Three Days of Discussions and Advice on Compliance, Culture, and the AI Frontier

SAN FRANCISCO – MAY 14, 2026 – Secureframe, the leading AI-powered cybersecurity compliance platform, today announced the successful conclusion of its inaugural National Cybersecurity Summit. Held virtually from May 11–13, the event drew thousands of security leaders, CSOs, and government officials to address the critical intersection of CMMC compliance, supply chain security, and the integration of AI in the federal defense sector.

The summit featured 30+ expert speakers including: 

• Stacy Bostjanick, former Deputy CIO of the DoD
• General Paul M. Nakasone (Ret.), former Commander of U.S. Cyber Command and Director of the NSA
• Katie Arrington, CIO of IonQ and former DoD CIO 
• Robert Costello, former CIO of CISA
• Rob Joyce, former NSA Cybersecurity Director

The Urgency Behind CMMC is National Security

Day 1 focused on the current state of CMMC and the assessment ecosystem. Mike Snyder, Executive Director of Ecosystem Engagement of The Cyber AB provided an enforcement roadmap and the latest ecosystem numbers:

• 1198 final Level 2 (C3PAO) certifications
• 103 authorized C3PAOs, and 
• 518 Lead CCAs

Stacy Bostjanick, recently retired Deputy CIO of the DoD, reframed the CMMC conversation beyond compliance metrics. She highlighted that accessor capacity isn’t the issue, but that the real challenge is shifting the industry mindset about why CMMC matters in the first place.

"People don’t care about [cybersecurity requirements] until they get hit by an attack,” Bostjanick said. “We need to get secure before that… and stop giving away information to adversaries for free.”

Building Security Culture for Real-World Risk

Day 2 pivoted to the evolving threat landscape and the human imperative beneath it. General Paul M. Nakasone (Ret.) guided attendees on how to understand their own environments, and why speed matters now more than ever. 

Adversary attacks are faster, more sophisticated, and increasingly scalable. "There are likely adversaries in your network and you probably don't know it," Nakasone cautioned. This reality underscores why AI has become a must-have for defenders. 

On AI's adoption trajectory, Nakasone offered blunt guidance: move in sprints. "We should move in sprints. We need to move faster. Instead of trying to solve all problems, let's try to solve the most urgent, unique problems."

Robert Costello, former CISA CIO, discussed AI's practical impact on compliance and control testing. While generative AI grabbed headlines with ChatGPT, the real value for security teams lies in addressing alert fatigue, synthesizing large volumes of compliance data, and enabling continuous control testing in production environments.

CMMC and the Future of Federal Cybersecurity

The summit's final day tackled the future of federal cybersecurity. Katie Arrington, CIO of IonQ and former DoD CISO, delivered a keynote that reframed CMMC not as a compliance checklist but as the foundation for staying ahead of evolving threats.

The fundamental question, she argued, isn't whether organizations should pursue CMMC, it's why they wouldn't. In an era where AI tools can identify vulnerabilities in seconds, the case for proactive assessment and remediation is self-evident. 

“CMMC is not just about compliance. It's about protecting you and all of us. The threat is real, it’s continuous, it’s evolving and becoming even more of a problem because of capabilities at hand so taking CMMC and other cybersecurity requirements to protect your environment seriously is more important than ever.”

Arrington noted that CMMC has become a competitive benchmark she uses to assess vendor cybersecurity posture in her current role at IonQ, and one increasingly adopted by other government agencies like the NSA.

Closing the event, Rob Joyce (former NSA Cybersecurity Director) left the audience with insights about how AI-powered operating systems are fundamentally changing the timeline of cyber defense, and what to do to prepare.

“The AI revolution is real and here. These tools will accelerate offense and defense and the people using AI will outperform those who aren’t,” he said. “So start adopting it now to improve your defenses.”

Secureframe's Federal Leadership

Throughout the event, Secureframe reinforced its role as the leading trusted cybersecurity compliance partner for federal contractors navigating evolving regulations like CMMC.

"The conversations this week have shown us where the real cybersecurity compliance hurdles lie. Not just in understanding what needs to be done, but in building the tools, processes, and cultures that make it sustainable,” said Shrav Mehta, Secureframe CEO. “We're committed to helping compliance teams bridge those gaps, so organizations can focus less on checking boxes and more on enhancing cybersecurity and building genuine resilience."

All registrants will have access to on-demand session recordings. To get notified when on-demand recordings are available, register at https://secureframe.com/summit.

About Secureframe

Secureframe is the leading security and privacy compliance automation platform, helping organizations achieve and maintain continuous compliance with standards like CMMC, FedRAMP 20x, SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, and more. Thousands of fast-growing startups and global enterprises trust Secureframe to simplify compliance, reduce risk, and build trust with customers and partners. Backed by top-tier investors including Kleiner Perkins, Gradient Ventures, and Base10 Partners, Secureframe is redefining what’s possible in security and compliance.