The Official Conference of The Cyber AB

CS5 East 2026

Conference Agenda · October 22-23, 2026

Gaylord National Resort & Convention Center, National Harbor, MD

Agenda subject to change. All times in ET.

Apply to speak at CS5 East

Call for Speakers

Deadline to submit: July 31st

Filter Sessions:

Thursday, October 22nd, 2026

8:00 am - 9:00 am

BREAKFAST

Exhibitor Hall
9:00 am - 10:15 am

Welcome Remarks + Keynote

Main Stage
Mark Berman Mark Berman CEO, Forum Makers & FutureFeed
Matthew Travis Matthew Travis CEO, The Cyber AB
Additional Speaker TBD
10:15 am - 10:30 am

BREAK

10:30 am - 11:15 am

AI Enhanced CMMC

Inside the Next Generation of Assessment Readiness and Validation

Main Stage
Speaker(s) TBD
As CMMC assessments become more complex and artifact-heavy, C3PAOs are increasingly turning to AI to streamline preparation, accelerate reviews, and improve consistency across engagements. This session explores how AI is being used as an augmenting force - not a replacement - for human assessors. We'll walk through how AI assists in pre-assessment evidence organization, identify gaps across SSPs and artifacts, analyzes patterns in control implementation, and highlights inconsistencies that could signal risk. Attendees will learn how AI helps assessors validate scope, map artifacts to the correct controls, and maintain uniform interpretation of control objectives - while all judgments and findings remain human-led. The session also covers how DIB organizations can prepare their documentation and evidence repositories to leverage these AI-accelerated workflows, reducing assessment friction and improving readiness outcomes.
11:25 am - 12:10 pm

Beyond the Baseline: Measuring the Effectiveness of NIST SP 800-172 Against Advanced Persistent Threats

Main Stage
Jacob Horne Jacob Horne Summit 7
NIST SP 800-172 is often described as the security standard for organizations facing advanced persistent threats (APTs). But how well does it actually defend against real-world adversary tradecraft? This session moves beyond theory by mapping publicly documented nation-state techniques from the MITRE ATT&CK framework to the enhanced security requirements in NIST SP 800-172. Building on previous research analyzing NIST SP 800-171 against Iranian APT activity, this presentation examines how the additional safeguards in SP 800-172 improve defensive coverage, where meaningful gaps remain, and which enhanced requirements provide the greatest increase in security. The session also explores the implications of NIST SP 800-172 Revision 3. As NIST modernizes the enhanced requirements, attendees will see how proposed changes could improve resilience against contemporary APT campaigns and better align with evolving adversary behavior. Rather than asking whether compliance equals security, this presentation asks a more useful question: How much additional security does SP 800-172 provide, and where should the next generation of requirements go from here? Attendees will leave with a data-driven understanding of: • How SP 800-172 maps real-world APT techniques. • Which enhanced requirements provide the greatest defensive value. • Where sophisticated adversaries can still evade or succeed. • How Revision 3 has the potential to further strengthen the baseline for high-risk organizations.
12:10 pm - 1:30 pm

LUNCH

1:30 pm - 2:20 pm
📋 Contractor Track

It All Starts with CUI

Identifying, marking, and scoping the data that drives CMMC success

Room TBA
Speaker(s) TBD
Many organizations begin their CMMC journey by identifying the systems, users, and assets they believe are in scope. Effective scoping starts earlier - with understanding what Controlled Unclassified Information your organization receives, creates, processes, stores, or transmits, and how it moves through your environment. That's harder than it sounds: markings don't tell the whole story, and in modern hybrid environments CUI hides in email, cloud collaboration platforms, file shares, third-party services, and user endpoints. This session brings together three perspectives on the data identification problem: • How CUI designation differs from marking - and the contractor's responsibility when information is unmarked, improperly marked, or unclear • Practical strategies for tracing CUI data flows and defining a defensible assessment boundary • The common pitfalls - over-scoping, overlooked assets, and assumptions that become difficult to defend during an assessment - that drive up certification cost, complexity, and risk Attendees leave with actionable guidance for identifying CUI, documenting decisions, and building a clear, defensible scope that supports a more efficient path to certification.
1:30 pm - 4:30 pm 3-Hour Breakout Sessions
Service Provider

Service Provider Breakout

Room TBA
Sponsored & Presented by:ATX Defense
Supply Chain

Supply Chain Breakout

Room TBA
Presenter Pending
Manufacturing

Manufacturing Breakout

Room TBA
Presented by LEXX
Artificial Intelligence

Artificial Intelligence Breakout (1 of 2)

Room TBA
Presenter Pending
Aerospace & Defense

Aerospace & Defense Breakout

Room TBA
Sponsored & Presented by:RSM
1:30 pm - 4:20 pm
Roundtable Revolution
Roundtable Revolution

36 roundtable topics across three 50-minute rounds. Each round features a different set of 12 topics - select a round to see its lineup. Keep checking back as we add new topics.

Topic 1: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 2: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 3: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 4: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 5: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 6: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 7: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 8: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 9: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 10: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 11: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 12: TBA

1:30 pm - 2:20 pm
Exhibitor Hall
Facilitator TBD

Topic 13: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 14: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 15: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 16: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 17: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 18: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 19: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 20: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 21: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 22: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 23: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 24: TBA

2:30 pm - 3:20 pm
Exhibitor Hall
Facilitator TBD

Topic 25: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 26: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 27: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 28: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 29: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 30: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 31: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 32: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 33: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 34: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 35: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Topic 36: TBA

3:30 pm - 4:20 pm
Exhibitor Hall
Facilitator TBD

Round 2 of Roundtable Revolution and Breakout Sessions

2:30 pm - 3:20 pm
2:30 pm - 3:20 pm
📋 Contractor Track

CMMC: Understanding DOW Contract Terms

Making sense of the rules, the clauses, and what they mean for your next bid

Room TBA
Speaker(s) TBD
The alphabet soup is real: the 32 CFR program rule, the 48 CFR acquisition rule, DFARS 252.204-7012, -7019, -7020, and -7021, FAR flow-downs - and somewhere in there, your contract. This session makes sense of it all and turns it into a bidding strategy: • Which rule does what - the 32 CFR CMMC program rule vs. the 48 CFR contract clause, and how the DFARS clauses fit together • Where an organization should start • How certification requirements change contract bids - and the Option Year renewal concerns nobody warns you about • The prime contractor flow-down: what primes will require, and when • Where ITAR and EAR fit in the picture - and why export-controlled data changes your CUI story • How to bid an effective and accurate timeline for compliance implementation, assessment, and contract proposals

Round 3 of Roundtable Revolution and Breakout Sessions

3:30 pm - 4:20 pm
3:30 pm - 4:20 pm
📋 Contractor Track

Yes, and: CUI Governance that Protects Data and Preserves Operations

Practical Governance for Scoping CUI, Assigning Ownership, and Keeping Audits and Suppliers on Track

Room TBA
Speaker(s) TBD
Customers - and programs like CMMC - direct you to protect the data. That's table stakes. What they don't direct is how to protect your business while you do it: keeping scope tight, suppliers viable, audits efficient, and operations moving. This session delivers the "yes, and" playbook: yes, protect the data as required, and design governance that limits CUI boundaries, assigns accountable data owners, and treats flow-down as an intentional operational choice - not an IT checkbox. Through short case studies and practical controls, you'll learn how to prevent scope creep, reduce downstream evidence of work, and align security controls with business continuity and supply chain performance.
4:30 pm - 5:30 pm

HAPPY HOUR

Exhibitor Hall
Emcee TBD

Friday, October 23rd, 2026

8:00 am - 9:00 am

BREAKFAST

Exhibitor Hall
9:00 am - 9:50 am
📋 Contractor Track

CMMC Flow-Down or Fall Down

Building Confidence in the Affirming Official's Supply Chain

Room TBA
Speaker(s) TBD
Most Affirming Officials are affirming what they cannot see. Their direct CUI environment, sometimes. Their service providers and supply chain, rarely. This session looks at supply chain risk from the AO's chair, drawing on lessons learned from 100+ NIST 800-171 assessments across primes, mid-market, and small business suppliers. Attendees leave with a three-principle framework - visibility, tiering, action - for building reasonable assurance into their flow-down program.
9:00 am - 12:00 pm 3-Hour Breakout Sessions
Track TBD

Breakout Session - Title TBA

Room TBA
Sponsored & Presented by Hypori
Artificial Intelligence

Artificial Intelligence Breakout (2 of 2)

Room TBA
Presenter Pending
Higher Education

Higher Education Breakout

Room TBA
Presenter Pending
Architecture & Construction

Architecture & Construction Breakout

Room TBA
Presenter Pending
Track TBD

Breakout Session - Title TBA

Room TBA
Presenter Pending
9:00 am - 11:50 am
Roundtable Revolution
Roundtable Revolution

36 roundtable topics across three 50-minute rounds (repeat of the Day 1 topics). Each round features a different set of 12 topics - select a round to see its lineup. Keep checking back as we add new topics.

Topic 1: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 2: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 3: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 4: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 5: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 6: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 7: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 8: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 9: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 10: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 11: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 12: TBA

9:00 am - 9:50 am
Exhibitor Hall
Facilitator TBD

Topic 13: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 14: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 15: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 16: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 17: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 18: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 19: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 20: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 21: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 22: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 23: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 24: TBA

10:00 am - 10:50 am
Exhibitor Hall
Facilitator TBD

Topic 25: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 26: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 27: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 28: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 29: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 30: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 31: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 32: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 33: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 34: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 35: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Topic 36: TBA

11:00 am - 11:50 am
Exhibitor Hall
Facilitator TBD

Round 2 of Roundtable Revolution and Breakout Sessions

10:00 am - 10:50 am
10:00 am - 10:50 am
📋 Contractor Track

Why the Best CMMC Programs Start in the CFO's Office

From the perspective of a CCA

Room TBA
Speaker(s) TBD
Many OSCs approach CMMC as a compliance expense. The conversation often starts with: How much will this cost? What is the minimum we have to do? How do we get through assessment? Instead, ask different questions: • What revenue depends on this? • What contracts become available because of this? • What business risk are we reducing? • What operational capabilities are we building? This product-agnostic session reframes CMMC as a business and executive leadership discussion, not just a technical and compliance exercise. The most sustainable CMMC programs do not start with technical controls - they start with leadership understanding why those controls exist. Drawing from real-world CMMC environments, the session explores why successful programs are less about a specific technology stack and more about executive clarity, business objectives, and intentional architecture. If an organization spends $X to preserve eligibility for $X million in defense revenue, is that merely a compliance expense - or a business continuity investment? Attendees will work through executive-level questions such as: • How much annual revenue is tied to DoW contracts and subcontracts? • Could commercial revenue replace that loss within 12 months? • What value is tied to your reputation and position in the defense supply chain? • What is the cost of validating assumptions before implementation vs. discovering six months later they were wrong? "CMMC is not for us" may be the right answer - the goal is to make that decision intentionally, financially, and strategically. The CFO will be your best friend here. Time is reserved for facilitated audience discussion and Q&A on how organizations can slow down enough to make sound business decisions while moving fast enough to meet contract demand.

Round 3 of Roundtable Revolution and Breakout Sessions

11:00 am - 11:50 am
11:00 am - 11:50 am
📋 Contractor Track

The Cost of Compliance vs. The Price of Fraud

Navigating False Claims Act Risk in CMMC Attestations

Room TBA
Speaker(s) TBD
With the formal roll-out of CMMC, the stakes for DoW contractors have fundamentally shifted from operational eligibility to legal accountability. Under the DOJ's Civil Cyber-Fraud Initiative, the government is increasingly leveraging the False Claims Act (FCA) to pursue treble damages and hefty penalties against companies that knowingly misrepresent their cybersecurity posture in the Supplier Performance Risk System (SPRS). This session addresses a critical friction point in the DIB: the disconnect between the IT and security teams tracking technical controls and the C-suite executives who must legally sign off on compliance attestations. Through an objective, non-commercial breakdown of recent FCA cyber-fraud enforcement actions, we'll map out exactly where organizations stumble - how incomplete System Security Plans (SSPs), unvetted Plans of Action and Milestones (POA&Ms), and "paper compliance" create devastating legal liabilities. Participants receive a step-by-step framework to establish a legally defensible compliance process: executive validation protocols, absolute alignment between technical evidence and legal affirmations, and internal whistleblower mitigation strategies. This session moves past standard control checklists to deliver an essential governance playbook for surviving the new era of regulatory enforcement.
12:00 pm - 1:00 pm

LUNCH

1:00 pm - 1:50 pm

NIST SP 800-171 Rev 3: The Future of CMMC Starts Now

Audit-prep dos and don'ts, learned the hard way

Main Stage
Speaker(s) TBD
The required use of NIST SP 800-171 Rev 3 is still in rulemaking - but the changes from Rev 2 are not insignificant, and forward-leaning, forward-thinking organizations are examining them now. This panel steps through what's actually different and what it means for your compliance program: • The headline changes - restructured and consolidated requirements, new control families including Planning, System and Services Acquisition, and Supply Chain Risk Management, and tighter alignment with NIST SP 800-53 Rev 5 • Organization-Defined Parameters (ODPs) - and why they change how requirements will be specified, interpreted, and assessed • What the transition means in practice for your System Security Plan, policies, procedures, and the evidence behind them • Timing and approach - when to start, what to sequence first, and how to prepare for Rev 3 while Rev 2 still governs your contracts Our panelists offer practical guidance for navigating the change ahead so your CUI environment is compliant when the new requirements arrive. 2027 starts now.
2:00 pm - 3:30 pm

Mock Assessment

Main Stage
Full session details, speakers, and topics will be announced soon. Check back for updates.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram