Kevin Schaaff is a cybersecurity professional with an extensive background in both information security, training, and education. As a Principal Systems Engineer with over 24 years of cybersecurity experience supporting the Intelligence Community, he has experience working with a variety of frameworks including the CERT® Resilience Management Model (CERT-RMM), National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), NISCAP, DCID 6/3, NISPOM, ISO 9001, ISO 27001, CMMI, and DIACAP. Kevin has assessed over 100 systems as a Certified High Maturity Lead Appraiser, and dozens of organizations as an ISO Lead Auditor. As a Principal Systems Engineer, he has helped designed and build numerous information systems for DoD and the Intelligence Community in cloud, hybrid, and traditional on-premises configurations including command and control and combat systems.
Kevin’s teaching experience includes over 30 years of developing curriculum and teaching courses in Agile, Project Management, CMMI, and IT Security for several DoD prime contractors, DoD and Civil Agencies and the Intelligence Community. Currently, he is also a Certified CMMI Instructor and supports the development of ISACA training courses. He has also assisted with test development for the CCA and CCP certifications. His work experience includes 24 years in the US Navy, the Software Engineering Institute, Booz Allen Hamilton, Northrop Grumman, CMMI Institute, and ISACA.
Kevin earned a Master of Science in Engineering Acoustics and a Master of Science in Applied Science from the Naval Postgraduate School. He also earned a Bachelor of Science from the United States Naval Academy. His relevant industry certifications include CISSP, PMP, CCA, CHMLA, and CCP.
As part of the Cybersecurity Maturity Model Certification (CMMC) ecosystem, Kevin was one of the first group of people to achieve both CMMC Provisional Instructor and Provisional Assessor status. Kevin was the ISACA representative on the panel that provided initial recommendations to the Government team who created the Cybersecurity Maturity Model Certification (CMMC). He was also a member of the initial industrial group that authored the first version of the CMMC Assessment Process.
Kevin and his wife reside in Jacksonville, FL, and have two sons that are security engineers; one supporting the Intelligence Community and one supporting a global technology company. Kevin has worked in or traveled to over 68 countries.
u003cpu003eBTI succeeds in its mission when an organization is measurably better in a way that makes a real difference, is able to sustain the change for the better, knows that it is better, and is satisfied with the result.u003c/pu003e