in Cybersecurity, Executive Moves, News

Cybersec Investments Appoints Former CMMC Leader Stacy Bostjanick as Government Services Strategy VP

Photo: Stacy Bostjanick/LinkedIn
Stacy Bostjanick, VP of government services strategy at Cybersec Investments. Bostjanick previously led the Pentagon's CMMC
Stacy Bostjanick VP Cybersec Investments

Stacy Bostjanick, former chief of defense industrial base cybersecurity in the Department of War’s Office of the Chief Information Officer, has joined Cybersec Investments as vice president of government services strategy.

Cybersec Investments, a Cybersecurity Maturity Model Certification third-party assessment organization, said Monday that Bostjanick will establish and lead a new division that would deliver cybersecurity services to federal government customers.

Cybersec Investments Appoints Former CMMC Leader Stacy Bostjanick as Government Services Strategy VP - top government contractors - best government contracting event

Hear Bostjanick talk about CMMC at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Bostjanick will join the Cybersecurity at Commercial Speed: Securing CSO Innovation for Defense Missions panel, where she and other government and industry experts will explore how organizations can meet cyber requirements and protect sensitive government data while innovating at the speed and scale of the mission. Do not miss the chance to learn directly from one of the architects of the CMMC — sign up today

Who Is Stacy Bostjanick?

Bostjanick brings 37 years of federal experience spanning cybersecurity, acquisition and defense industrial base protection. She most recently led the Department of War’s CMMC program as director, guiding the initiative from early development through multiple iterations to its current implementation phase. She worked with former DOW CIO Katie Arrington, a 2020 Wash100 winner, to advance the CMMC framework.

She began her federal career in 1989 at the Naval Surface Warfare Center’s White Oak division and later transitioned into contracting, holding key acquisition roles across the department. Her experience includes serving as a senior contracting official at the Missile Defense Agency and as head of contracting at the Defense Intelligence Agency.

Bostjanick retired from government service in March. 

What Is the Status of the CMMC Program?

The Pentagon has begun a phased rollout of CMMC in November 2025, marking a transition from a voluntary framework to mandatory cybersecurity requirements for defense contractors.

The rule, published in the Federal Register, updates the Defense Federal Acquisition Regulation Supplement and establishes tiered security standards based on the sensitivity of government data. Under CMMC 2.0, level one requires basic safeguards for federal contract information, while level two mandates compliance with 110 National Institute of Standards and Technology Special Publication 800-171 controls to protect controlled unclassified information. Level three introduces additional requirements aligned with NIST SP 800-172 to address advanced threats.

The implementation will occur over four phases across three years. The current phase requires contractors to complete self-assessments for level one or level two requirements. Phase two will introduce mandatory third-party certifications for level two compliance, a key step in strengthening accountability across the defense industrial base.

Later phases will expand certification requirements, with phase four requiring full compliance with all applicable CMMC standards for contract awards.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity

mm

Written by Elodie Collins

Photo: Mike Kushin / LinkedIn
Mike Kushin. The president of defense and intel at Parsons commented on the partnership with EVERYWHERE Communications.
EVERYWHERE Communications, Parsons Partner on Autonomous Drone Operations