20+ years in Information Technology roles. 14+ years in a leadership role in Information Security. Of those 20+ years, over 18 have been at state funded academic institutions. In addition, I earned my MBA in May 2008, which greatly aided me in fulfilling my goal of integrating information security into all facets of an entityʼs operations. To formalize my information security experience, I obtained a CISSP certification in May 2011, a CISM certification in September 2012, the GIAC Strategic Planning, Policy, and Leadership (GSTRT) in 2019 and recently the GIAC Critical Controls Certification (GCCC) in 2024. Focus areas: Data Governance/Management; IT/Cybersecurity Strategic Planning; IT Risk Management; Policy, Compliance Management; Cybersecurity Awareness, Education & Training; IT Governance, Risk & Compliance; CMMC, NIST 800-171, CSF, RMF and Privacy Frameworks
This overview provides a review of the timeline that introduced NIST SP 800-171 "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations" as a compliance framework, an overview of the control families for the 110 controls and a discussion of the impacts and concerns for higher education.
In this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation.
The Cybersecurity Maturity Model Certification (CMMC) is a set of policies and practices that address the protection of federal Controlled Unclassified Information (CUI) data through administrative, physical, and technical controls.
| Status: | Yes, current member |