Cybersecurity Training · Federal Contracting

Cybersecurity for Contracting Professionals.

Plain-language, acquisition-focused cybersecurity training for Contracting Officers, Contract Specialists, government acquisition teams, and federal contractor support personnel.

Audience

Federal acquisition teams

Designed for Contracting Officers, Contract Specialists, CORs, program support personnel, and non-technical acquisition professionals.

Focus

Cyber risk in contracts

Connects cybersecurity requirements to solicitation language, CUI handling, contractor compliance, proposal review, and post-award performance.

Delivery

Virtual, practical, recorded

Live Teams delivery with screen sharing, chat, optional breakout discussions, attendance tracking, and recording support.

Course Topics

What the training covers

  • Cybersecurity basics in plain language
  • Phishing, ransomware, insider threat, supply chain risk, and data exposure
  • CUI and Covered Defense Information protection
  • DFARS 252.204-7012 and contractor safeguarding responsibilities
  • NIST SP 800-171 and CMMC acquisition impact
  • SSPs, POA&Ms, SPRS scores, and contractor cyber posture documentation
  • Cybersecurity in acquisition planning and solicitation development
  • Proposal review red flags and post-award cyber concerns
Instructor

DoD cyber experience, plain-language delivery

Training is led by Stephen R. Hettman, CISSP, Founder and Lead AI Architect of Surface Vector Technologies, with more than 20 years of DoD and USMC cybersecurity experience across enterprise, tactical, compliance, endpoint, vulnerability management, and RMF/ATO-support environments.

The course is structured to translate cybersecurity requirements into practical acquisition decisions and contract administration awareness.

One-Day Course Agenda

Detailed training flow

0830–0900
Welcome, course purpose, and contracting role in cybersecurityWhy cybersecurity matters in acquisition planning, solicitation development, contractor performance, and CUI protection.
0900–1000
Cybersecurity basics for non-technical acquisition personnelPlain-language terms, common threats, shared responsibilities, and how cyber risk enters through contractors and subcontractors.
1015–1115
CUI, CDI, and data identificationHow information types trigger requirements and why CUI identification matters before solicitation release.
1115–1215
DFARS and DoD contractor cybersecurity requirementsDFARS 252.204-7012, safeguarding, incident reporting, flow-down, and acquisition implications.
1300–1400
NIST SP 800-171, CMMC, SSPs, POA&Ms, and SPRSWhat these items mean, how they relate to contractor responsibility, and what vague contractor claims look like.
1415–1515
Cybersecurity in acquisition planning and solicitationsHow to write clearer cyber requirements and coordinate with program, legal, COR, and cybersecurity personnel.
1515–1600
Proposal review, contractor claims, and cyber red flagsHow to spot unclear claims, missing documentation, weak flow-down, poor CUI handling, and risky cloud/storage approaches.
1600–1645
Practical case studiesScenario discussions for CUI in service contracts, CMMC readiness claims, cyber incidents, and subcontractor handling of government data.
1645–1700
Wrap-up, Q&A, and completionKey takeaways, completion verification, attendance roster, and final questions.

Training Products

Deliverables available for government and contractor training events

Instructor-led sessionLive virtual one-day course delivered through Microsoft Teams.
Course presentationDigital slide deck built for non-technical acquisition audiences.
Student guidePlain-language reference material for participants.
Handouts and checklistsCUI, DFARS, NIST, CMMC, acquisition planning, and proposal red flag references.
Scenario exercisesPractical discussions based on acquisition and contractor performance situations.
Completion supportAttendance/completion roster and MP4 recording support when required.
Need cybersecurity training for contracting or acquisition personnel?

SurfaceVector can tailor the course for federal agencies, prime contractors, subcontractors, and business teams that need to understand cybersecurity requirements without turning the class into a deep technical lab.