A look at recent headlines would have you believe that the biggest risks for CMMC noncompliance are exposed data and ransomware demands. But many organizations are exposed to a much different kind of risk, according to an ongoing case that involves a DIB contractor.
In September 2015, Aerojet Rocketdyne Holdings, Inc. laid off Brian Markus, its CISO, two months after Markus refused to sign a document that claimed the company had met compliance and instead authored an internal memo noting his concerns. Markus, now the CEO and co-founder of Aries Security, filed suit the next month under the False Claims Act.
The qui tam, which means Markus can sue on behalf of the federal government, was amended to allege that Aerojet Rocketdyne terminated his employment based on his efforts to stop the company from defrauding the government. The ongoing case is due to be heard before a jury next March.
Markus holds several licenses and certifications in cybersecurity and is a member of the President’s National Security Telecommunications Advisory Committee. Prior to joining Aerojet Rocketdyne, Markus spent eight years at Raytheon in senior IT security and management roles and 10 years as a “security goon” for DEF CON, one of the world’s most notorious hacker conventions.
Markus, along with lawyer Greg Thyberg, will join CyberSheath vice president of security services Carl Herberger for a discussion about the importance of cybersecurity compliance for contractors within the DIB. Register for CMMC Con 2021 now to see the discussion and understand more about how the False Claims Act applies to the world of cybersecurity compliance.