Connor specializes in building repeatable security programs that ensure ongoing compliance and cyber risk management. Connor leads NIST Cybersecurity Framework (CSF), Cybersecurity Maturity Model Certification (CMMC), and FedRAMP engagements. With 5 years of cybersecurity experience, Connor has focused on performing cybersecurity assessments, developing actionable remediation plans, and executing program implementations. Connor has extensive project experience within industries such as construction/engineering, software, and professional services utilizing standard control frameworks such as ISO 2700, NIST 800-53, NIST 800-171, PCI, and CIS. Connor also has experience in the industrial environments evaluating network architectures/segmentation, security hardening, and governance practices within manufacturing, water treatment, and energy Industrial Control Systems.
As defense contractors and manufacturers progress toward CMMC Level 2 compliance, a critical area of ambiguity lies in how Operational Technology (OT) is treated within the current Level 2 Scoping Guide. Specifically, the treatment of OT within the category of “specialized assets” leaves significant room for interpretation — and potential misalignment with the practical realities […]
Disclaimer: NIST 800-171 Revision 3 is in DRAFT form, and public comments will be gathered before the publication is made final. 1. Resource Allocation = Time & Money Even though the total count of security requirements in the recently released draft of NIST 800-171 Rev. 3 remained steady with Rev. 2, the requirements were expanded […]
