Dave Gray



CMMC Audit Pros, LLC, www.cmmcauditpros.com 

CMMC PA3, CMMC PI (Candidate), CISSP, CAP, PMP and CEH certified Information Technology Leader skilled in securing information systems to achieve information confidentiality, integrity and availability. Dave focuses on Governance, Risk Management, and Compliance (GRC) using information security frameworks established by the Cybersecurity Maturity Model Certification (CMMC) for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Dave consults regularly for DoD Defense Industrial Base (DIB) vendors regarding the National Institute of Standards and Technology (NIST) Department of Defense (DoD) Assessment Methodology. Dave promotes Cybersecurity as a key enabler for organizational and enterprise success, aligning effort levels with outcomes through consulting, assessing and teaching cybersecurity courses. Cybersecurity topics include CMMC, CISSP, Security+ and ITIL.


Core Competencies:

  • Information Systems Security
  • CMMC – Cybersecurity Maturity Model Certification
  • Cybersecurity Policy & Standards
  • Controlled Unclassified Information (CUI) Compliance
  • Governance and Risk Management
  • Federal Contract Information (FCI) Compliance
  • Information Security Assessment
  • NIST DoD Assessment Methodology
  • NIST CyberSecurity Framework
  • Information Security Training and Instruction


Established the Cybersecurity Maturity Model Certification (CMMC) client DFARS and CMMC certification program for FCI and CUI. (Senior CyberSecurity Advisor, CyberDefenses, Inc.)

Developed Information Security Policies and Standards aligned with NIST 800-53. Integrated information security into processes and procedures. (CyberSecurity, Texas Comptroller of Public Accounts)

Established the Information Technology Project Management Office (PMO). Improved accountability, aligned outcomes and established strategic direction. (IT Operations Manager, Texas Army National Guard)