Keynotes, executive briefings, and compliance advisory on regulatory risk, AI governance, and privacy — drawn from 30 years inside regulated industries, not a compliance handbook.
As CISO at Cleared Systems, Carl B. Johnson works with federal contractors, healthcare organizations, defense suppliers, and technology companies on the rules they actually have to live with — HIPAA, CMMC, NIST 800-171, ITAR, CUI, AI governance, and privacy. He is the author of 16 books on regulatory compliance and cybersecurity.
Carl B. Johnson is a regulatory compliance and privacy keynote speaker with 30 years inside the rules that govern federal contractors, healthcare organizations, defense suppliers, and technology companies. He's led 200+ compliance assessments and delivered 85 keynotes across HIPAA, CMMC, NIST 800-171, ITAR, AI governance, and the rapidly evolving rules around data privacy.
His sessions cut through the noise. Where most compliance content overwhelms with checklists and acronyms, Carl translates regulatory complexity into the decisions leaders actually need to make—what to prioritize, where the real risk lives, and how to build programs that stand up to audits, scrutiny, and change. Audiences leave knowing what to do Monday morning, not just what the framework says.
Carl leads compliance strategy at Cleared Systems, where he works with organizations operating under the highest regulatory pressure, and is the author of books on HIPAA, ITAR, CUI, and cybersecurity. He is available for keynotes, executive briefings, panels, and corporate workshops.
How AI, automation, chatbots, and digital tools create new HIPAA risks
AI tools are rapidly being adopted across healthcare—but most organizations don't fully understand the compliance risks they introduce. This session breaks down how AI, chatbots, and automation impact HIPAA, where organizations are unknowingly exposed, and what practical steps can be taken to stay compliant without slowing innovation.
Practical compliance guidance for companies handling controlled unclassified information
Federal contractors are under increasing pressure to meet CUI, NIST 800-171, and CMMC requirements—but many struggle to translate controls into real-world implementation. This session provides a clear, practical roadmap to achieving compliance, avoiding common mistakes, and preparing for audits with confidence.
Defense data, technical data, foreign person access, cloud systems, and common ITAR mistakes
Export control violations are often unintentional—but the consequences are severe. This session explains how ITAR and export controls apply to modern business environments, including cloud systems, remote work, and foreign access. Attendees will learn how to identify risks early and build processes that prevent costly violations.
How modern tools quietly expose data—and what leaders can do about it
As technology evolves, so do the risks that organizations often overlook. This session highlights the hidden ways data is collected, shared, and exposed across modern tools and platforms—helping leaders understand where they are most vulnerable and how to reduce risk in a practical, actionable way.
Building a compliance approach that scales across federal, defense, and public sector contracts
Navigating compliance across DoD, Federal, and SLED environments requires more than checklists—it requires strategy. This session outlines how organizations can approach compliance as a structured, repeatable process that supports growth, improves audit readiness, and reduces operational risk.
Why tools and automation aren’t enough—and what experienced compliance leadership delivers
Many organizations rely on tools and automated systems for compliance—but still fail audits. This session explains the critical role of a regulatory vCISO, why human expertise is essential, and how experienced guidance can bridge the gap between technical controls and true compliance.
Where AI, privacy, and regulation are converging—and how to prepare your organization
Compliance is evolving rapidly as AI, data collection, and regulation reshape the landscape. This keynote explores where compliance is heading, the risks organizations will face next, and how leaders can prepare today to stay ahead of increasing regulatory and operational pressure.
Conversations about cybersecurity, compliance, and the real-world battles organizations face protecting data and proving trust.
New episodes drop every Tuesday on Spotify and Apple Podcasts.
“Carl delivered one of the clearest, most actionable compliance briefings our team has ever attended. He cut through the noise on HIPAA and AI in a way that was both rigorous and practical.”
“Outstanding session on CMMC and NIST 800-171. Carl translated complex requirements into a roadmap our leadership could actually act on. We walked away with a plan, not just a checklist.”
“A genuinely valuable keynote. Carl made privacy, compliance, and emerging AI risks accessible to a broad audience without losing the technical depth that experts need.”
“Carl's expertise on ITAR and export controls is exceptional. His briefing surfaced exposure points across our cloud and remote work environments that we hadn't fully considered.”
“Sharp, engaging, and deeply informed. Carl's perspective on the future of regulatory compliance in an AI-driven world was the highlight of our executive forum.”
Carl delivers keynotes and executive sessions on regulatory compliance and privacy — including HIPAA, CMMC, NIST 800-171, ITAR, CUI, AI governance, and cybersecurity for regulated industries. Sessions translate complex regulations into clear decisions leaders can act on, drawn from 200+ compliance assessments and 30 years inside the rules organizations actually have to live with.
Audiences include federal contractors, healthcare boards, defense suppliers, technology executives, hospital leadership, compliance and privacy officers, and information security teams. He has presented at industry conferences, corporate leadership programs, healthcare technology events, and defense industrial base summits.
Standard keynotes run 45 to 60 minutes with optional audience Q&A. Carl also offers 20 to 30-minute executive briefings, 3 to 4-hour workshops, and full-day deep-dives for technical audiences. Format and length are tailored to the event agenda.
Yes. Every session is tailored to the audience, sector, and event objective. Carl runs a pre-event call with the program chair to align on themes, audience pain points, and the outcome the event is trying to achieve — then builds the talk from current engagements rather than reusing slide decks.
Both. In-person keynotes are available throughout the United States and selectively internationally. Virtual keynotes, panels, and webinars are delivered with broadcast-quality audio and lighting from his Northern Virginia studio.
Carl offers executive briefings, panel participation, fireside chats, board-level advisory sessions, and corporate workshops. He also moderates compliance-focused panels at industry events.
For keynotes at major conferences, six to twelve months ahead is typical. Shorter timelines often work for executive briefings, panels, and webinars — including same-quarter bookings when the calendar permits. Earlier inquiries lock in date and rate.
Carl is a working practitioner. He leads compliance strategy at Cleared Systems and runs live engagements for federal contractors, healthcare organizations, and defense suppliers every week. The result: 200+ compliance assessments, 85 keynotes, and content built from the rules organizations have to navigate today — not last decade's frameworks. He is also the author of books on HIPAA, ITAR, CUI, and cybersecurity.
Speaking fees vary based on event format, audience size, location, and preparation requirements. Carl provides a tailored quote after a brief call to understand the event. Submit details through the contact form to receive a fee proposal.
Submit your event details through the contact form on this site. Include the event date, audience, format, and topic interest, and Carl's team will respond within one business day with availability and a tailored proposal.
Available for keynotes, executive briefings, panels, and corporate workshops on regulatory compliance, AI governance, cybersecurity, and privacy.