board of directors
CMMC Accreditation Body
Built to Listen. Organizational Structure.
The following is provided for informational purposes only and may change once the board adopts the bylaws. There will be opportunities for industry involvement in the CMMC-AB through the Councils which will be independent advisory bodies. Additionally, the board will form committees, which will then, in turn, create specific issue-oriented working groups.
Stay tuned in the coming weeks and months for details on how you can participate in Councils and Working Groups.
- Karlton D. Johnson, Chairman
- Jeff Dalton, Vice Chairman
- Sheryl Hanchar, Secretary
- Yong-Gon Chon, Treasurer
Chairman, Board of Directors
Karlton D. Johnson is a senior executive and respected visionary leader with over 32 years of subject matter experience in strategic leadership & risk, partnership creation, organizational excellence, mission assurance, cybersecurity and enterprise communications technologies. Mr. Johnson has deep expertise in bringing insight, clarity and direction towards empowering critical decisions that solve complex problems for organizations. He also has a proven track record of identifying growth opportunities that deliver tangible efficiencies for companies and has broad international experience consulting to foreign governments in driving large-scale program initiatives from requirements to full implementation.
A decorated combat veteran, he previously served as the Chief Information Officer (CIO) for the Multinational Security Transition Command-Iraq. Under his leadership, his joint team conducted numerous combat missions in hostile fire zones to build revolutionary ICT capabilities for the Iraqi Ministries of Defense, Interior, and the Counter-Terrorism Bureau. In his final posting, he served with distinction as the Senior US military executive/CIO and lead cyberspace expert adviser to the 4-star Commander at United States Forces-Korea, Seoul, Republic of Korea. As the Korean Peninsula’s senior U.S. cyber executive, he led elite Joint military, civilian, and contract personnel in providing strategic oversight for all U.S. communications in the Republic of Korea supporting 28,000 military personnel, and he was the principal U.S. military liaison to Republic of Korea’s cyber organizations for bilateral cyberspace cooperation.
In 2014, Mr. Johnson retired from USAF Active Duty as a Colonel after 26 years of honorable service. Over his long and distinguished career, he successfully developed solutions that enabled business transformation globally for large, multinational organizations, exercised strategic leadership in firms of up to 47,000 employees, and led resource asset portfolios up to $5.5 billion. He is currently the Chief Executive Officer of Delaine Strategy Group LLC, a strategic advisory practice providing counsel to C-Suite leaders in the public, private, non-profit and government sectors.
Mr. Johnson serves in senior leadership positions on other Boards, and he also holds several Master’s Degrees and executive Graduate Certifications from various institutions to include George Washington University, National Defense University, West Virginia University, ISACA and the U.S. government.
Vice Chairman, Board of Directors
Chair, Accreditation & Credentialing Committee
Board of Directors
Jeff Dalton is President and CEO of Broadsword and Chief Evangelist with AgileCxO.org.
He is a Certified CMMI Lead Appraiser and AgileCxO Lead Assessor, and author of Great Big Agile: An OS for Agile Leaders. He is the principal author of the CMMI Institute’s “Guide to Scrum and CMMI: Improving Agile Performance with CMMI” and was the first, third, and fourth Chairman of the CMMI Institute Partner Advisory Board, where he led the group through their transitionary period from the Software Engineering Institute, where he was Vice Chairman and later Chairman of their Partner Advisory Board.
Dalton has a background in technology leadership, and has served as Director and VP or Product Development and Quality with multiple companies, and was a Senior Manager and Chief Technology Executive at Ernst and Young, LLP.
Jeff is an active jazz bassist who builds experimental aircraft, and lives with his wife of 25 years in Marathon, FL.
Secretary, Board of Directors
Sheryl Hanchar is Vice President and Chief Information Security Officer (CISO) at Cobham Advanced Electronic Solutions (CAES) where she leads the company Information Security and Governance, Risk, and Compliance programs.
Sheryl has over 25 years of Information Technology and Security experience serving in leadership roles for international multibillion-dollar firms with responsibilities of managing cybersecurity and information technology risk, supply chain risk, regulatory compliance, budget and financial scaling, and operational improvements.
Prior to her current role, Sheryl held the titles of CISO and vCISO providing guidance and strategy at HireRight, a background screening firm, and at Ingram Micro where she delivered framework and strategy aligned with acquisition and migration implementation.
As Global Deputy CISO for Broadcom Corporation, she led divisions aligned with Cyber, Insider Threat and Identity and Access Management and product\supply chain security initiatives. She was Chairman of and founded the Veteran Employee Resource Group (VERG). While at Harris Corporation, Sheryl established and managed the Security Operations Center, Incident Response, and Threat Mitigation teams. During this time, Sheryl partnered with the Defense Industrial Base (DSIE) to grow intelligence-sharing capabilities aligned with protecting our nation’s warfighting tools and technological secrets. Sheryl also held leadership positions preparing firms for PCI and IT Audits.
Sheryl is an Officer within the Information Warfare Community with 20 years of service in The United States Navy Reserves. She is a veteran of Operation Iraqi Freedom, where she served in Iraq (2004) leading the implementation of the Navy’s down-range communications.
She holds a Master of Science in Information Security from Pace University, a Bachelor of Science in Information Systems from Dominican College, and has received many distinguished awards. She has been recognized for her speaking engagements, has authored multiple publications, and has achieved the certifications CISSP, CEH, CISA, and GCIH.
Sheryl’s volunteer service includes her 3-year trustee position with a local veteran’s organization in Satellite Beach FL, mentoring junior cyber warfighters on resume writing, certification preparation, and career paths. She is married and lives in the Melbourne, FL area with her dog, Tebow.
Treasurer, Board of Directors
YG brings more than 25 years of experience building and leading global security teams currently investing & advising cybersecurity companies and investors as co-founder and managing partner of GroCyber. He brings 15 yrs of practical experience working with the NIST SP-800 Series and in 2010 was responsible for leading the early adoption of what is now known as FedRAMP by some of the largest cloud providers during his time at SecureInfo.
Mr. Chon was previously CEO of Focal Point Data Risk and currently sat on the boards of RiskRecon (acquired by MasterCard) & Cloudentity and fellow at the Culinary Institute of America. Mr. Chon also led the cyber division of Kratos Defense and Security Solutions after its acquisition of SecureInfo.
Mr. Chon has held senior leadership positions across numerous cyber security organizations including: Cybertrust, iDefense, MCI, SRA executing professional services for Fortune 1000 and public sector clients. Mr. Chon has served as an adjunct professor at The George Washington University and holds a B.S. in Emergency Medical Services Management from GWU as well. Mr. Chon is a published author and frequent speaker at industry events, TV and radio.
Co-Chair, Accreditation & Credentialing Committee
Board of Directors
Akin Akinbosoye is Director of Cybersecurity at MxD with more than 20 years of experience across Healthcare, Services and Financial Services in operations, risk management and Cybersecurity. Most recently with responsibility for Cybersecurity across Allstate Financial Businesses as the Business Information Security Officer reporting through the CISO’s organization with dotted-line accountability to the CIOs and Business area leadership for these companies. Prior to Allstate, Akin was a Senior Large Bank IT/Cyber Risk Examiner with the Federal Reserve Bank of Chicago with oversight responsibilities for Large/Complex Financial Services Institutions across the Federal Reserve System. Akin, holds a Certificate in Advanced Graduate Studies from Northwestern University, Masters in MIS and Accounting from Middle Tennessee State University; and a Bachelor in Economics. In addition to industry recognized certificates in the fields of Security, Audit and Risk Management.
Chair, Communications Committee
Chair, Committee on Standards
Board of Directors
Wayne Boline, Director – Strategic Cyber Partnerships, joined Raytheon at Missile Systems in Tucson, AZ in 2003 as the Network Manager responsible for classified/unclassified networks and voice systems for the 10,000+ member business. Before joining Raytheon, he served nearly 23 years in the US Air Force in both enlisted and officer roles responsible for areas in Electronic Warfare, Telecommunications, Computer Crime Investigations, and Communications-Computer Systems. In 2006 he transferred to the Raytheon Corporate IT Security organization in Texas and has held roles in Cybersecurity Incident Response and Cybersecurity Information Sharing and Collaboration. He was a Senior Manager with Raytheon Global Business Services (GBS) and led the Global Cyber Compliance Services (GCCS) team until April 2020 when he began leading the Enterprise Compliance group of the newly formed Raytheon Technologies (RTX), a merger of Raytheon and United Technologies. In Jan 2021 he took on the new role of leading Strategic Relationships in the Cyber Policy and Compliance group and in June was promoted to Director – Strategic Cyber Partnerships and reports to the RTX CISO.
Wayne served five years (2011-2016) as the Chairman of the Board of the Defense Security Information Exchange (DSIE) and is a current board member of the National Defense ISAC, the RTX representative to the DOD Defense Industrial Base (DIB) Cybersecurity Program, and Co-Chair of the Aerospace Industries Association (AIA) Cyber Security Committee.
Wayne holds the CISSP, ISSMP, and CCSP certifications, a BS in Information Systems Management from the University of Maryland and an MS in Network Security from Capitol Technology University.
Facility Security Officer
Board of Directors
Paul is the President and Founder of Monoc Securities LLC. Monoc Securities LLC is a Veteran-owned Small Business (VOSB) providing multi-discipline security consulting services to cleared companies or those seeking to be cleared within the National Industrial Security Program (NISP). Paul has participated within the NISP for 20 years working with the Intelligence Community, Department of Defense, and Department of Energy balancing U.S. Government regulatory and security requirements with organizational strategic goals and financial objectives.
Prior to founding Monoc Securities LLC, Paul served as the Senior Vice President for Security and Chief Security Officer for Cobham Advanced Electronic Solutions (CAES), a major aerospace and defense contractor. Prior to Cobham, Paul lead the security programs at ITT Night Vision, CB&I Federal, and the National Academies of Science, Engineering, and Medicine in Washington D.C.
Paul is a National Association of Corporate Directors (NACD) Governance Fellow, holder of NACD’s prestigious Directorship certification, and has completed the NACD sponsored CERT Cyber Risk Oversight Certificate program. Paul holds multiple security & cybersecurity certifications and is a graduate of American Military University (AMU) with a master's degree in Security Management.
Board of Directors
Mathew Newfield is senior vice president and Chief Security and Infrastructure Officer (CSIO) of Unisys. The CSIO organization comprises the former Unisys Information Technology (UIT) and Chief Information Security Office (CISO) organizations. It is responsible for delivering secure solutions that enable the company to serve its clients more effectively and for providing internal IT and security services across the enterprise. Mathew joined Unisys in March 2018 as Chief Information Security Officer. He has more than 19 years of experience in Information Technology, with a focus on security, software-as-a-service operations, risk auditing and management and international mergers and acquisitions.
Prior to joining Unisys, Mathew was Director of Global Managed Security Services for IBM, where he had responsibility for delivery services in 133 countries and managed a staff of 1,500 security professionals. Mathew led IBM’s Managed Security Practice, which performed device management, threat intelligence, managed security information and event management, account governance, project management, deployment services, new service integration business operations, compliance/governance and architecture services. He was also the Business Unit Information Security Officer and Global Process Officer for IBM's Security Services Organization. During his time at IBM, Mathew streamlined operational processes and developed cost reduction methodologies that improved cost control, profitability and client delivery. Prior to IBM, Mathew held senior security leadership roles at Cybertrust, RSA and DDC Advocacy.
Mathew is on the Board of Directors of the National Technology Security Coalition (NTSC), a published author on topics related to security and a speaker on cybersecurity, and has been an instructor at the SANS Institute. He holds a Bachelor of Science degree in Industrial and Organizational Psychology from George Mason University.
Board of Directors
Clifton H. Poole joined Unison Software, Inc. as the Director of Security in August 2018. At Unison (formally Compusearch Software Systems, Inc), he leads the IT security programs which covers a wide range of IT security domains, including: IT security operations, architecture and engineering, secure product development, cyber analytics, security education, awareness and training, and business continuity. As the Unison Privacy Officer, he directs data protection activities. He leads the industrial security teams, which oversees the personnel security, insider threat and facilities security programs.
Prior to joining Unison, Clifton was the Associate Director of Cloud Security and led the offering for Accenture Federal Services. He honed his cyber security acumen while supporting the intelligence community and the Department of Defense. For almost a decade at Raytheon Technologies, he supported the clients as a Chief Information Security Officer, IT Security Architect and IT Security Manager in the Intelligence and Information Systems businesses. Along the way, he represented the company as a member of the DHS Public / Private Partnership improving relationships and shortening the adoption of cyber solutions. As a member of the Raytheon Business Relations team, Clifton helped draft much needed cyber legislation during President Obama administration’s cyber initiatives.
Before joining Raytheon, Clifton honorably served for 21 years as a United States Army Officer enjoying both combat and support assignments. Enlisting as an infantryman, he was later commissioned after completing Officer Candidate School. He enjoyed several assignments before volunteering and earning selection into the United States Army Special Operations Command and being assigned to lead an Operational Detachment-Alpha in 3rd Special Forces Group (Airborne), Fort Bragg, NC.
Clifton earned a Master of Science degree from Northwestern University, a Master of Military Arts and Science degree from the Command and General Staff College, an Education Specialist degree from Nova Southeastern University and a Bachelor of Science degree from Columbus State University. Clifton holds professional certifications with The International Information System Security Certification Consortium (ISC²) and Information Systems Audit and Control Association (ISACA).
- Board members self-nominate
- Board chairman will select Directors, who are then approved by the board
- No more than 1 Director from any single organization
- US Citizen
- Non-felon, must be able to obtain clearance
- Director terms are staggered from 1-3 years
- May not work for a company planning to perform CMMC assessments
- Any Director may serve no more than two 3 year terms and partial terms
- Personal commitment to protecting the United States through improved cybersecurity
- 40+ hours of time per month on average during the first year
- Monthly board meetings
- Frequent Committee meetings
- DoD Supply Chain Community leadership through board committees and advisory councils
- Minimum of two in-person meetings per year in the DC area (travel expenses reimbursed)
The CMMC-AB is accountable for delivering:
- The assessments for 300,000+ companies in the DoD supply chain
- Training for assessors and C3PAOs (Certified 3rd Party Assessor Organizations)
- Infrastructure to support its mission
- Accreditation of organizations and assessors participating in the process
- Adjudication of any protests or issues that develop with individual contractors or audits
- Forward-thinking innovation to automate and improve the cybersecurity defensive posture of the supply chain