<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

26-DCmmc-Logo-FINAL_V1 White

 

The inaugural event was a success! This practitioner-led, vendor-neutral CMMC community event focused on delivering real security outcomes for the DIB and was a chance to connect with DC’s defense peers.

OCCURRED February 18, 2026

The HUB on Penn Avenue, NW

Watch Videos

26-DCmmc-Logo-FINAL_V1

This inaugural DCMMC event brought together assessors, C3PAOs, DIB leaders, and policy voices to put outcomes back at the center of CMMC. This event featured two panel sessions where attendees walked away with practical guidance and connections that advance credible, outcome-driven CMMC readiness. 

In case you missed it or want to revisit the topics, check out the DCMMC Panel recordings below! 

PANEL 1: Defense Over Pretense: Making Audits Easy and Exfiltration Hard

The clock to November 2026 is ticking, and the Defense Industrial Base is drowning in CMMC noise—advisors, assessors, and acronyms piling up while nation‑state adversaries keep walking out with our data. Amid the scramble, one truth is clear: security and compliance are not one in the same. Compliance shows conformance at a point in time; security reduces risk every day. If a control can’t stop exfiltration or meaningfully reduce risk to CUI, why is it in your SSP?

As the Cyber AB scales the ecosystem, variability in assessor approach and technical depth is inevitable. This panel focuses on how to raise the bar without crushing capacity—how DIB organizations can vet for real depth, how assessors can demonstrate technical knowledge and competence, and how we align on evidence that proves data defense, not just documentation.

Moderator: Juan Salinas, Manager, Solutions Engineering, Virtru

Panelists:

  • Stuart Itkin, CRO & Chief Security Evangelist, FutureFeed
  • Andy Sauer: CEO, Sentinel Blue
  • Michael Lipinski, Partner, Plante Moran

PANEL 2: Pass once, Protect always: Choosing CMMC Level 2 partners who deliver

Shiny badges and quick compliance offers are everywhere. However, Level 2 readiness is an engineering outcome, not a logo. Pick the wrong guide and you’ll buy paperwork while your CUI stays exposed. The right partner designs for containment, proves it with objective evidence, and leaves controls that stand up under assessment methods today and six months from now.

This panel turns consultant selection into evidence‑first buy. We’ll cover how to separate implementers from assessors (and avoid conflicts), what RPO/C3PAO status does and what it means,, and how to vet real technical depth across identity, endpoints, logging, boundary/egress, and enclave strategy. Expect practical buyer tactics: scenario questions that reveal competence, the artifacts to demand (assessment‑objective–mapped evidence, traceable SSPs, risk‑reducing POA&Ms), and SOW language that ties payment to delivered controls and verified evidence.

Moderator: Andrew Lynch, Vice President, Sales, Virtru

Panelists:

  • Derrich Phillips, Lead CMMC Assessor, Aspire Cyber
  • Pat Garcia: CEO & Founder, Kompleye
  • Joe Devine, President, Axiotrop