. in this arena, you know, our capabilities at making compliance suck less in the CMMC space. So it’s going be a ton of fun, uh, you there to, you know, getting you know, to the event, we’ll see how it all kind of unfolds if you will.
Andrew, what do you hope that participants gain from attending CMMC day? Well, where were headed with this is a one day intensive, Todd. It’s a one day intensive with about 225 of your closest industry friends, your closest sponsors like TCT who likes to keep us caffeinated the conference break room. It’s a one day summit. Lots of coffee, we just use the word where Adam was saying there’s a lot of critical updates, and that’s true. There’s a lot of practical critical updates out there on the horizon for all of us. So we’re getting together to make compliance suck less, but really this one-day summit is going to help us all navigate the future of federal supply chain cybersecurity.
From a top-line view, Todd, CMMC Day on May 15th offers us a comprehensive view of new certification requirements that apply to everyone who’s an industry stakeholder. I mean, there’s, what, 300,000 U.S. government GIB subcontractors? That’s going to depend on how many decide to play in the space with the new requirements and blah, blah, blah. Very true. And we’ve seen a major swing in that number, Adam. Yeah. I mean, it might, well, there might be more people that jump into the party and there could be a number that say, you know what? I don’t think I’m just going to move on to something different. So we’ll see. We’ll see what happens. We won’t have 300,000. We won’t have 100,000, but with 225 participants like yourselves, you know, it’s really a navigable day where you can have conversations. You can see people across the room. It’s not 5,000 people. It is very technical. But again, the size really is a sweet spot for conversation. So again, whether you’re one of the 300,000 or whether you’re one of the 225, 250 that are attending, if you’re a product developer, if you’re an integrator, a testing laboratory and end user, we’re trying to wrap everything together on May 15th at CMMC Day. Again, we enjoy the speakers from the DOD, the Cyber Readiness Institute, NIST, NIAP, NSA. Todd and I touched on this last week. Katie Errington will be speaking. dynamic speaker. Rings and energy, exactly. Being former CISO at the DOD Security Outlook. So we’re pleased to have Katie in the room with everyone. And Katie and everyone else who’s from the government and the standard side, you know, really, that’s access. That’s in-person access where you can chat. And we hear this repeatedly at our conferences, Todd and Adam, is that, you know, five minutes with someone from the DC area, someone from a standards body, someone from the government, really helps move things down the track towards certification. It really clears up a lot to meet in-person. So we look to connect peers on challenges, on best practices. And we want everyone to leave with a strong reinforcement of the existing controls in CMMC and the processes across the current maturity levels.
Thank you. Now, Andrew, what things will participants be able to experience at the event itself at CMMC Day? We’re excited. We’re in our third year. We developed this coming out of the shelter in place, pandemic, COVID environment. So it’s definitely, and that’s not a knock, it’s just, this is when we had the rising action and we think the timing is right with everyone. So we’re in our third year, and I say it all the time, it’s busier, it’s buzzier. It’s a full speed day. You’re supplying us with coffee and the espresso and the snacks, but it’s going to be a full speed day with 30 sponsors. We’re sold out on the sponsorship side. I mentioned 225, 250 industry friends with 30 sponsors.
There’s two exhibit showcase halls. There’s a real market feel walking up to exhibitor tables, walking up to exhibitor booths. So we want the industry to really kind of feel that momentum of looking ahead and moving ahead, taking action. And we’ve designed all of this to be accomplished in one day. So there’s kind of two ways, two tines of the fork. There’s the formal academic presentations, if you will, Todd, right? There’s CMMC day review with NIST 800-171, many other foundational standards. We have a session, a couple of sessions on practical scoping, CUI for CMMC. We are covering data protection. We have some future looking panel discussions on CMMC outlooks. So there’s just the academic thrust on May 15th. And then there’s the social, the networking thrust. Where you’re connecting with partners, you may be meeting new partners, but the sponsors like yourselves are really fostering and. creating this environment, this huge networking environment, with hundreds of conversations around policy, best practices, certification. We actually construct the day to have several dedicated standalone networking breaks, right, where we’re not hustling over lunch, and we’re not hustling through a coffee break. There’s literally time set aside for conversation so that you can dig in and you can catch up. And obviously, everyone’s goal is to practically navigate standards and deploy directly. That sounds fantastic. Again, cmmcday.org.
Now, Andrew, I understand you just put on a cybersecurity conference in Europe. Can you tell us a little bit more about that? Thanks. Yes. Yeah, actually, we rolled through a cold and rainy week in Brussels, Belgium, the final week of March. It’s our, our third time in Brussels and it’s totally focused on the EU Cyber Security Act and the ramifications and really the drive to a single market goal, a single market certification goal in Europe. I mentioned Brussels. That’s been a tremendous conference location when we put on this event. Again there’s around 250 to 300 attendees. There’s a number of labs from Germany, from Spain, from the Netherlands, France, the UK. We have speakers from Turkey, speakers from Singapore. So it is global but there’s definitely a focus on Europe being at the crossroads. It’s the command center for the EU. NATO is headquartered there. But again everything’s designed around that single digital market goal and speakers are covering a variety of industries as we look at security. There’s 5G, there’s IoT, cloud, communications, both commercial communications, defense communications, AI, automation control. So participants, sponsors, speakers, attendees, everyone’s really at the intersection of key updates and schemes. Again both commercially and defense related. We’ve seen speakers. This year we were really gratified. They have a number of speakers from the EU, the Director General of Digital Europe. We had several speakers from the NISA, the Security Information Agency, under the EU umbrella EXO. We also had a day dedicated with the ISO IECW3 working group and they were working through cryptographic modules and the certification and what that’s shaping up to be.
So we actually had that as a precursor. So it was three days but a solid three days, a solid week in Brussels.
That’s incredible stuff Parting thoughts and shots for this week. Let’s start with Andrew, Adam and let’s talk about that Andrew Well, you know, we’re, we’re inside 30 days. We’re just about inside 30 days for CMMC day And again CMMC day org It’s, it’s the largest this one. This one’s the largest edition. We’ve had in three years And really again, our thought is looking forward moving forward in a one-day intensive summit Arlington, Virginia if you’d like to attend there is space there are seats I know that we’ll have my contact information available but I would love to work with anyone here in North America who’d like to register and My door is open to make that work for you. We have some savings right now on the conference pass So there’s really a lot to take away from, from a seven-hour summit. And we’re really glad to have the opportunity to just chat about it today. Todd and Adam, thank you very much.
Oh, no, not a problem at all. Hey, just curious, Andrew, how many participants do we have that are planning, you know, kind of signed up to be there at this point again? So we’re tracking, right now we’re at 160. We’re tracking to 225. At the high end, we’d be around 250. So you consider where we started with COVID between, you know, 90 and 125 attendees. This is really, as I said, a busy and buzzy day on May 15th. Yeah, no, that’s going to be very, very cool. So, you know, from our side, you know, we’re, you know, us coming in and being at the CMMC day conference. I think that it’s just going to be really frickin cool, you know, being there, being on site, you know, being, you know, being able to talk to some of the speakers and excited to see, was it Katie, correct? So excited to see her be able to chat with her a little bit. And really just to, you know, just to interact with, you know, interact with, you know, with you, you know, with the folks that got this all set up, you know, talking to other, you know, talking to some of the other vendors, you know, that are going to be there. You know, certainly, TCT is going to have a, is going to have a booth that will have set up, will have a demo running with, you know, with some cool stuff on there. But now TCT has long, long been a huge fan of making friends, making friends in, you know, in the right places, meeting new people.
This is going to be really, really cool for Todd and I to be able to be able to go, be on site, you know, be able to, be able to meet people. And we’re really, really excited about being able to participate. So, Andrew, we really appreciate it as well. Thank you. We’re really looking forward to your presence. I’m sorry. We’re really looking forward to your presence. And you’re right. There’s a number of partner conversations and catch-ups that happen. And there’s no question that you and other sponsors are fostering that. That’s why it’s such a good day. It’s not all heads-down academic. There’s as much gained from the networking and the catch-up as there is from the focused updates. Thank you again to Andrew and Connected Media. If you are in the CMMC space, this is the one event this year that you need to attend. CMMCday.org.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered.
I’m Todd Coshow. And I’m Adam Goslin. Hope we help to get you fired up to make your compliance suck less.
