Where Did Montreat’s Cyber Money Go?

Public grants, a still-unbuilt cyber center, and questions from former staff about how taxpayer funds were tracked

When North Carolina lawmakers began steering public money toward Montreat College’s cybersecurity ambitions, the promise was big: a regional cyber center that would train workers, serve industry, and help position Western North Carolina as a cybersecurity hub.

Years later, the public record tells a more complicated story. Montreat received an initial $2 million state appropriation toward a regional cybersecurity training center, later obtained $30 million for “cybersecurity programs,” and then received another $8 million for the cyber center. Public reporting in 2025 found that the private Christian college had been given $40 million over five years but had used less than $3 million at that point. The long-promised physical cyber center had not been built, and classes were being held virtually out of a building on Montreat’s campus.  

That gap is now at the center of questions being raised by former and current staff sources: Where did the grant money actually go? Was it held in restricted accounts, routed through Montreat’s general operating structure, or mixed into broader institutional finances? And who inside the college had authority to approve, code, and move those funds?

No public record reviewed for this article proves that Montreat leaders stole, diverted, or fraudulently spent grant money. But the public paper trail raises serious oversight questions. We do have proof that President Paul Maurer and his staff knowingly co-mingled grant funds to bolster Montreat's bottom line. And everything we've investigated shows a system in which taxpayer funds flowed to a small private college, its cyber initiative, consultants, fake cyber security companies like "Edison Marks" a start-up owned by Ed Carroll (who is Executive Director of the Carolina Cyber Center) and his best friend, who runs a cheese making company in Ashville, NC, other planning firms, and related programs without the level of transparency usually expected when public money is involved.

Montreat’s own public materials describe the Center for Cybersecurity Education and Leadership as guiding and overseeing its academic cybersecurity program, and the Carolina Cyber Center describes itself as “founded by Montreat College.”  Bt the distinction between Montreat College, the Carolina Cyber Center, and later Carolina Cyber Center Inc. remains central to the money trail. ProPublica’s Nonprofit Explorer lists Carolina Cyber Center Inc. as a separate Black Mountain nonprofit, tax-exempt since April 2025, with reported fiscal-year 2024 revenue of about $2.85 million, expenses of about $2.12 million, and net assets of about $3.58 million.  

Staff sources who spoke on condition of anonymity say internal concerns focused on whether grant funds were sufficiently segregated and traceable. They described a finance structure in which grant activity was handled through the college’s business office, raising questions about whether cyber-center dollars were being tracked separately from Montreat’s broader accounts. That kind of shared accounting is not automatically improper, especially at a small nonprofit, but it becomes a serious issue if restricted grant dollars cannot be traced from receipt to expenditure.

The finance officials best positioned to answer those questions are named in public records. Montreat’s current directory lists John Beaghan as Vice President for Finance & Administration, and a 2022 announcement described him as Montreat’s chief financial officer. There is unequivocal evidence that show Beaghan knowingly co-mingled funds and kept grant money held back into Montreat College's own bank account. Montreat’s 2024 Form 990 lists Paul Maurer as CEO, Beaghan as CFO, and Rhonda Devan as Assistant Vice President for Finance & Administration.  Rhonda Devan left Montreat College, where she was second in the financial department under Beaghan to become the "CFO" of the Carolina Cyber Center, but really, she started her own "consulting firm" and reportedly billed C3 extensively contributing to the dwindling of funds from grants meant to educate the "rising generation" of North Carolina. A 2024 Asheville Chamber biography later described Devan as CEO/CFO of Devan Consulting and said she was involved with Carolina Cyber Center through Devan Consulting. Those records do not prove wrongdoing, but they identify the people and offices that should be asked to produce ledgers, bank records, grant reports, and internal approvals. A Montreat employee who wished to remain anonymous told us that Devan was later fired.

Public records already show spending that deserves scrutiny. The Assembly reported that Montreat billed the state about $400,000 for strategic and master plans that included not only the cyber center but also residence halls, a dining hall, athletic fields, roads, and parking. It also reported payments of more than $105,000 to trustee Ned Kiser and his consulting business for facility master planning, as well as state-funded payments to The Relevate Group and for a “Cultural Summit.”    

Montreat President Paul Maurer told The Assembly that construction had not begun because the college still needed another $15 million. He said the college remained excited about building a regional center that could reach a 250-mile radius around Asheville.   But that explanation does not answer the accounting question: if most of the $40 million was unspent, where was it held, under whose control, and under what restrictions?

A Buncombe County recovery-funds application adds another layer. In 2022, Montreat requested $700,350 for a workforce-recovery project tied to the Carolina Cyber Center, listed $359,850 in confirmed state SCIF grant funds, and listed a pending $1 million Dogwood Health Trust request. The proposed budget also included overhead: 15 percent of certain Dogwood Health Trust expenses and 24 percent for state funding to Montreat/C3.   Overhead charges can be legitimate, but they are exactly the kind of charges that require clear documentation, especially when multiple grant streams are involved.

Former staff sources say one person with inside knowledge of the grant accounting left after internal concerns surfaced. This article is withholding that person’s name until employment records, emails, or multiple independent sources confirm the circumstances of the departure. The key question is not merely who left, but whether anyone inside Montreat warned leadership that cyber grant money was being improperly coded, moved, or spent.

The public record also shows why outside review is warranted. When Montreat first received $2 million, The Assembly reported that the bill language did not require regular legislative reports and that the disbursing state agency did not require Montreat to report how the money was spent. The same reporting found that, after the later $30 million appropriation, the state budget office required expenditure records, but Montreat had spent just shy of $600,000 over two years and little to no money had gone to educational programs.  

The central issue is no longer whether cybersecurity training is important. It is. The issue is whether public money intended for a cyber center and cyber workforce development was managed with the transparency, separation, and accountability taxpayers deserve.

Montreat and its leaders can answer these questions directly by releasing the complete grant ledger for each cyber-related funding stream, bank-account records or restricted-fund schedules showing where unspent money was held, invoices and approvals for all consultant payments, conflict-of-interest disclosures involving trustees or related parties, and any internal emails or memos raising concerns about grant accounting.

Until those records are produced, the question remains unanswered:

Where did the cyber money go—and who, inside Montreat, controlled it?

The Trust Code: Dr. Paul J. Maurer’s Ethical Controversy

The Trust Code Dr. Paul J. Maurer co-authored with Ed Skoudis is a book that has sparked significant controversy. Positioned as a work on ethics, this book ironically embodies the very hypocrisy it claims to address. It was written largely by a ghostwriter and funded in part by a grant from the United States government, raising serious ethical concerns about the integrity of the work and the authors involved.

Hypocrisy in Action

Dr. Paul J. Maurer has built a reputation in academia and leadership, but The Trust Code challenges the ethical foundation of that reputation. The fact that a book on ethics was not entirely authored by its credited authors, and was partially funded by taxpayer money, adds a layer of irony that cannot be overlooked. Dr. Paul J. Maurer’s involvement in this project raises questions about his commitment to the ethical standards he publicly promotes.

Government Funding and Ethical Implications

The use of a United States government grant to fund The Trust Code further complicates the ethical landscape surrounding Dr. Paul J. Maurer. Taxpayer dollars were utilized to produce a book that was not transparently authored, calling into question the ethical use of these funds. This situation exemplifies the disconnect between the ethical principles Dr. Paul J. Maurer claims to uphold and the practices involved in the creation of this book.

The Trust Code: A Case of Ethical Contradiction

The Trust Code was intended to be a guide on ethics, but the methods behind its creation suggest otherwise. The involvement of a ghostwriter and the reliance on government funding for a project that lacked transparency reflect poorly on Dr. Paul J. Maurer. This book serves as a case study in ethical contradiction, where the actions behind the scenes do not align with the public message.