ALEC TOLOCZKO

DIRECTOR OF GROWTH, R3 IT

Alec Toloczko serves as the Director of Growth at R3, supporting defense contractors across the Defense Industrial Base (DIB) as they navigate complex cybersecurity and regulatory requirements including CMMC and NIST SP 800-171.

R3 is CMMC L2 Certified MSP that designs, implements, and manages compliant environments across Microsoft 365 GCC High and Azure Government, enabling organizations to securely handle Controlled Unclassified Information (CUI) while maintaining Department of Defense contract eligibility.

Alec works closely with contractors, partners, and accredited assessors to establish clear pathways from secure cloud architecture and CMMC readiness to long-term operational compliance, helping organizations strengthen security posture while modernizing their infrastructure.

ANWAR KIBRIA

CEO & FOUNDER, ACE OF CLOUD

Anwar Kibria is the Founder and CEO of Ace of Cloud, an authorized CMMC Third-Party Assessment Organization (C3PAO) specializing in cybersecurity compliance and cloud security for organizations across the Defense Industrial Base and Public Sector.

With nearly two decades of experience in cybersecurity, risk management, and regulatory compliance, Anwar has helped organizations in both the public and private sectors design and implement scalable security programs. His work spans tens of U.S. federal agencies as well as leading commercial technology companies including Microsoft and Blackboard Inc., in addition to major defense contractors such as Booz Allen Hamilton.

Through Ace of Cloud, Anwar works with government contractors and technology companies to help them navigate complex frameworks such as CMMC, NIST SP 800-171, FedRAMP, GovRAMP, ISO 27001, and SOC 2, translating regulatory requirements into practical security architectures that enable organizations to protect their sensitive data (e.g. Controlled Unclassified Information (CUI)) while remaining competitive in the federal marketplace.

As an authorized C3PAO leader, Anwar brings a unique perspective from both advisory and assessment roles, giving him deep insight into the most common compliance challenges organizations face—from CUI scoping and enclave strategy to operationalizing NIST 800-171 controls.

BETH LEONARD

COO, R3 IT

Board Member, Cyber AB

Ms. Beth Leonard, Chief Operating Officer (COO) for R3 (www.r3-it.com), is an award-winning speaker in her field; frequently invited to both local and international-level industry events to speak about such topics as compliance, governance, quality, and customer satisfaction using industry best practices and standards such as NIST, CMMC, ISO, CMMI, and ITIL. She is a Neuroendocrine (NET) Cancer patient advocateand has supported various organizations including providing patient perspective input into the design of a clinical study with the International Neuroendocrine Cancer Alliance (INCA) as well as filming a live educational panel broadcast in conjunction with Carcinoid Cancer Foundation.

Ms. Leonard is a well-respected executive with over 30 years of IT and Information Security (IS) management, compliance, quality assurance, and process improvementexperience across the government contracting and commercial industries and currently overseeing all day-to-day operations of a cloud-first MSP, providing businesses with the latest in modern IT, security, and compliance solutions. She is an ITIL Expert and has numerous certifications including ITIL Expert – Trainer – and Proctor, ISO Lead Auditor(ISO standards: 9001, 19011, 20000-1, 27001), A2LA accredited ISO/IEC 17020:2012 assessor, Black Belt Six Sigma, and PMP, and has strong experience in other ISO standards, CMMI-DEV, CMMI-SVC, HIPAA, PCI, SOC, FedRAMP, NIST SP 800.171/800.53 security controls, and privacy standards. In conjunction, she is a certified Facility Security Officer (FSO), understanding both industrial and cyber/information security best practices. She has previously held positions in the areas of program/project management, security management, service management, and all support functions within the software development and IT service management lifecycles.

BOBBY GUERRA

CEO, Axiom

Bobby Guerra is the CEO of Axiom. He has been running an MSP for over 22 years, facing numerous challenges along the way—but none as demanding as CMMC. As the leader of Axiom, he spearheaded the company’s CMMC Level 2 assessment by a C3PAO. Axiom is one of the first MSPs in the country to achieve certification.

However, obtaining CMMC Level 2 was only one part of the challenge. The next hurdle is guiding clients through the process while ensuring the long-term security and compliance of their environments. This required not only developing an SSP for Axiom but also creating tailored solutions for clients, carefully considering inheritance, efficiency, and the longevity of documentation and processes.

Through this experience and by amplifying his insights on Climbing Mount CMMC The Podcast, Bobby is committed to making a meaningful impact on cybersecurity and compliance across the United States.

BRADLEY TAYLOR

CISSP, LEAD CCA, SWIFT CSP, PCI QSA, CEH, CHFI DIRECTOR

DIRECTOR IN ADVISORY & CONSULTING PRACTICE, FRAZIER & DEETER

Bradley Taylor is a Director in the Advisory & Consulting Practice at Frazier & Deeter, specializing in Cybersecurity Maturity Model Certification (CMMC) and cybersecurity compliance for federal contractors. With over two decades of information security experience, he advises organizations on meeting CMMC requirements and strengthening security controls across complex IT environments. His experience includes vulnerability management, incident response planning, internal control testing and data protection initiatives supporting regulated and government- facing organizations.

In addition to CMMC, Taylor’s work aligns with widely adopted security frameworks and regulatory standards, including the SWIFT Customer Security Programme (CSP), Payment Card Industry Data Security Standard (PCI-DSS), ISO/IEC 27001 and 27002, HIPAA, National Institute of Standards and Technology (NIST) publications (SP 800-171, SP 800-53, SP 800-61) and the NIST Cybersecurity Framework (CSF).

Prior to joining the firm, Taylor served as an Information System Security Manager in the United States Air Force, where he led vulnerability assessments and remediation, managed physical and cyber risk and supported data protection efforts. His responsibilities included penetration testing, digital forensics and security training for communications security (COMSEC) and computer security (COMPUSEC).

BRIAN HOWELL

CISA

FOUNDER, CRESTVIEW.io

Brian Howell is a business and technology risk executive with 25 years of experience across risk management, audit, and business process functions. He partners with business leaders to assess and address business and technology risk through a pragmatic, governance-focused approach.

Brian is the Founder of Crestview.io, a platform that helps leaders identify, assess, and visualize risk.

CLINT STEVENS

FOUNDER & CEO, PHY-CY.X SECURITY GROUP

Clint Stevens is the Founder and CEO of Phy-Cy.X Security Group, LLC, a Wichita based cybersecurity integration and network engineering firm specializing in IT / OT convergence within Critical Infrastructure and the Defense Industrial Base.

As a founding RPO, their focus areas include: CMMC consulting, security program development and management, penetration testing, vulnerability and gap assessments, along with many others. Retired from the US Air Force, Mr. Stevens served multiple roles in Aircraft Maintenance; Intelligence, Surveillance, and Reconnaissance; and notably Cyberwarfare, where he led DoW Certified Red Team operations (both cyber and physical) across the globe.

DAN HARMAN

COO, PHY-CY.X SECURITY GROUP

Dan Harman is the COO at Phy-Cy.X Security Group, LLC., leading the company’s compliance consulting and technical integration services. With decades of government and private industry experience, he has guided organizations through complex compliance initiatives including CMMC, ISO 27001, NERC CIP, and NATO STANAG. Previously, Dan served as a Senior Technical Account Manager and Global MDR Operations Team Lead for multiple industry leading companies. Mr. Harman continues to serve in the Air National Guard as a Warfighter Communications & IT Systems Operations Warrant Officer.

GREG MARLER

CCP, CCA, CISM, QSA

MANAGER IN ADVISORY & CONSULTING PRACTICE, FRAZIER & DEETER

Greg Marler is a Manager in the Advisory & Consulting Practice at Frazier & Deeter. He has nearly 15 years of experience in cybersecurity, helping organizations navigate complex compliance requirements while maintaining practical, mission-focused security programs.

Marler’s background spans federal, defense and commercial environments, with experience in risk management, vulnerability management and cybersecurity assessments. He supports organizations preparing for audits, strengthening security posture and building sustainable compliance programs, including initiatives aligned with Cybersecurity Maturity Model Certification (CMMC), Payment Card Industry Data Security Standard (PCI DSS) and the National Institute of Standards and Technology (NIST) frameworks.

Prior to joining the firm, Marler served as a cybersecurity specialist in the United States military for nearly a decade, including roles as an Information Systems Security Manager and Communications Security (COMSEC) Manager. In these positions, he oversaw information assurance programs, supported the protection of sensitive and classified systems and provided expertise in penetration testing, digital forensics and COMSEC training.

HEATHER SIEMENS

LEAD CCA, CISA

CEO, iFORTRISS

Heather Siemens is a seasoned cybersecurity compliance expert with over 25 years of experience in IT Governance, Risk, and Compliance (GRC) in the energy and defense sectors. As a Lead CMMC Certified Assessor (CCA) and a Certified Information Systems Auditor (CISA), she brings unparalleled expertise in cybersecurity regulations and best practices. Her extensive background in DOE NERC Critical Infrastructure Protection (CIP) auditing uniquely positions her as a trusted advisor in the evolving landscape of defense cybersecurity. She is also a Prosci® Certified Change Practitioner in Organizational Change Management (OCM), which she leverages to assist companies in strategically transforming their workflows to be CMMC compliant. Heather is the CEO and Co-Founder of iFORTRISS, a cybersecurity consulting and Managed Security Services Provider (MSSP) firm dedicated to helping small to medium size contractors in the DIB achieve CMMC compliance.

JAMES HARPER

CEO, QUATRONICS

James Harper is the CEO of Quatronics and a Lead CMMC Certified Assessor. In addition to conducting formal CMMC assessments, he works with contractors of all sizes to translate regulatory requirements—particularly NIST SP 800-171 and related frameworks—into practical, defensible cybersecurity programs aligned with real-world operations.

James’ experience spans the full CMMC lifecycle, including system scoping, enclave design, policy and documentation development, risk management implementation, mock assessments, and executive-level preparation for third-party audits. His focus is on helping organizations build sustainable governance and risk management practices that stand up not only to assessors, but also to operational realities.

Beyond assessment work, James is an active contributor to the CMMC community. He regularly publishes educational content, speaks at industry events, and hosts regional meetups. His goal is to help organizations move beyond checkbox compliance toward resilient, mission-supporting cybersecurity programs.

JOSH FLEMING

Senior Cybersecurity Manager, Echelon Risk + Cyber

Josh Fleming is the Senior Cybersecurity Manager of Echelon’s Risk Advisory service, specializing in incident prevention and response management. With extensive experience in both cyber and physical security, he advises executive teams on incident response planning, threat assessments, and crisis management. His approach combines technical depth with strategic foresight, helping organizations stay resilient in the face of evolving threats. 

KALEIGH FLOYD

COO, Axiom

Kaleigh Floyd is the Chief Operations Officer for Axiom and Co-Host of Climbing Mount CMMC The Podcast. Having grown up in the MSP industry, she considers it her second language. Her journey with Axiom began long before her official role, as the company was founded by her father in 2002.

Beyond marketing, Kaleigh has worn many hats in the MSP space, specializing in Microsoft 365, phishing awareness, password management, and CMMC training. Passionate about education, she runs a YouTube channel dedicated to Microsoft 365 training, aiming to simplify complex technology for others. With a deep commitment to making a lasting impact in the ever-evolving tech landscape, she strives to leave a legacy that continues to resonate long after she stops speaking.

KELLY HOOD

CISSP, Lead CCA

Optic Cyber Solutions

Kelly Hood, CISSP, specializes in helping organizations implement cybersecurity best practices, controls, and standards to effectively manage risks and achieve compliance objectives. Kelly supports organizations across industries as a Lead CMMC Certified Assessor (CCA) and Registered Practitioner (RP) by developing and implementing cybersecurity strategies to help manage the risks to their business.  She has also supported the evolution and outreach of the Cybersecurity Framework (CSF) as part of the NIST Cybersecurity Framework team and continues to aid organizations in adopting the Framework to strengthen their cybersecurity posture.

Additionally, Kelly supported the development of ISACA’s CMMI Cybermaturity Platform (CMMI-CP). The patented approach she helped develop for ISACA translates cybersecurity risk to cybermaturity goals and identifies mitigation strategies to help organizations improve their cybersecurity capabilities.

KELSEY CUNNINGHAM

Cybersecurity Manager, Echelon Risk + Cyber

Kelsey Cunningham is a Cybersecurity Manager at Echelon, where she serves as a leader in the Risk Advisory Practice. She holds a Master’s in Cybersecurity, CRISC, CISSP, and CMMC RP certifications. Kelsey has over a decade of experience, spanning technology and cybersecurity consulting, enterprise risk management, GRC, and project management. She is passionate about helping clients to understand and mitigate risk to their specific organization and building holistic security programs that do more than just “check the box”.

KIM FANTO

CCP

K.Fanto Solutions

Kim Fanto is a strategic technology leader and cybersecurity professional specializing in the design and deployment of complex security frameworks. As a CMMC Certified Professional (CCP), Kim serves as a dedicated partner to organizations within the Defense Industrial Base (DIB), navigating the intricacies of CMMC compliance and NIST-based security requirements. She has successfully guided numerous organizations through Level 1 attestations, GAP readiness, and Level 2 implementation planning, delivering solutions that are as operationally efficient as they are secure.

With a career rooted in technology leadership and architecture, Kim excels at bridging the gap between business objectives and technical execution. As a former Technology Manager and Solutions Architect, she spearheaded enterprise modernization projects that enhanced resiliency and scalability while ensuring alignment with NIST Cybersecurity Framework (CSF), PCI-DSS, and FFIEC standards. Kim is an active contributor to the CMMC Professionals Network and serves on the planning team for the 2026 CMMC Midwest Conference, where she continues to advocate for cybersecurity excellence across the industry.

KOREN WISE

Owner, Wise Technical Innovations

Koren is a Certified CMMC Assessor, Provisional Instructor, and the CEO of Wise Technical Innovations in Norfolk, VA. She has participated in the Joint Surveillance Voluntary Assessment Program as both assessor and implementor. She recently created the compliance program and GCCH Azure Gov enclave for Jaco Aerospace, leading them to the JSVA where they scored the perfect “110”.

WTI is a Licensed Training Provider for Cyber AB.  WTI is awarded on the GSA HACS schedule for High Value Assessments, Risk and Vulnerability Assessment, Cyber Hunt, Incident Response, and Penetration Testing.

Koren is qualified by the Department of Homeland Security/CISA as Lead Assessor for High Value Asset, Cyber Resiliency Review, and External Dependency Management Assessment Program.

Koren specializes in standing up cybersecurity programs within organizations to meet applicable NIST controls or comply to 800-53 overlays. Additionally, she specialized in business continuity planning, business impact analysis, and risk-based approaches, such as the Cybersecurity Framework (CSF). She is skilled in using 800-53, RMF, 800-30, and 800-37, eDiscovery, root-cause analysis, and threat hunt techniques.

Koren has enjoyed a 23-year career in IT and network security which has resulted in a deep knowledge of disaster recovery, hardening infrastructures, and risk assessment. She started Wise Technical Innovations in 2004 and has been helping both commercial and government organizations meet business goals and maintain highly secure environments ever since.

She has a strong passion for teaching and has contributed to the IT community on the podium throughout her career. She is CISSP and PMP certified with a master’s degree in education.

MARK DEBRY

LEAD CCA

President & Co-Founder, 1st Defense CMMC

Mark is a Lead CMMC Certified Assessor (CCA), Provisional Instructor for CMMC Certified Professionals (CCP) and CCA courses, and President & Co-Founder of 1st Defense CMMC. With more than 25 years of experience in IT, cybersecurity, and compliance, Mark brings real-world perspective from both enterprise and federal environments. His career includes senior leadership roles such as Head of Cybersecurity for IBM Global Services and Cybersecurity Director for Microsoft’s Federal Government division.

Mark has participated in over 30 CMMC Level 2 and mock assessments, giving him deep, hands-on insight into how assessments are actually conducted, what assessors look for, and where organizations succeed or struggle. He also supports DoD Contractors who need to become CMMC compliant and are preparing for their assessment using his lessons learned from assessments. Mark also teaches the CCP and CCA courses.

He holds certifications as a Certified Information Systems Manager (CISM) and Project Management Professional (PMP), and a master’s degree in Information Systems Management. Outside of work, Mark is a father of five and enjoys spending time outdoors, traveling, and playing and coaching sports.

PRABHAT NIGAM

GLOBAL CTO, GOLDEN 5

Prabhat is Cybersecurity and Infrastructure Leader with 25+ years of experience architecting secure enterprise environments across Azure, Microsoft 365, and hybrid infrastructures.  He is a honored listee at Marquis Who’s Who, a 3 times Microsoft MVP Award winner, an active member of FBI InfraGard, Certified CMMC Registered Practitioner, and ISSA, a MBA in Information Technology, working as Global CTO at Golden Five (G5) which is a CMMC RPO, Microsoft AOSG Partner, Microsoft Solution Partner, ESP, MSSP, MSP, CSP, Supplier, and Education partner. G5 helps DoD Contractors with correct GCCHigh licenses, Azure Gov Sub, Security & Compliance configurations, CMMC Compliance Software & Automations. He helps in designing, implementing, managing and supporting solutions for private messaging cloud, mergers, a collaboration between different messaging software and other migration & deployment projects for the following technologies Office 365, Azure, AWS, Exchange, SQL, ADFS, MFA, FIM, MIM, Directory services Security, Compliance and automation. He has worked for all big IT giants either as an employee or contractor where he has led the Global teams. He used to blog at MSExchangeGuru.com, & today blogs at LAEXUGFounddation.org. He also speaks in many conference and keeps the recordings at G5 YouTube channel. Prabhat can be reached at PN@GoldenFive.net or LinkedIn https://www.linkedin.com/in/prabhat-nigam/

SRIKANT RACHAKONDA

Founder & CEO, SMPL-C

Srikant Rachakonda is the Founder & CEO of SMPL-C, an AI-powered SaaS platform focused on simplifying NIST 800-171 and CMMC 2.0 compliance for defense contractors, MSPs, and security practitioners. 

With over 20 years of experience across SaaS, cybersecurity, and compliance, Srikant has led large scale product and data transformation initiatives in both startups and Fortune 100 companies. His work centers on reducing compliance complexity while enabling scalable, audit-ready security programs.

STEVE JUROVIC

Executive Vice President, 1st Defense CMMC

Steve Jurovic is Executive Vice President at 1st Defense CMMC. Steve has forty years of experience in IT, spending the last 20 in the Info-Sec space. He served as Senior Vice President of IT Risk and Security at State Farm Insurance, served as Senior Executive Partner at Gartner and as a Senior Executive Counselor at Info Tech Research Group. Steve has been an advisor to  Fortune 100 CIOs, CISOs, and Boards, and is an industry leader in developing resilient cybersecurity, governance, and compliance programs.  His background as trusted executive advisor in a variety of highly regulated industries makes him a sought after speaker and advisor.

STUART ITKIN

CRO, FutureFeed

Stuart Itkin brings a unique perspective to Federal cybersecurity regulations and the challenges organizations face in satisfying those regulations and operating their businesses.

As CRO and Chief Security Evangelist at FutureFeed, the leading Cyber-GRC platform for the Defense Industrial Base, Stuart works with a team committed to securing our nation’s supply chain from our adversaries by creating an affordable, collaborative IT management platform.  Formerly Senior Vice President of NeoSystems, a Managed Service Provider, Stuart helped small and medium sized businesses address their compliance, cybersecurity, and back-office needs. Stuart earlier served as Vice President of CMMC and FedRAMP Assurance at Coalfire Federal, where he established the company as one of the first authorized C3PAOs. Stuart also served as Vice President of Product Management and Marketing at Exostar where he was responsible for the company’s compliance management, supply chain risk management, and secure collaboration platforms, and for establishing its CMMC practice area.

Stuart earned a BA and an MA and is an ABD from the University of Illinois at Urbana-Champaign.

VICTOR CICH

CCA, RP

MANAGER OF COMPLIANCE CONSULTING, RADICL

Victor Cich is the Manager of Compliance Consulting at RADICL, where he leads efforts to help defense contractors and suppliers navigate complex cybersecurity regulations. With over a decade of experience in DoD compliance, he specializes in CMMC Level 2 and NIST 800-171, and holds both Registered Practitioner (RP) and Certified CMMC Assessor (CCA) credentials.

Victor has developed cybersecurity awareness programs, led infrastructure design, and played a key role in launching RADICL’s CMMC Quick-Start Toolkit. A frequent speaker and published author, he brings practical insight and leadership to the evolving landscape of federal cybersecurity compliance.

WAYNE R. SHAW

Owner, Five 9s Consulting

Wayne R. Shaw is the owner of Five 9s Consulting with more than 30 years of experience in enterprise IT and cybersecurity. For the last six years, he has worked directly with manufacturers and Defense Industrial Base companies navigating the realities of CMMC.

After founding and growing a nationwide cloud services company in 1999 and selling that business, Wayne turned his focus to cybersecurity compliance. Today, he helps organizations apply CMMC, NIST 800-171, and DFARS requirements in practical, cost-aware ways that stand up to assessor scrutiny—sharing lessons learned straight from the trenches.