Owner, Angel Consultancy
Dr. Roméo Farinacci specializes in Governance Risk and Compliance (GRC) with 20 years of experience in Cyber Intelligence, Information Assurance, Cyber Security, and Audit. As an executive-level cybersecurity leader and advisor delivering years of management and consultation of complex enterprise domains in public, private, defense, and government sectors, he drives design, evaluation, audit, management, and reverse engineering of business risk/compliance and system infrastructures to ensure regulatory alignment. His best practice areas include but are not limited to establishing efficient incident response processes and disaster recovery plans, and management of compliance initiatives: NIST Frameworks (CSF, 800-53, 800-171), CMMC, HIPAA, HITRUST-CSF, Meaningful Use (EHR), PCI-DSS, NIST RMF (previously DIACAP, DCID 6/3, ICD 503), COBIT 2019, ITIL, and ISO 27001/27002 series. While achieving 20 years of military service supervising Cyber Operations and performing audits against Air Force and Army installations, Dr. Farinacci also worked his way through the corporate track from IT Manager to CISO. His passion for cyber security and project management has enabled an effective development and communication of change strategies for improving the security posture of organizations. As an Active Board Member for Pretty Fluid Technologies and MetaBrain Labs, and holding a Top-Secret SCI Clearance, Dr. Farinacci also has a Doctor of Management in Organizational Leadership from the University of Phoenix, authored a book entitled “The Importance of a Cyber Culture” providing perspective to overcoming hurdles in the implementation of cyber controls, and continues to contribute by posting articles and conducting speaking engagements on the importance of cybersecurity. Dr. Farinacci has a Doctorate in Management, a Master degree in IT, an MBA in International Business, and holds the following credentials: CMMC-RPA, CMMC-RP, CISSP, CDPSE, CISM, CGEIT, PCI-QSA, CIPP/US, ISO27001 CIS-F, and PMP. Check out his TedX on YouTube: https://www.youtube.com/watch?v=JIJslcA8Q5g&pp=ygUUcm9tZW8gZmFyaW5hY2NpIHRlZHg%3D
This session will provide guidance on the process and requirements for achieving compliance with Cybersecurity Maturity Model Certification (CMMC) version 2.0 and emphasize the significance of CMMC v2.0 in enhancing cybersecurity measures, particularly for organizations working with the Department of Defense (DoD) and how to leverage previous NIST 800-171 implementations.
The session will provide a brief history of CMMC, highlighting its evolution from 800-171 to version 1.0 and now 2.0. Will explore the current framework of CMMC v2.0, detailing its levels, domains, capabilities, and practices. Describe the relevance of CMMC v2.0 in securing DoD contracts and its broader impact on improving cybersecurity standards within organizations, even though not engaging with government contracts. And most importantly, the key concepts presented will include steps to prepare for Compliance:
- Assessment and Gap Analysis: Outline the process of conducting a self-assessment to identify current cybersecurity strengths and weaknesses in relation to CMMC v2.0 requirements.
- Developing a Plan of Action: Guidance on how to prioritize actions based on CMMC levels, including setting realistic timelines and milestones for compliance.
- Implementation Strategies: Offer best practices for implementing necessary cybersecurity measures and advice on utilizing existing resources and tools effectively.
- Continuous Monitoring and Improvement: Emphasize the need for ongoing compliance processes, regular reviews, and updates to cybersecurity practices.
- Handling 3rd Party Audits: Prepare for third-party assessments, focusing on documentation and evidence management to demonstrate compliance.
- Leverage cloud-based solutions (GCC and GCC-High)
This session provides a comprehensive guide on understanding, preparing for, and maintaining CMMC v2.0 compliance. It emphasizes the importance of cybersecurity in the context of DoD contracts and offers practical steps for organizations to assess, plan, implement, and sustain compliance. The goal is to equip participants with the knowledge and tools needed to successfully navigate the complexities of CMMC v2.0