Strategic Scoping: Simplifying CMMC Compliance

Strategic Scoping: Simplifying CMMC Compliance

Tech Talk, Upcoming Meeting/Tech Talk

The August monthly meeting is on August 14th from 4:00-5:00 PM ET. Our tech talk will be presented by Scott Dawson and Rick Krick

August 14, 2024

4:00-5:00PM US/Eastern

Register with EventBrite

SEA Members: the meeting URL is in your calendar invitation, so you do not need to register on EventBrite.

Abstract

Uncover the art of ‘scoping’ to streamline your CMMC journey, focusing on defining the IT boundaries that contain CUI. Learn how to not only simplify CMMC compliance but also make it more cost-effective for small businesses. The presentation includes how to narrow your scope using a CUI Enclave model and reduce cost for compliance and assessment.

About the Presenters

Scott Dawson is the President and Co-Founder of Core Business Solutions, an ISO and Cybersecurity consulting company headquartered in Lewisburg, Pennsylvania.

Scott is a quality management expert and consultant with over 30 years of experience, Scott has helped thousands of American businesses implement ISO 9001 and other ISO and cybersecurity standards.

At Core Business Solutions, Scott co-created the first cloud-based document control system, the CORE Compliance Platform, which helps thousands of users achieve and maintain ISO certification. He has developed simplified programs for implementing ISO 9001, ISO 27001, ISO 20000-1, ISO 14001, ISO 45001, CMMC, CMMI, and more. Core is a member of the Cyber AB and a Registered Provider Organization (RPO) relating to the CMMC standard.

Scott is a voting member of the US ISO TAG (Technical Advisory Group) TC 176, the national entity providing input into the development of the ISO 9001 standard. In 2001, Scott founded the “ISO 9001 for Small Business” group on LinkedIn, which serves 16,000 members worldwide.

Along with his brother, Scott received the 2017 Entrepreneurial Achievement Award from Ben Franklin Technology Partners. He received his Master’s degree from Denver Seminary in 1986.

Looking ahead, Scott is leading the way into new realms of ISO and cybersecurity compliance solutions to help American businesses flourish.

Rick Krick, Director of Security Solutions for Core Business Solutions

Rick has worked in security solutions for the past 14 years and has been a Quality Management System consultant for over 30 years. Because of his vast experience with multiple industry segments, he currently manages the Security Solutions Team at Core. He is trained in the following Standards: ISO 9001, AS9100, AS9120, ISO 14001, ISO 27001, ISO 20000-1, ISO 45001, CMMC, and CMMI, among others. Rick’s been a teacher, a software developer, and a consultant for many years. Rick has a great sense of humor and enjoys teaching the benefits of a strong QMS and cybersecurity systems. Rick is a member of the Cyber AB.

Strategic Business Analysis for Software Excellence

Strategic Business Analysis for Software Excellence

Tech Talk, Past Presentation

The July 2024 tech talk was presented by Trent Leopold

Watch the Recording on YouTube
View the Presentation Slides
Read the Full Meeting Minutes

Download Handouts:

1
2
3
4

Abstract

This presentation showcases proven ways for imparting excellence to software applications. The presentation relates associated business analysis techniques and is suitable for software developers, engineers, project managers, and product managers.

The presentation is also suited for anyone seeking ways to impart excellence (or more excellence) to their operation or organization. A recent attendee comments that “every professional, including executive management can benefit from this presentation.”

The presenter, currently a brain research participant in an international longitudinal study led by a major US university, showcases recent research findings particularly related to human strategic thought processes and their direct correlation to excellence. This includes demonstration and discussion concerning the human mind.

About the Presenter 

Trent Leopold is an active, professional senior business analyst with more than 25 years of experience in the private and public sectors, including various governance roles. Leopold’s experience includes serving as an advisor to two U.S. presidents, a U.S vice-president and two Texas governors. Trent is an active member of the IIBA and PMI, and serves to establish Business Analysis standards. He is an IEEE officer, involved with creating international professional standards, including those endorsed by the ISO – most recently pertaining to AI governance. Leopold received a lifetime achievement award from Who’s Who. He is a longitudinal research participant with a major U.S. university in an international study exploring human brain function. Trent’s education includes a MSc. degree in managerial science, and he’s a licensed airplane pilot.

Automotive Engineering Excellence: Stories of Joy and Terror – Panel Session

Automotive Engineering Excellence: Stories of Joy and Terror – Panel Session

Tech Talk, Past Presentation

The June 2024 Tech Talk was presented by Dan Wall and Juan Webb

Watch the Recording on YouTube
Read the Full Meeting Minutes

Abstract

Automotive Engineering Excellence: Stories of Joy and Terror” offers a captivating exploration into the dynamic world of automotive engineering through the eyes of seasoned experts. In this anthology, a panel of industry veterans unveils narratives that encapsulate the exhilaration and challenges inherent in their field.

With the automotive landscape evolving at a relentless pace, the stories highlight the increasing complexity faced by engineers. From the integration of interconnected systems to the demands of ensuring safety and cybersecurity, each anecdote underscores the intricate balance between innovation and risk mitigation. Delving into the realm of hardware, electrical, and software development, the anthology elucidates the intricate dance of these components within the broader framework of a “system of systems.” Firsthand experiences provide insights into the meticulous processes involved in adhering to standards such as ASPICE (Automotive SPICE) and driving continuous process improvement.

Yet, amidst the technical prowess and strategic foresight, the panelists candidly share moments of terror: instances where unexpected challenges threatened to derail projects or compromise safety. These tales serve as poignant reminders of the unforgiving nature of the automotive industry, where the margin for error is razor-thin.

Ultimately, “Automotive Engineering Excellence” emerges as more than a collection of anecdotes—it serves as a testament to the passion, resilience, and ingenuity of those dedicated to shaping the future of mobility. Whether celebrating triumphs or confronting setbacks, these stories offer invaluable lessons for engineers, enthusiasts, and industry stakeholders alike.

About the Presenters

Dan Wall: With over 40 years of multifaceted experience, Dan has left an indelible mark on the world of software engineering and process improvement. His journey spans roles as diverse as software developer, architect, quality assurance manager, test manager, project lead, and vice-president of production methods. From the trenches of small startups to the boardrooms of multinational corporations, Dan has navigated the complexities of the industry. Key highlights of this panel session include:

CMM ML2 Achievements:

  • Dan’s expertise extends beyond theory. He has guided both a 10-person startup and a 3,000-person division to achieve CMM ML2 (Capability Maturity Model Integration Level 2) certification.

Industry Diversity:

  • Dan’s impact reverberates across sectors—automotive, defense, energy, and commercial. He even lent his expertise to the world of video games (think Guitar Hero, Tony Hawk, and Marvel).

Process Guru:

  • As a Principal ASPICE Assessor, Dan has conducted or participated in over 500 CMMI and ASPICE assessments. His insights have shaped the industry’s best practices.
  • He wears multiple hats: scrum master, six sigma master black belt, VW certified SQIL, PSP instructor, and TSP coach.

Thought Leadership:

  • Dan’s voice resonates on global stages. He has graced numerous conferences as a speaker.
  • His legacy extends to the written word—co-authoring several books and technical papers.

Juan Webb brings more than 25 years of experience between the automotive and aerospace/defense industries in safety critical SW&Sys engineering, project management, and driving process improvements. He is a Principal ASPICE assessor and one of two intacs-certified Competent ASPICE Instructors and Software Quality Improvement Leaders (SQIL) in North America. 

He spent several years working as an FAA Designated Engineering Representative, recommending and approving type certification data for safety-critical airborne systems. He also holds certification as an ISO/IEC 27001 Lead Auditor, as well as a TUV certification as a Cybersecurity Engineer, and has provided numerous training-related ISO 21434 and Cybersecurity Management System (CSMS) audits.

With extensive experience in development, coaching, training, auditing/assessing, and leading process improvements, Juan has a proven track record of driving successful project outcomes and helping companies to achieve their business objectives. 

Juan has a Bachelor of Science in Aerospace Engineering from the University of Alabama.

Secure Systems By Design

Secure Systems By Design

Tech Talk, Past Presentation

The May 2024 tech talk was presented by Tim Chick

Watch the Recording on YouTube
View the Presentation Slides
Read the Full Meeting Minutes

Abstract

The SEI has been in the forefront of secure software development, promoting a “shift left” approach, whereby security weaknesses are addressed, prevented, or eliminated earlier in the software development cycle, saving time and money. 

In this presentation, we will discuss security being an integral aspect of the entire software lifecycle as a result of following deliberate, intentional engineering processes, rather than security being addressed in individual stages as one-off activities.

About the Presenter 

Tim Chick is the CERT Applied Systems Group Technical Manager at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). He currently leads a team of software and system engineers as they build and operate technical solutions for both internally-funded research and customer-facing prototypes, and delivers trusted, valued, and relevant software engineering and cybersecurity approaches for software intensive systems through engineering and consulting support to DoD and DHS programs. In collaboration with technical experts across the SEI, the team assists organizations with the application of Agile and DevSecOps practices and the adoption of emerging technologies needed to keep pace with evolving opportunities, risks, and threats.

He is also an adjunct faculty member at CMU’s Software and Societal Systems Department (S3D), where he teaches courses on Agile and Software Project Management.

Prior to joining CMU, Chick worked for Naval Air Systems Command (NAVAIR) as a project manager, leading software development projects and software process improvement efforts for the E-2C Hawkeye Program, and as a software acquisition lead for the Vertical Take-Off and Landing Tactical Unmanned Aerial Vehicle (VTUAV) Program.

He holds an MS in Computer Science from Johns Hopkins University and a BS in Computer Engineering from Clemson University.

Take Control: Exceptional Methods for Making Commitments You Keep

Take Control: Exceptional Methods for Making Commitments You Keep

Tech Talk, Past Presentation

The April 2024 tech talk was presented by David Tuma

Watch the Recording on YouTube
View the Presentation Slides
Read the Full Meeting Minutes

Abstract

We’ve all been there: working long hours, late nights and weekends, under immense pressure to finish a release after missed deadlines and project overruns. Fortunately, there is a better way! 

This presentation will describe a proven set of tools and techniques for planning and tracking that teams can use to make and keep commitments, increase agility, and delight their customers. Come learn how you can retake control, for yourself, and your team.

About the Presenter 

David Tuma is a graduate of MIT, with a passion for exceptional software development. He has contributed to the success of numerous projects in roles ranging from architecture to coding, security assessment to causal analysis, and project management to coaching. 

In his support for exceptional practices, he created (and continues to evolve) an open-source toolset called the Process Dashboard, which has been used by tens of thousands of developers worldwide.

David is an active member of the SEA Executive Team and the SEA Data Warehouse Working Group.

Embracing Generative AI: The Future Isn’t Written, It’s Generated!

Embracing Generative AI: The Future Isn’t Written, It’s Generated!

Tech Talk, Past Presentation

The February 2024 Tech Talk was presented by Chandika Mendis

Watch the Recording on YouTube
View the Presentation Slides
Read the Full Meeting Minutes

Abstract

The printing press birthed the Renaissance. The steam engine sparked the Industrial Age. Now, Generative AI stands poised to be the Gutenberg of our time. This revolutionary tech isn’t just tools – it’s a productivity paradigm shift, impacting the industries and use-cases we least expected to be impacted through Artificial Intelligence: those use-cases we thought epitomized human intelligence and creativity. This paradigm shift opens up amazing new opportunities while also exposing us to new kinds of risks.

This talk attempts to explore the impact of Generative AI on our future and how we can embrace it:

  • Introduction to generative AI and its impact across industries
  • Practical applications and real-world examples
  • Common challenges and approach to adoption
  • Understand the risks and new threats this technology opens up

Now is our chance to embrace this new technology or be swept away by its tide.

About the Presenter 

Chandika Mendis is a senior technology leader who plays the roles of CTO, board advisor, and angel investor for a number of tech startups. Prior to his current roles, he was the EVP and Global Head of Engineering for Virtusa. He lead the innovation teams that created award-winning IP that were a key part of Virtusa’s strategic competitive advantage. Chandika’s technology contributions were instrumental in driving Virtusa’s growth, from 300 when he joined in 2003, to 45,000 when he left in 2023 to pursue his passion helping early-stage startups. The teams under his purview won the Stevie Award for the best IT Team, the Gold Stevie for the most Innovative Technology Company, as well as the Best Product award in multiple categories. Chandika was also responsible for setting up the processes and systems to scale engineering governance activities, as well as mentoring senior technologists at Virtusa. Since leaving Virtusa, Chandika has been involved with startups leveraging innovative technologies including Generative AI, Industrial Metaverse and Cybersecurity.