Dr. Thomas Graham

Dr. Thomas Graham

CISO, RedSpin

Dr. Thomas Graham, Ph.D., serves as the VP and Chief Information Security Officer (CISO) at Redspin, a top cybersecurity, and privacy consulting firm, the first authorized C3PAO, and one of the first organizations to conduct a DIBCAC High CMMC (Cybersecurity Manual Model Certificate) assessment under the joint surveillance program. Dr. Graham is the architect of Redspin becoming the first authorized C3PAO and has been the lead for numerous assessments under the Joint Surveillance Voluntary Assessment Program (JSVAP). Dr. Graham is responsible for all internal security items for Redspin and its affiliates. Before Redspin, Dr. Graham supported the Defense Health Agency (DHA), where his team received a FedHealthIT award for Innovation, presented to them at the National Press Club in Washington, DC. Dr. Graham holds a Ph.D. in Information Assurance and Security, an MBA, and a Master of Science degree in Technology Systems. He also serves as the Chair for the MIS Advisory Board for East Carolina University, a member of IANS Faculty, and has been a member of the HIMSS Cybersecurity, Privacy, and Security Committee. Dr. Graham has previously spoken at other industry events including the National Cyber Summit and ISC2 Security Congress.

All Sessions by Dr. Thomas Graham

Cybersecurity Maturity Model Certification (CMMC) - 2025 and Beyond September 15, 2023
11:55 am - 12:45 pm

Maximizing Cybersecurity Resilience: The Power of Combining CMMC and Zero Trust

As cyber threats continue to evolve, organizations need to adopt robust security measures to protect their sensitive data and assets. Two powerful frameworks that are gaining momentum in the cybersecurity world are the Cybersecurity Maturity Model Certification (CMMC) and Zero Trust.

CMMC is a standard developed by the US Department of Defense that assesses and certifies the cybersecurity maturity level of contractors and suppliers. Zero Trust, on the other hand, is a security model that requires strict identity verification and authorization for every user and device that tries to access a network.

In this session, we will explore the synergies between these two frameworks and how they can complement each other to create a robust and resilient security posture. We will discuss how the adoption of Zero Trust principles can help organizations achieve higher CMMC maturity levels and how CMMC can serve as a roadmap for implementing Zero Trust.

Join us to learn how to combine these two powerful frameworks to protect your organization from cyber threats and achieve a higher level of cybersecurity maturity