
| Opening & Foundations: Understanding Federal IoT Cyber Certification (T00) |
| Moderator: Andrew Freund, Founder & CEO, Kraken Compliance |
09:00 Compliance Auditing and Certification for IoT and Cloud-Based Devices (T00a) Michelle Jump, CEO, MedSec
09:30 IoT Cyber Certification (T00b) Eugene Liderman, Director – Mobile Security Strategy, Google
10:00 NIST’s Technical Work in Support of the FCC’s Cyber Trust Mark Program (T00c) Michael Bergman, Vice President, Technology & Standards, Consumer Technology Association

| Foundations of SBOM and Federal Software Supply Chain Compliance (W00) |
| Moderator: Ingrid Woodley, Senior Director, Revenue Strategy, 38North Security |
09:00 Secure Software Development Practices and Integrating Transparency into the Software Supply Chain (W00a) Tim Brown, CISO, SolarWinds
09:30 The Future of CMMC: Expanding Beyond the US DoD (W00b) Rob Teague, VP Federal Consulting, Redspin
10:00 A Practical Guide for Unlocking Business Value from Your SBOMs (W00c) Gaurav Kumar Srivastava, Senior Key Expert (R&D) for Vulnerability Management, Siemens
| Real-World Practices: Preparing Products for Certification (T01) |
| Moderator: Andrew Freund, Founder & CEO, Kraken Compliance |
11:00 Requirements for the U.S. Cyber Trust Mark (T01a) Michael Bergman, Vice President, Technology & Standards, Consumer Technology Association
11:30 Current Status and Future Outlook for Cyber Trust Mark (T01b) Lauryn Williams, Deputy Director and Senior Fellow, Strategic Technologies Program, Center for Strategic & International Studies
12:00 When and How to Prepare for a CMMC Certification Assessment (T01c) David Bedard, Director of Compliance, KTL Solutions
| Risk Management and Regulatory Alignment (W01) |
| Moderator: Shaunak Shah, Manager, Engineering, Intertek, Acumen Security |
11:00 Overview of Federal SBOM Efforts (W01a) Robert Martin, Sr. Software and Supply Chain Assurance Principal Eng., MITRE
11:30 Executive Order No. 14306 and Its Impacts on Software Supply Chain Management (W01b) Adam Bartolanzo, Principal, Miles & Stockbridge PC
12:00 HBOM Is Different From SBOM, But It Rhymes (W01c) Allan Friedman, Former Senior Technical Advisor and Strategist, CISA
| Overlaps & Global Standards: Navigating Conflicting Frameworks (T02) |
| Moderator: Andrew Freund, Founder & CEO, Kraken Compliance |
13:30 Security Through Overlapping Certification Schemes: What Do We Need to Be Doing Better? (T02a) Jonathan Rolf, Independent, Retired NSA NIAP Director
14:00 Mastering the Basics: A Ground-Up Approach to Navigating Overlapping Cyber Compliance Regimes (T02b) Leslie Weinstein, Owner, The Cyber Advisor
14:30 Navigating the Quagmire of Cybersecurity Frameworks and Initiatives: One Approach to Solve Them All (T02c) Ronald Lear, Vice President, Models and Frameworks, ISACA-CMMI Institute
| Pilots, Compliance, and Integration (W02) |
| Moderator: Shashi Karanam, Senior Manager, Cybersecurity GRC, Comcast |
13:30 Scaling Risk Analysis from Software to Systems (W02a) Robert Martin, Sr. Software and Supply Chain Assurance Principal Eng., MITRE
14:00 One Framework to Secure Them All (W02b) Leopold Wildenauer, Director of Policy, Information technology industry Council (ITI)
14:30 Achieving CMMC Compliance—Leveraging the Use of ESPs in Your Company (W02c) Kevin Mann, President, Resilient IT
| Future of IoT Cyber Certification: Harmonization, Challenges, and Opportunities (T03) |
| Moderator: Shashi Karanam, Senior Manager, Cybersecurity GRC, Comcast |
15:30 GlobalPlatform in Security Certification Frameworks (T03a) Ana Tavares Lattibeaudiere, Executive Director, GlobalPlatform
16:00 Panel Discussion: Future of IoT Cyber Certification—Harmonization, Challenges, and Opportunities (T03b) Leader: Smita Mahapatra, Senior Security Industry Specialist, Amazon Web Services (AWS) Panelists: Michael Bergman, Vice President, Technology & Standards, Consumer Technology Association; Jim Lutz, VP Technical Cybersecurity Expert for OT/ICS, RMC Global; Matt Pearl, Director, Strategic Technologies Program, Center for Strategic and International Studies; Jonathan Rolf, Independent, Retired NSA NIAP Director; [60MIN]
| Case Studies and Forward-Looking Strategies (W03) |
| Moderator: Tony Bai, Chief Solutions Officer, RISCPoint |
15:30 CMMC Assessment Process (W03a) Fernando Machado, Managing Principal/CISO, Cybersec Investments
16:00 Panel Discussion: Managing Risk and Compliance in a Shifting Federal Landscape (W03b) Leader: Chris Williams, Cyber Security Consultant, Enterprise Cyber Solutions Panelists: Adam Bartolanzo, Principal, Miles & Stockbridge PC; Bob Kolasky, Senior Vice President Critical Infrastructure, Exiger; Carter Schoenberg, Vice President, SoundWay Consulting; Matthew Travis, CEO, The Cyber AB [60MIN]

| Foundations of FedRAMP: Program Overview and Quantum Horizons (F10) |
| Moderator: Dale Hoak, CISO, RegScale |
09:00 FedRAMP in the Quantum Age (F10a) Kevin Jackson, Director Cloud Solutions, GovCloud Network
09:30 Overview of FedRAMP 20X (F10b) Matt Goodrich, Director, Solution Sales, Diligent
10:00 International Use of the STAR Program to Achieve FedRAMP-like Results (F10c) Troy Leach, Chief Strategy Officer (CSO), Cloud Security Alliance

| Setting the Stage for AI Risk Management (M10) |
| Moderator: Chris Williams, Cyber Security Consultant, Enterprise Cyber Solutions |
09:00 The Innovation Accelerator: How Strategic AI Risk Management Transforms Barriers into Competitive Advantages (M10b) Asad Mansoor, CEO/Managing Director, Cloud Control Studio
09:45 Questions We Should Be Asking About AI (M10c) Gregory Touhill, Director, CERT
| Vendor and Implementation Perspectives: Lessons from the Field (F11) |
| Moderator: Smita Mahapatra, Senior Security Industry Specialist, Amazon Web Services (AWS) |
11:00 FedRAMP Certification Journey (F11a) Gagandeep Singh, Vice President, Global Compliance & Certifications, Salesforce
11:30 FedRAMP Case Studies and Lessons Learned (F11b) Gaurav Pal, Principal, stackArmor
12:00 Navigating the Future of Security Compliance: An Introduction to NIST OSCAL (F11c) Pirooz Javan, Chief Technology Officer, Easy Dynamics
| Regulatory Alignment and Certification Strategies (M11) |
| Moderator: Jocelyn Padilla, VP Customer Success, SMPL-C |
11:00 Update from the AI Certification World (M11a) Elena Bobkova, AI & Information security
11:30 ISO 42001 in Practice: Enabling Responsible AI and Regulatory Alignment (M11b) Danny Manimbo, Principal, Schellman
12:00 Toward Certified AI: Deploying Generative Systems Within Federal Risk Frameworks (M11c) Pavan Reddy, AIOps Engineer, Comcast
| Accelerating Authorization and Compliance: Tools and Strategies (F12) |
| Moderator: Smita Mahapatra, Senior Security Industry Specialist, Amazon Web Services (AWS) |
13:30 Rapid Authorizations (F12a) David Jenkins, Distinguished Engineer and CTO Federal Compliance, IBM
14:00 Automating FedRAMP: From Today to 20x (F12b) Dale Hoak, CISO, RegScale
14:30 Zero Bureaucracy: Accelerating FedRAMP with Trust Automation and AI-Native Compliance (F12c) Ron Fulton, Cyber Guard Pro
| Operationalizing AI Security Across ICT Systems (M12) |
| Moderator: Chris Williams, Cyber Security Consultant, Enterprise Cyber Solutions |
13:30 Operationalizing AI-Driven Cybersecurity: A Framework for Compliance in the FedRAMP Era (M12a) Jay Diem, Program Chair, CMMC Day and Founder and Principal Consultant, SloariX Security
14:00 AI Cyber Risk Readiness: Prepared? (M12b) Ali Pabrai, CEO, ecfirst
14:30 Beyond Boundaries: Modeling Adjacency and Linkage for AI-Enabled Compliance-by-Design (M12c) Henry Sienkiewicz, Adjunct Lecturer – SCS MPS Applied Intelligence, Georgetown University
Exhibit Area
| Steps to Cyber Resilience and Outlook (F13) |
| Moderator: Tony Bai, Chief Solutions Officer, RISCPoint |
15:30 Taming the Cyber Elephant (F13a) Robert Felps, CEO, Cyber Compass LLC
16:00 Panel Discussion: Preparing for the Next Era of FedRAMP—Best Practices, Emerging Trends, and Compliance Automation (F13b) Leader: Andrew Freund, Founder & CEO, Kraken Compliance Panelists: Petar Besalev, EVP Cybersecurity and Privacy Services, A-LIGN; Josh Blaher, Manager, Product Security Engineering, Red Hat; Kevin Jackson, Director Cloud Solutions, GovCloud Network; John Osborne, Senior Principal Solutions Engineer, Chainguard [60MIN]
| Advanced AI Compliance and Future Directions (M13) |
| Moderator: Jocelyn Padilla, VP Customer Success, SMPL-C |
15:30 Revolutionizing DIB Cybersecurity Compliance with CMMC-Specific LLMs: An AI-Driven Approach to Mitigating Risks and Ensuring Regulatory Adherence (M13a) Srikant Rachakonda, CEO, SMPL-C
16:00 Panel Discussion: Preparing for Federal AI Security Frameworks—Best Practices and Next Steps (M13b) Leader: Jay Diem, Program Chair, CMMC Day and Founder and Principal Consultant, SloariX Security Panelists: Nick Reese, COO of Optica Labs, Inc; Omar Santos, Co-Chair, Coalition for Secure AI, and Distinguished Engineer, Cisco; Martin Stanley, AI and Cybersecurity Researcher, National Institute of Standards and Technology (NIST) [60MIN]