The Paramify Podcast

FedRAMP as we know it is changing. In this episode, Mike and Kenny sit down with Mike “Waffle” Craig, founder and CEO of Vanaheim Security and longtime cloud and cybersecurity leader, to unpack what FedRAMP 20x means for agencies and vendors across FedCiv and DoD. We get into compliance philosophy, how to define your boundary the right way, why sponsorship strategies matter, and where scalability will make or break 20x.

Mike Craig ...

“Once you’re in Hotel FedRAMP, you can’t leave.”

Jason Oksenhendler, Cybersecurity Director of FedRAMP®/GovRAMP at Baker Tilly x Moss Adams, sits down with Kenny and Isaac to talk about FedRAMP’s past, how 20x is shaping the future, and why nobody ever really checks out of Hotel FedRAMP.

👉  Key Takeaways:

• FedRAMP 20x was a “hand grenade” for everyone’s roadmap, and it’s already transforming compliance speed and evidence collecti...

In this episode of the Paramify Podcast, Karen Laughton, EVP of Advisory at Coalfire, joins Kenny Scott (CEO of Paramify) and Mike Schreiner to unpack the future of government cybersecurity and compliance modernization. From the hard realities of FedRAMP 20X to lessons learned from the early days of FSMA and CMMC confusion, this conversation pulls no punches.

Karen shares how she broke into cybersecurity via HR (and a saltine-fuele...

It’s not only about faster authorizations—it’s about unlocking the full potential of modern cloud for government.

FedRAMP 20X is how we get there.

In this exclusive roundtable, Pete Waterman (FedRAMP Director), Karen Laughton (EVP of Advisory, CoalFire), Rob Otten (Sr. Director, Risk & Compliance, Flock Safety), Kenny Scott (Founder & CEO, Paramify), and Mike Schreiner (COO, Paramify) break down:

- The mission, process &...

Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.

We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and g...

Today we're sitting down with the Father of FedRAMP himself — Dave Fairburn Jr. — for a raw, detailed, and at times hilarious deep dive into the origin story, evolution, and future of the FedRAMP program. From 16-hour days and bureaucracy battles to 2,500-page documentation drafts reduced by weight tests (yes, really), Dave walks us through how the entire FedRAMP framework was created, challenged, and still, nearly 15 years later, ...

What do DC sneakers, HR-approved marriage advice, and compliance robots have in common? They’re all part of this episode as Kenny and Mike dive into the bold future of FedRAMP 20X — and why it’s finally time to fix the pain points for both private companies and government agencies.

Here’s what they cover:

- The (not) shift in risk ownership — why agencies have always owned the risk and the PMO will focus on standards

- The myth of ...

Today, we're pretending it's August 24, 2024, as Kenny and Mike sit down with Pete Waterman to talk about his backstory and what inspired him to apply to become the new FedRAMP Director. 

Spoiler alert: we discuss frustration, bureaucracy, and a wild career move. Also these things:

- Pete's Origin Story – Every hero has one. - Government Tech: Why Is It So Hard? – Bureaucracy, risk, and the myth of FISMA jail. - The Future of FedRA...

Today Kenny and Mike are talking to the one and only Jason Ford, CEO & Founder of Steel Patriot Partners—a true FedRAMP guru who's been securing systems since digital transformation was still a baby. Jason shares his battle-tested strategies for navigating security audits, implementing encryption the right way, and avoiding common pitfalls that can delay your compliance efforts for months.

Here's what we're tackling in this e...

Getting started with risk management is easier than you think- and you don’t need fancy tools to do it.

In this episode, Kenny and Mike break down how a simple Google Sheet can be your secret weapon for designing a great security program. Whether you’re navigating FedRAMP, SOC 2, or ISO 27001, the key is just getting started—no expensive software required.

If you're a startup founder, security pro, or just compliance-curious, t...

Eric, the CISO at Federal Cyber Defense Solutions and former Chief FedRAMP Strategist at IBM and FedRAMP Leader at HP, shares his journey from growing up on a farm to becoming a CISO and FedRAMP expert. We dive into the challenges of FedRAMP compliance, the evolution of cybersecurity, and how today's security teams can strike the balance between technical expertise and meeting compliance demands.

In this episode, we cover: - The re...

Whether you’re launching a brand-new security program or fine-tuning your existing one, this episode has everything you need to know.

Kenny and Mike are breaking down the 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗽𝗵𝗮𝘀𝗲𝘀 – why they matter and how they can transform your security processes.

Here’s what’s on deck in this episode of The Paramify Podcast: - How to plan your security framework so it’s rock-solid from the start. - Common ...

We’ve heard you. We all want to know just how much it cost The Empire when the first Death Star was blown to oblivion by a young boy from Tatooine? How could the Empire let this happen?

Kenny Scott and Mike Schreiner dive deep into risk management and cybersecurity—all through the lens of Star Wars.

Kenny uses Star Wars analogies to break down key concepts like: • 𝗔𝘀𝘀𝗲𝘁𝘀  (Death Stars) • 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀  (Therm...

Today we’re talking to Tony Bai. He’s got 25 years of experience in cyber defense and operations, Tony Bai serves as the Chief Solutions Officer at RISCPoint. A United States Air Force veteran and lots of leadership experience at leading consulting organizations. Tony specializes in FedRAMP, CMMC and other NIST frameworks and is a leading voice on their latest developments that seem to be pretty intense these days. This is a great ...

We're talking with Mandy Andress, Chief Information Security Officer (CISO) at Elastic. Mandy is making a huge impact in the security industry as the author of Surviving Security: How to Integrate People, Process, and Technology, a Top 100 CISO (C100) Award recipient, and a LinkedIn Top Voice. Her leadership goes well beyond her role as CISO – she's also a trusted advisor to many organizations, a frequent speaker at global conferen...

Today, we’re honored to have Michael Carter on the show! Michael is the Managing Partner and Co-founder of Fortreum. Michael brings over two decades of expertise in cybersecurity and compliance, specializing in FedRAMP, FISMA, PCI, and more. He has held key leadership roles at Coalfire and Veris Group, shaping compliance strategies for top organizations across both government and commercial sectors. Michael’s deep insights into sec...

Today, we're honored to have Alexander Stein on the show. Alexander has a host of experience in Cybersecurity. He has worked as an IT Cybersecurity Specialist at the National Institute of Standards and Technology (NIST). With over two years at NIST focusing on Information Technology and Vulnerability Management, Alex has also held key roles at Flexion Inc. as a Security Practice Lead and Application Security Engineer,

and at BAM Te...

Today, we're honored to have Michael Clauser, on the show. Mike is the Founder & Managing Director of Ark where he helps tech and defense companies navigate government relations. He is a seasoned professional in government affairs, cybersecurity, and national security. Michael has led pivotal roles at Okta, Access Partnership, Analog Devices, and Fujitsu Limited, and served as a national security aide in the Pentagon. With a de...

Today we're honored to have Matt Hillary on the podcast. Matt is the Vice President of Security and Chief Information Security Officer at Drata. He is a seasoned cybersecurity leader with 15 years of experience and a passion for enabling innovation. 

Learn more about Matt Hillary: LinkedIn: https://www.linkedin.com/in/matthewhillary/ Matt Hillary's Forbes Article: https://www.forbes.com/sites/forbestechcouncil/2024/06/20/privacy-by...