The Paramify Podcast

“There’s a 5% chance of a $5 million loss. Is it exactly right? No. But it’s way better than saying medium, because medium means nothing.”

Kenny sits down with Rob Black, Founder and CEO of Fractional CISO, to break down how to translate cyber risk into language executives actually act on: probability, dollars, tradeoffs, and clear acceptance instead of vague labels that disappear into a slide deck.

We also get into the “magic geni...

Federal compliance is having a moment. FedRAMP, FedRAMP 20x, CMMC, the whole alphabet soup is going mainstream, fast.

In this episode of The Paramify Podcast, we sit down with Justin Rende, Founder and CEO of Rhymetec, to talk about what’s actually changing, what’s still painfully hard, and why “compliance automation” only works if you stay obsessed with real risk.

Justin also shares his origin story (tech ➝ film festivals ➝ tech),...

“There’s this misconception in the marketplace that you need to be a coder to do GRC Engineering. You don’t. I don’t want people to be bogged down in scripting. I want them to be systems thinkers focusing on architecture and orchestration.”

Kenny and Mike sit down with the GOATed pioneer of GRC Engineering, Ayoub Fandi. In case you’ve been living under a rock, Ayoub is the Security Assurance Automation Team Lead at GitLab and the F...

Kenny and Mike sit down with Dixon Wright, Head of Delivery at Eden Data, for a grounded and insightful conversation on security, compliance, and building smarter systems.

They cover:

- Dixon’s journey from college football to leading security at Eden Data

- What it takes to actually deliver cybersecurity — not just sell it

- Why Eden Data joined the FedRAMP 20x pilot

- How compliance is evolving across commercial and federal secto...

"The AI age we're in is going to force startups to compete in the higher upper echelon of risk assurance."

Jack Rumsey Head of GRC at Swimlane explains why startups will no longer have the luxury of maturing later and how the AI era is pushing even early-stage teams into enterprise-grade security.

This episode covers why assurance needs to evolve, how 20X can level the playing field, why automation is changing everything about how ...

Security isn’t sexy. It’s laundry. You know you need to do it, but you’d rather have a tool do it for you.

Kenny Scott and Mike Schreiner from Paramify sit down with George Manuelian from RapidFort to talk about freeing the captives — the engineers buried in spreadsheets, patch tickets, and compliance chaos.

They cover:

Why security always seems at odds with progress

How automation can fix what boredom created

The giant washi...

FedRAMP as we know it is changing. In this episode, Mike and Kenny sit down with Mike “Waffle” Craig, founder and CEO of Vanaheim Security and longtime cloud and cybersecurity leader, to unpack what FedRAMP 20x means for agencies and vendors across FedCiv and DoD. We get into compliance philosophy, how to define your boundary the right way, why sponsorship strategies matter, and where scalability will make or break 20x.

Mike Craig ...

“Once you’re in Hotel FedRAMP, you can’t leave.”

Jason Oksenhendler, Cybersecurity Director of FedRAMP®/GovRAMP at Baker Tilly x Moss Adams, sits down with Kenny and Isaac to talk about FedRAMP’s past, how 20x is shaping the future, and why nobody ever really checks out of Hotel FedRAMP.

👉  Key Takeaways:

• FedRAMP 20x was a “hand grenade” for everyone’s roadmap, and it’s already transforming compliance speed and evidence collecti...

In this episode of the Paramify Podcast, Karen Laughton, EVP of Advisory at Coalfire, joins Kenny Scott (CEO of Paramify) and Mike Schreiner to unpack the future of government cybersecurity and compliance modernization. From the hard realities of FedRAMP 20X to lessons learned from the early days of FSMA and CMMC confusion, this conversation pulls no punches.

Karen shares how she broke into cybersecurity via HR (and a saltine-fuele...

It’s not only about faster authorizations—it’s about unlocking the full potential of modern cloud for government.

FedRAMP 20X is how we get there.

In this exclusive roundtable, Pete Waterman (FedRAMP Director), Karen Laughton (EVP of Advisory, CoalFire), Rob Otten (Sr. Director, Risk & Compliance, Flock Safety), Kenny Scott (Founder & CEO, Paramify), and Mike Schreiner (COO, Paramify) break down:

- The mission, process &...

Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.

We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and g...

Today we're sitting down with the Father of FedRAMP himself — Dave Fairburn Jr. — for a raw, detailed, and at times hilarious deep dive into the origin story, evolution, and future of the FedRAMP program. From 16-hour days and bureaucracy battles to 2,500-page documentation drafts reduced by weight tests (yes, really), Dave walks us through how the entire FedRAMP framework was created, challenged, and still, nearly 15 years later, ...

What do DC sneakers, HR-approved marriage advice, and compliance robots have in common? They’re all part of this episode as Kenny and Mike dive into the bold future of FedRAMP 20X — and why it’s finally time to fix the pain points for both private companies and government agencies.

Here’s what they cover:

- The (not) shift in risk ownership — why agencies have always owned the risk and the PMO will focus on standards

- The myth of ...

Today, we're pretending it's August 24, 2024, as Kenny and Mike sit down with Pete Waterman to talk about his backstory and what inspired him to apply to become the new FedRAMP Director. 

Spoiler alert: we discuss frustration, bureaucracy, and a wild career move. Also these things:

- Pete's Origin Story – Every hero has one. - Government Tech: Why Is It So Hard? – Bureaucracy, risk, and the myth of FISMA jail. - The Future of FedRA...

Today Kenny and Mike are talking to the one and only Jason Ford, CEO & Founder of Steel Patriot Partners—a true FedRAMP guru who's been securing systems since digital transformation was still a baby. Jason shares his battle-tested strategies for navigating security audits, implementing encryption the right way, and avoiding common pitfalls that can delay your compliance efforts for months.

Here's what we're tackling in this e...

Getting started with risk management is easier than you think- and you don’t need fancy tools to do it.

In this episode, Kenny and Mike break down how a simple Google Sheet can be your secret weapon for designing a great security program. Whether you’re navigating FedRAMP, SOC 2, or ISO 27001, the key is just getting started—no expensive software required.

If you're a startup founder, security pro, or just compliance-curious, t...

Eric, the CISO at Federal Cyber Defense Solutions and former Chief FedRAMP Strategist at IBM and FedRAMP Leader at HP, shares his journey from growing up on a farm to becoming a CISO and FedRAMP expert. We dive into the challenges of FedRAMP compliance, the evolution of cybersecurity, and how today's security teams can strike the balance between technical expertise and meeting compliance demands.

In this episode, we cover: - The re...

Whether you’re launching a brand-new security program or fine-tuning your existing one, this episode has everything you need to know.

Kenny and Mike are breaking down the 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗽𝗵𝗮𝘀𝗲𝘀 – why they matter and how they can transform your security processes.

Here’s what’s on deck in this episode of The Paramify Podcast: - How to plan your security framework so it’s rock-solid from the start. - Common ...