April 2026 Midwest Cyber Security Alliance Meeting | CMMC: Navigating the Road from Scope to Assessment

Cybersecurity Maturity Model Certification (CMMC) has moved from a theoretical future requirement to a hard reality for both defense contractors and their suppliers. Join us on Thursday, April 30, 2026, at the next Midwest Cyber Security Alliance Meeting, where an expert panel will dive into what you need to know about this compliance standard. We have brought together a group of professionals with deep CMMC experience, including both consultants and organizational leaders who have passed a Level 2 assessment. The panel will navigate the full CMMC life cycle, starting with applicability and organizational fit. They will then dive into technical strategy and governance, the nuances of outsourcing to MSPs, what C3PAO auditors specifically look for, and the legal risks for your organization to consider throughout the process.

The discussion will aim to address many of the questions our experts are hearing from clients and peers, such as:

• Where do I start the process and who can help me?
• How do I know my CMMC level and the applicable requirements?
• Is this only a Department of Defense requirement?
• How much will it cost and how long will it take to get compliant?
• Is this only a technology initiative or does it impact other areas of the business?
• How do I identify my company’s Controlled Unclassified Information (CUI)?
• What does a C3PAO look for during an assessment and what are common failure points?
• What legal and regulatory concerns come with CMMC compliance or noncompliance?

Whether you are just curious about the standard, have been told to look into CMMC compliance for your organization, have completed a C3PAO audit, or are somewhere in between, please join us at Foley & Lardner’s Milwaukee office on April 30.

While there is no cost to attend, advance registration is required. To register, click the “Register Now” button.

Presenters:

• DJ Vogel, CISSP, CISA, Founding Partner, Ghostscale
• Kevin Bong, CISA, PMP, CISSP, GIAC, GSE, GX-CS, GX-IA, GX-IH, GSEC, GCIA, GCIH, GPPA, GCFA, GAWN, CEH, RP, ISO 27001 LA, Director and CMMC Registered Practitioner, Ghostscale
• Jeremy Mares, Vice President of Federal Accounts, Redspin
• Michael Barrett, Chief Information Officer, Potawatomi Ventures
• Jennifer Urban, CIPP/US, Partner, Foley & Lardner LLP
• Erin Toomey, Partner, Foley & Lardner LLP

Continuing Legal Education (CLE)

For programs that meet CLE accreditation standards, applications for accreditation will be submitted to WI for up to 1.50 credit hours. For attendees licensed and seeking credit in all other jurisdictions, Foley will provide them with a Uniform Certificate of Attendance so that they may self-apply for credit if their jurisdiction(s) allows. Credit amounts and types are granted at the discretion of each jurisdiction and are not guaranteed until approved. Certificates of Attendance will be emailed to eligible participants approximately eight weeks after the program.

Continuing Privacy Education (CPE)
This program may be eligible for continuing privacy education (CPE) credit toward CISA, CISM, CGEIT, and/or CRISC certifications and maintenance. Please visit the ISACA website to review the specific CPE requirements for your certification and verify whether the topic(s) addressed in this program align with one or more of your certification’s job practice areas: CISA, CISM, CGEIT, and CRISC. An ISACA Verification of Attendance form will be made available for self-reporting purposes.