2026 ASEE Annual Conference & Exposition

A University Response to the CMMC Mandate: Bridging the Gap Between Academia and the Defense Industrial Base

Presented at Computing and Information Technology Division (CIT) Poster Session

The Department of War (DoW) transition to the Cybersecurity Maturity Model Certification (CMMC) as a requirement for contracts has revealed a critical workforce deficit within the assessment ecosystem. With over 80,000 contractors requiring triennial Level 2 certifications, the current supply of Certified CMMC Assessors (CCAs) is insufficient to meet demand. This bottleneck is exacerbated by a fragmented professional education model and strict experience requirements that favor established professionals over new talent. This Work-in-Progress paper proposes a replicable institutional model for higher education to serve as a workforce pipeline for the Defense Industrial Base (DIB). Using the University of Oklahoma’s Polytechnic Institute (OUPI) as a pilot case study, an integrated, credit-bearing academic concentration has been designed to embed Certified CMMC Professional (CCP) and CCA curricula directly into existing cybersecurity degrees. Further, the pilot incorporates community cybersecurity service, orchestrated through a cybersecurity clinic model to help fulfill, if not satisfy, the experience requirements of the CCA certification. We suggest that by replacing short-term training with semester-long mastery and clinical practice, academic institutions can produce assessment-ready graduates, partially address the assessor shortage, and enhance the long-term resilience of the national defense supply chain.

Authors

Sumner Kirby The University of Oklahoma Polytechnic Institute [biography]

Sumner Kirby is a graduate student in cybersecurity at the University of Oklahoma Polytechnic Institute.
Dr. Chad B Roller http://orcid.org/0009-0003-1934-0427 University of Oklahoma, Polytechnic Institute [biography]

Chad Roller Ph.D. currently serves as a GKFF Assistant Professor at the University of Oklahoma Polytechnic Institute. Prior to joining academia, he spent over 20 years in the energy sector in both technical and executive leadership roles at Shell, Midcon Energy and Contango Resources. Chad earned a Ph.D. at Rice University in Electrical Engineering.
Christopher Freeze http://orcid.org/0009-0000-6196-3853 The University of Oklahoma [biography]

I serve as an assistant professor at the Polytechnic Institute at the University of Oklahoma. I hold a Ph.D. in Organizational and Community Leadership and previously served as a Special Agent and Special Agent in Charge with the FBI. My work focuses on cybersecurity leadership, human-centered security, and behavioral risk in high-stakes environments. I research hope-centered leadership, burnout, workforce resilience, and trust, and I designed OUPI’s Master of Science in Cybersecurity Leadership program to prepare the next generation of cybersecurity leaders.
Kristina Wadley The University of Oklahoma Polytechnic Institute

Note

The full paper will be available to logged in and registered conference attendees once the conference starts on June 21, 2026, and to all visitors after the conference ends on June 24, 2026

« View session

For those interested in:

2 Year Institution
Academia-Industry Connections
information technology