Michael Smith
Executive Vice President and Chief Security Officer, Arcfield
Over the past year, Mike Smith and his team have worked diligently to ensure that the security function is viewed as a growth and success enabler across every sector, program and function within the enterprise. In addition to the day-to-day responsibilities of the role — which include providing personnel, physical, cyber and administrative security support — his team also actively embeds itself in proposal development, pipeline strategy initiatives and contract management activities.
One of Smith’s greatest achievements so far this year was when Arcfield’s formal Cybersecurity Maturity Model Certification Level 2 certification was received. Under Smith’s leadership, the company took an early path to CMMC certification by participating in the Joint Surveillance Voluntary Assessment Program. Arcfield received a perfect 110-point JSVAP score, with zero gaps identified and no plan of action and milestones (POA&M) required — a testament to the program, processes and policies Smith has instantiated since taking on the role.
Through the JSVAP, Smith and his team were able to secure Arcfield’s CMMC Level 2 certification while the industry awaited he government’s release of the CMMC 2.0 guidance. Ever the pioneer, Smith encourages his team to be proactive in all they do — they are already hard at work preparing for the company’s upcoming 2026 CMMC 2.0 triennial recertification.
Why Watch
When asked how security teams should evolve to address both the current and future threats targeting national security interests, Smith said, “Simply staying as dynamic as the threat or adversary is not good enough. As security professionals, it is our responsibility to remain one step ahead.”
In keeping true to that spirit of proactivity, the team wasted no time in responding to the Intelligence Community guidance that Sensitive Compartmented Information Facilities must be upgraded to incorporate enhanced electromagnetic protection standards under Intelligence Community Directive 705. So far this year, his team has built and accredited 11 new SCIFs, all of which meet the current and forthcoming technical and physical security standards outlined in ICD 705, well ahead of the December 2028 compliance deadline.
Fun fact: When he’s not focusing on supporting the security needs of the customer, the business or its workforce, Smith said his greatest time spent is on the weekends with his kids and grandchild at the family’s lake house in North Carolina.