Securing The Digital BeachHead – The Myth of Cybersecurity Compliance

As supply chain management becomes the latest in cybersecurity buzz terms used in our industry, we must look at the myth that is cybersecurity and focus on cyber risk management.  Real life examples from the field outline how simply working towards compliance does not meet the needs of any organization seeking to work towards a greater cybersecurity maturity.  CMMC v2 has removed much of the independent 3rd party auditing requirements leaving organizations to self-attest following NIST 800-171 controls.  Corporate leaders need to have a firm understanding of meeting a “checkbox” is not providing cybersecurity.  To have cyber risk management maturity a solid set of policies, procedures must accompany those control sets.  The modern “Digital Beachhead” has no front lines and attack vectors change daily so we must move beyond checking a box and leaving it to the IT department.  Everyone in the organization is a target and a sensor.  We must view cybersecurity as an unachievable goal we consistently work towards and not a destination.

About Presenter: Michael “Mike” Crandall is 21-year Air Force veteran and CEO of Digital Beachhead which is a CMMC-AB candidate 3CPAO organization.  During his military career he helped develop the Defense in Depth “Barrier Reef” security concept that became the Combat Information Transport System / Base Information Protection program.   He was on the team that developed and implemented the first Network Operations and Security Center (NOSC) for the Air Force and managed the $50B AF Satellite Control Network until his retirement.