Brian Hubbard is a Cybersecurity Expert working at Edwards Performance Solutions, a WOSB in Columbia, Maryland. He was one of the facilitators of the original National Institute of Standards and Technology (NIST) framework. He is an advocate of businesses being protected from cyber-attacks because they will put out of business in a fleeting time. How healthy is your cybersecurity program for your business? Brian structures cybersecurity programs that facilitate a business being successful. He focuses on cybersecurity strategy development and penetration analysis and what you can do as a business owner to improve your cybersecurity program continually.
Brian transitioned to Edwards Performance Solutions from his own business. He described how he dealt with that transition and realized when he had no more business on his pipeline that he would have to merge with another company.
The Early Years
Brian started his journey in a small town, Dunkirk, Indiana, a population of 2,300 people. He went to Purdue University and studied Information Security, and lucked into his first job with the National Security Agency (NSA) when they recruited at Purdue University.
He landed and interviewed with the NSA. For the first time in his life, he flew on a jet airplane to Baltimore, Maryland, and for the first time, was in a coastal city. The National Computer Security center, that organization has gone away since then.
Studying under the luminary’s and leaders in the field and followed them when they left the government in Maryland. Brian ended up at Booz Allen and worked on cybersecurity and intelligence community for 20 years. He loved working for small business and went back to a small business to work with NIST.
He feels like his career has been propelled by luck. He worked with a team that was developing what became known as the NIST cybersecurity framework. Brian facilitated the workshops that were happening in the industry need for the NIST Framework. Improve the cybersecurity of critical infrastructure, including industries such as banking, oil and gas, and banking. Four thousand people participated in these workshops across the country—18 months to develop the document. Publication to get NIST standard is a lot longer than that, so it was an aggressive schedule. This publication got rolled out by the white house. This experience was a highlight of his career.
To be successful in business, cybersecurity should be a part of every business strategy. ~Brian Hubbard
What is CMMC?
CMMC stands for “Cybersecurity Maturity Model Certification” and encompasses five levels of cybersecurity. Government Contracts will specify which Level will be required to not only bid on that contract but be awarded the contract. CMMC will be incorporated into the Defense Federal Acquisition Regulation (DFARS).
CMMC affects every government contractor. You can fix this over a couple of years, and you must be 100% compliant. Level 1 is 17 practices and talked about as basic cyber hygiene. Every company must be compliant.
Some CMMC basic things are two-factor authentication and virus scanning. Some businesses do not even do that and think because their systems are on a Cloud Managed Service Provider (MSP) that their business is covered. The cybersecurity plan should still include what processes are in place to protect PCs, Laptops, Cell phones
CMMC Level one is the entry point, and then Level three is the next breakpoint. Most government contracts will require Level 3. Most companies are that everyone is preparing for Level 3. Level 1 is not realistic for most companies. The contracting officer will specify what the Level is required for the contract. Brian suggests reading more about CMMC; you should visit the CMMC Accreditation Body and learn more.
Edwards is Ready for CMMC
Edwards Performance Solutions is ready to become an Auditor and Trainer on CMMC. The regulations surrounding this certification is not ready yet. Edwards Performance Solutions is prepared for this to happen and is currently helping companies get ready for CMMC audits. Edwards Performance Solutions can either help a company get prepared or can do an audit at the end of your readiness. Not both.
To learn more about CMMC and the services provided at Edwards Performance Solutions, you can email Brian directly at mailto:firstname.lastname@example.org or get a readiness assessment at https://edwps-cmmc.com/.