In case you want to download it.

If you wanted a faster way to simultaneously enrage your founders, your customers, the Dept. of Defense, and the entire Defense Industrial Base (DIB), you’d be hard-pressed to beat Jeff Dalton at The Cyber AB. Dalton and the AB’s Board recently released its “CRT” consulting packages, which is not only stupid because it makes the AB a competitor of its own customers, but also ensures The Cyber AB shows up in Google searches for “critical race theory.” Well done, Jeff!

It took all of about 4 hours for the shit to hit the fan. Previous CMMC and Cyber AB supporters like Amira Armond ran to LinkedIn to complain about the CRT move, which grants any Cyber AB credentialed consultant (called an “RPO”) rights to use a set of free tools for CMMC consulting. It’s been seen as an attempt by The Cyber AB to fend off the inevitable class action lawsuit by RPOs who were promised a guaranteed income as far back as 2019, when Katie Arrington and the AB were insisting that CMMC would be showing up in government contracts immediately. Here we are headed into 2024, and CMMC is still MIA. All those role-players RPO-ers lost a lot of money based on the AB’s false promises, so the AB is tossing something back in a somewhat sad attempt to freshen the Kool-Aid, and keep them on the hook just a bit longer.

The problem is that since 2020, many RPOs had been working diligently to create their own consulting deliverables and services, without any idea whatsoever that the AB would suddenly throw out a free offering to undermine their entire practices. Thanks to the Dalton Gang, the AB made itself — overnight — a competitor to Armond and other supporters. Imagine what folks like Tom Cornelius of Compliance Forge (which sells dubious CMMC template kits) must think, or Jacob Horne of Summit7. All that time promoting CMMC on your own dime, only to have the hand that feeds you slap you right in the piehole!

Future Feedbag

Now enter James Goepel who, partnering with Mark Berman, sells the CMMC subscription-based consulting product called FutureFeed. If these names sound familiar, they should: both Goepel and Berman were founding Board members of The Cyber AB, back when it was still called the CMMC Accreditation Body.

And both — in my First Amendment, constitutionally-protected opinion— are grifters of the highest order.

It was Berman who, alongside fellow grifter Ty Schieber, dreamed up the “Diamond” fiasco, in which they tried to offer special AB benefits to anyone stupid enough to give them $500,000 donations. (You read that right: half a million dollars a pop.) That grift was exposed early by yours truly and after the mainstream media got ahold of it, Schieber and Berman were thrown out of the AB.

Remember this?

But it wasn’t Berman’s first attempt at what we should call “cybergrifting.” (Imma trademark that.) Nearly as soon as he joined the AB (if not sooner?), Berman was marketing his FutureFeed product as a CMMC compliance tool. Many howled about the overt conflict of interest, but Berman has feigned ignorance with the steadiness of Number 6’s stone boat in The Village. We are supposed to trust Berman is a cybersecurity expert of high intelligence, but also accept he’s too bloody stupid to see a COI when he creates one.

Goepel left shortly after, apparently on his own terms, to support Berman and FutureFeed. Now the poor Padawan is out there painting a giant bullseye on his own back in order to support his Master. Goepel is apparently an attorney, and yet he, too, suffers from the same convenient blindness to conflicts of interest. You’d think lawyers are kinda-sorta supposed to know this stuff.

At least he can represent himself pro se when he inevitably gets sued.

So, it didn’t take long for Berman and Goepel to flip the fuck out over learning The Cyber AB was now their biggest competitor in the market, given it has official support from the US Dept. of Defense, and FutureFeed … not so much.

After The Cyber AB’s CRT announcement, Goepel published a wall of text post on LinkedIn trying to convince people that they shouldn’t use The Cyber AB’s free consulting tools, but instead pay nearly $3000 a month for Future Feed. Goepel – an attorney and clearly not a marketing guy — came up with the most batshit marketing line ever invented by grifters:

“Don’t just settle for free.”

I’m not kidding. Goepel’s Big Attorney Brain sent the dimly-lit signals to his fingers to pound those words on a keyboard somewhere. Because if given the choice, naturally, every sane person would rather give thousands of dollars a month to grifters over getting something for free from other grifters. Right.

Then, the mental giant spices up the offer by saying FutureFeed will reimburse your Cyber AB RPO registration fee and offer a host of other “free” benefits if you sign up. So, when the Cyber AB offers “free” it’s bad, but when FutureFeed does it — in the very same article — it’s good.

Got it?

Math is Hard

Goepel and FutureFeed also have a very strange idea of mathematics. In one sentence alone, Goepel makes the completely unprovable claim that FutureFeed is used by “over 150 Mission Critical service providers,” but then, one sentence later, says it’s a trusted platform used by “hundreds of companies in the CMMC ecosystem.” So 150 = “hundreds”?

I think even famed grifter Roger DeSalvo would have to say, “That sounds like the shit of the bull.”

The Goepel Manifesto (click to enlarge)

Also, the “ecosystem” is not the DIB, but Goepel doesn’t seem to know that. The “ecosystem” is the set of RPOs and others who paid the Cyber AB for its shit-of-the-bull credentials. There’s no way “hundreds” of those dupes bought FutureFeed. So, again, we’re supposed to trust Goepel, who doesn’t even know what the “CMMC ecosystem” is, and who is probably engaging in a little bit of misleading advertising. If not a whole lot of it.

(I’ve captured Goepel’s entire screed on the right, and intentionally made it a tiny thumbnail just to irritate people. Click it if you want to enlarge and read it. It really is a Masterclass on “How Not to Market.”)

Clicking into the FutureFeed website, one finds a confusing meatball-mix of pricing that makes not one bit of goddamned sense. First, it says that “3 subscriptions” have a value of “$15,180.” So that should mean one subscription = $5,060, right?

But then the site says that a subscription costs “$2,950” per annual subscription. But scrolling further, the page says you can only pay $7.500, which is “a cost savings of over $13,875,” so the total would have been $21,375.

Wait, there’s more! Clicking the “apply now” button shows a “terms and conditions” link, which takes you to this post by Berman himself. There, it says, “Powered-by-FutureFeed membership is normally $9,995/year.”

But over at the “pricing” page, it says the most expensive FutureFeed program is only $483 per month, or $5,796 per year.

One clear sign of grifters is when they toss around so many different prices, you eventually have no idea what you’re signing up for, nor how much it will cost.

Not that any of it matters, because — in my First Amendment, constitutionally-protected opinion — no matter how you slice their pricing, it’s all eye-watering.

But, sure, guys… handing you an unclear amount of money for an unclear set of products is better than “free.” You keep believing that, you plucky little devils.

At least from the cheap seats, where I’ve paid exactly ZERO dollars to any of them, this is hilarious to watch.

Grifters Gonna Grift

Now let’s be very clear. The entire CMMC concept was a grift from the beginning, cooked up by failed politician Katie Arrington to create an overnight “cottage industry” for her former boss, Ty Schieber, and a host of other consultant cronies. Arrington herself has gone on to form “LD Innovations LLC Cybersecurity“, selling CMMC consulting services while failing to understand you’re supposed to put “LLC” at the end of your company name, not in the middle. Another stable genius.

Matt Travis, meanwhile, is also playing stupid. In his emails to me, he insists he has no idea that any of this is a violation of ISO 17011, even after I spent an hour on the phone with him, explaining it to him as if he was a four-year-old. The entire CMMC ecosystem apparently thinks weaponized incompetence will save them from lawsuits and debarment and fraud charges.

I’m not convinced.

To be fully honest, I still believe CMMC will never see the light of day. It will sputter on a bit more, perhaps even make it through rulemaking, but will be promptly shut down for any one of a number of reasons:

  1. The DoD’s contract with The Cyber AB was likely illegal from the start.
  2. The Cyber AB’s CAGE code application included fraudulent statements, a felony.
  3. Congress is not going to allow the scheme to launch if it remains as defined in the DoD contract, with Mexico having adjudication authority over the entire scheme.
  4. The Cyber AB will never get ISO 17011 accredited, since they refuse to stop violating the standard. As a result, no C3PAO will ever be accredited by The Cyber AB.
  5. Class action lawsuits will launch — I’m guessing soon — from disgruntled RPOs and C3PAOs who were falsely promised a revenue stream that never materialized; the AB will be bankrupted.
  6. Contests and lawsuits will emerge as soon as The Cyber AB attempts to have any C3PAO do a “real” CMMC assessment.

Pick one, but any single item on that list will kill CMMC.

As I’ve said, the DoD could fix this. The DoD needs to disband the current AB entirely, and create a new scheme in which competing ABs apply for the role. Then, the DoD must take on the role of AB overseer — not the IAAC in Mexico — and perform ISO 17011 audits on them. Any AB that fails gets booted out from the scheme. Loss of any one AB doesn’t doom the entire program, as it risks doing now.

But this would require the DoD to spend money and have actual skin in the game, something the CMMC Program Office has not wanted. It would also dismantle the grift scam set up by Arrington and her pals, and — for whatever reason — John Sherman’s CIO office is still in bed with the grifters.

In my First Amendment, constitutionally-protected opinion, of course.

Advertisements

ISO 45001 Implementation