DEVIN J. CASEY - IMPLEMENTATION LEAD

ISOO/CUI OVERSIGHT

Devin J. Casey is the lead for implementation and oversight activities for the Controlled Unclassified Information (CUI) Program.  He contributed to the development of the National Institute for Standards and Technology Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Systems and Organizations. This publication recommends standards for protecting CUI in non-federal electronic environments as prescribed in agreements between federal and non-federal partners.  Since joining the CUI Program, Devin has authored numerous policies and guidance documents that have aided stakeholders, agencies and industry, in the implementation and management of the CUI Program.  He came to the National Archives from the US Department of Agriculture where he worked in their Classified National Security Programs Branch.  He also serves in the Army reserves as an intelligence analyst and security manager with tactical and strategic experience; specializing in intelligence support to information operations. As the foremost expert in the CUI Program and information security, he advises senior leaders of the Executive branch (departments and agencies) as well as industry executives and other non-federal organizations on the structure and implementation of the CUI Program.  

Katie Stewart - Carnegie Mellon Software Engineering Institute, CERT Cyber Resilience Center

Member of CMMC Development Team

Katie Stewart is a senior member of the technical staff with the Software Engineering Institute of Carnegie Mellon University. Katie has 18+ years of experience advising clients in engineering, information technology and the telecommunications industry. Katie's current research focuses on information security governance, risk management, and measurement and analysis. She holds a Bachelor's of Science and a Master's of Science in Computer Engineering. Katie is a Certified Information Systems Security Professional (CISSP) and has spent time as an adjunct professor. 

Andrew Hoover - Carnegie Mellon Software Engineering Institute, CERT Cyber Resilience Center

Member of CMMC Development Team

Andrew Hoover is a Senior Engineer with the CERT Division of Carnegie Mellon University’s Software Engineering Institute. As a member of the Cybersecurity Assurance Team, he performs risk and resilience management work for a variety of organizations, mostly relating to critical infrastructure protection. Andrew has 16 years of experience in information technology field. Prior to joining the SEI, he worked as a technical auditor performing risk and vulnerability assessments for government and industry clients. In addition to the customer focused work Andrew teaches the public offering of the CERT Resilience Management Model (CERT-RMM) course. He holds numerous security related certifications and remains active in the cybersecurity community.

Chris Rose, MBA, CISSP, CISM - Ariento inc.

CMMC Marketplace Board Of Directors

Chris is the founder and managing partner of Ariento, a cybersecurity, IT and CMMC compliance service provider to small and mid-sized organizations. His background in information security began at a Fortune 200 company in 2006. He left to serve six years in the United States Marine Corps (USMC) where he was the country Chief Information Security Officer (CISO) for the Republic of Georgia, a role in which he built, secured and successfully protected the USMC cyber architecture in a highly vulnerable cyber threat environment. Upon returning to the United States, Chris pursued an MBA and Masters of Computer Science from UCLA and worked for the MITRE Corporation as a cybersecurity engineer, a role in which he identified more than 1,000 vulnerabilities and recommended fixes in national security software. Chris gives back to the cyber community through serving on numerous boards, appearing as a regular speaker for various outlets including the Wall Street Journal, and teaching topics of cybersecurity and privacy at UCLA and other institutions.

Chris Golden - Horizon Blue Cross Blue Shield of New Jersey

CMMC ACCREDITATION Body (CMMC-AB) Board Of Directors

Chris Golden is a career risk manager and recognized expert in both Cybersecurity and Third-Party Risk Management.  Chris took his commission in the USAF after receiving his Bachelor’s of Science degree in Computer Science from the University of Miami in Coral Gables, FL.  He spent more than two decades in uniform serving in various flying, command and staff assignments.  After his retirement from the Air Force, Chris continued to serve in a number of technical defense contractors positions.  

Upon leaving the Federal sector, Chris was hired by DTCC as their Director of Cybersecurity Strategic Planning.  Here, he created opportunities that protected Wall Street and the country’s economy. Chris then moved to the healthcare sector where he is the Director of Information Security responsible for protecting the personal information of the members of Blue Cross Blue Shield.  

He holds two Master’s degrees, an MS in Computer Information Systems and an MA from the Naval War College.  Chris also holds multiple Cybersecurity and Third-Party Risk Management Certifications such as  CISSP, CTPRP, CISA among others.  He is a noted speaker in risk management and has been published in that area as well.

Stacy Bostjanick - Department of Defense, OUSD A&S - Director of CMMC

Ms. Bostjanick is currently serving as the OUSD A&S, Director of Cybersecurity Maturity Model Certification (CMMC) Policy. In this role, she is responsible for managing the initiation of the CMMC program and is responsible for establishing all Policy and Procedures with regard to the  CMMC. Previously, she served as the DIA, Head of Contracting Activity in which she was responsible for planning, managing, directing and accomplishing the total DIA procurement program.  Ms. Bostjanick has also worked as a Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation's missile defense systems.