Kyle is the President and CISO at KLC Consulting, an authorized CMMC Third-Party Assessment Organization (C3PAO) sanctioned by the CMMC Accreditation Body (CyberAB). His firm is instrumental in offering guidance and conducting independent assessments within the Defense Industrial Base (DIB) supply chain. Moreover, Kyle contributes his expertise as a C3PAO Stakeholder Forum board member.
With over 25 years of cybersecurity experience, Kyle has advised leading firms such as ExxonMobil, Zoom, Boeing, HP, Microsoft, and the U.S. Department of Defense (DoD). He possesses an array of certifications, including the CMMC Certified Assessor (CCA) and Certified Professional (CCP), as well as the CISSP, CSSLP, CISA, CDPSE, CIPP/US, and CIPP/G.
Before KLC Consulting, Kyle was a CISO at a Blackstone subsidiary company and Brandeis University's Heller School. He also played a pivotal role as a U.S. DoD operations manager, overseeing the cybersecurity training platform and supporting personnel across the department.
As the cybersecurity landscape grows more complex, the responsibilities of the Chief Information Security Officer (CISO) have evolved significantly. New CISOs face challenges such as advanced cyber threats, regulatory pressures, and technological changes while working within tight budgets. This keynote presentation discusses the effective CISO journey in three key areas: visionary leadership, strategic risk communication, and adaptive change management.
Drawing on personal experiences from leading a global cybersecurity team and interviews with global CISOs, this talk will outline practical strategies for:
1. Building and leading teams with a clear and compelling vision.
2. Articulating and negotiating cybersecurity risks with senior stakeholders to facilitate informed decision-making.
3. Embracing technological and regulatory changes as opportunities for innovation and improvement.
From the perspective of a CMMC Certified Assessor (CCA) affiliated with an authorized CMMC Third-Party Assessment Organization (C3PAO), this presentation is rooted in firsthand experience, having successfully compiled the necessary documentation and passed the rigorous U.S. Department of Defense’s DIBCAC High Confidence assessment and a Joint Surveillance Voluntary Assessment (JSVA).
The pathway to CMMC / NIST 800-171 compliance requires a Defense Industrial Base (DIB) contractor or subcontractor to meticulously prepare a comprehensive set of documentation. This talk aims to demystify the assessment process, highlighting key focus areas for assessors and delineating the preparatory steps essential for achieving a CMMC Level 2 Certification Assessment. This includes discussing the scoping process, understanding control inheritance, and setting realistic expectations for involvement and documentation from managed service providers (MSPs) and cloud service providers (CSPs).
Furthermore, the presenter will share an essential objective evidence list crafted to guide DIB contractors on what assessors anticipate regarding documentation and assessment activities. Attendees will leave with a robust understanding of the CMMC Level 2 certification assessment process, insight into assessor expectations, and resources to streamline their preparation for CMMC compliance.
Audience Key Takeaways:
- Gain a comprehensive overview of the CMMC Level 2 certification assessment process, enriched by the presenter's JSVA experience.
- Acquire a clear understanding of what C3PAOs anticipate from DIB contractors in preparation for and during the assessment.
- Receive an invaluable objective evidence list to guide DIB contractors in preparing their documentation and assessment activities according to assessor expectations.
臺灣資安大會
