The Paramify Podcast

FedRAMP 20x, CMMC, and the Future of GRC with Matt Bruggeman

Tue, 26 May 2026 11:00:00 -0600

"For years defense contractors kept hearing CMMC's coming. And then it kept not coming. So they grew this boy who cried wolf mentality where once it finally really was coming, they were like, I've heard that before." - Matt Bruggeman

Kenny and Mike sit down with Matt Bruggeman, Director of Federal GTM at A-LIGN. Matt has done it all, he's a trained electrical engineer, improv comedian, and independent filmmaker. Matt's birthday was yesterday so this episode is basically his gift. Happy birthday Matt 🎂

In this episode, they talk about where CMMC actually stands today, why the November 10th Phase 2 deadline changes everything, and what FedRAMP® 20x could mean for the future of CMMC.

Chapters:
00:00 The State of CMMC in 2026
01:00 Intro and Meet Matt Bruggeman
02:52 Matt's Unconventional Path to GRC
06:11 About A-LIGN and the Ascend Platform
08:14 CMMC Today: What's Working and What Needs to Change
09:19 Phase 1 vs Phase 2 and the November 10th Deadline
11:01 NIST 171 Rev 2 vs Rev 3: What's the Plan?
15:46 FedRAMP 20X: Hype vs Reality
19:01 Why FedRAMP Was Broken from the Start
23:28 How to Think About Rev 5 vs 20X for Your Business
27:52 FedRAMP Equivalency Explained
31:36 The Technical Reality of a CMMC Assessment
35:27 Compliance Doesn't Have to Be Boring
37:30 How to Get Into the GRC Space
40:19 Where to Find Matt and A-LIGN

Connect with our guest:

Matt Bruggeman: https://www.linkedin.com/in/matt-bruggeman/

A-LIGN: https://www.a-lign.com
A-LIGN on LinkedIn: https://www.linkedin.com/company/a-lign/

Paramify:
Website: https://www.paramify.com
LinkedIn: https://www.linkedin.com/company/80788473/

Hosts:
Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/
Mike Schreiner: https://www.linkedin.com/in/mikecschreiner/

AI, FedRAMP and the "Dark Matter" of Data with Bhanu Jagasia and Vincent Tham

Mon, 18 May 2026 11:00:00 -0600

Is legacy compliance actually dead?

In this episode of the Paramify Podcast, we sit down with Bhanu Jagasia and Vincent Tham from BladeStack to talk about the massive shift happening in the GRC world. From the "dark matter of data" to the transition toward FedRAMP 20X, we’re moving away from 1,500-page "black box" documents and toward real-time, automated evidence.

We also dive deep into the AI hype: Will knowledge workers be automated by 2027? Why does "vibe coding" fail in high-stakes compliance? And how can lean teams punch above their weight class using deterministic automation?

Connect with BladeStack:
LinkedIn: bladestack.io
Bhanu Jagasia: linkedin.com/in/bhanujagasia
Vincent Tham: linkedin.com/in/vincenttham
Website: bladestack.io

Connect with Paramify:
LinkedIn: linkedin.com/company/paramify
Kenny Scott: linkedin.com/in/kenny-g-scott
Mike Schreiner: linkedin.com/in/mikecschreiner
Website: paramify.com

0:00 Intro & Evidence Automation
1:27 Welcome to the Paramify Podcast
3:00 How Bladestack Got Started
6:29 Evidence Automation & the "Dark Matter" of Data
12:31 Why Expertise Still Matters in FedRAMP
14:37 Bladestack's Tech-First Approach to Compliance
18:40 AI Hype vs Reality in FedRAMP
22:52 Understanding What LLMs Actually Are
26:34 The Problem with Legacy SSPs
28:06 Why FedRAMP 20X Changes Everything
36:40 The Legacy FedRAMP Process Was Broken
40:32 How Bladestack Leverages AI Internally
43:19 Branding in an AI-Commoditized World
46:31 AI's Impact on the Threat Landscape
49:53 The Future of Compliance
54:00 Where to Find Bladestack

GRC Engineering, FedRAMP 20x, and AI with Ethan Troy

Tue, 12 May 2026 10:59:59 -0600

"Anytime someone says something is dead, that's exactly what I have to go learn." - Ethan Troy

Kenny and Isaac sit down with Ethan Troy, Senior GRC Engineer at TRM Labs, Head of AI Research at GRC Engineering Club, and Hacker at hackIDLE. One of the GOATs of GRC engineering. He's been shipping GRC tools, automations, and agents nonstop.

He's assessed FedRAMP packages from the 3PAO side at Coalfire and A-LIGN. He's pentested for the Department of the Treasury. He built a FedRAMP 20x assessment app before most people knew what 20x was.

His job interview at TRM Labs? They made him build an AI agent.

And yes, this is the first Paramify Podcast Isaac is on.

We got into:

→ Why now is the best time to learn something new

→ Why 85% of a good GRC agent is deterministic code, not AI

→ How to actually build agents (dog food your own stuff, stop one-shotting)

→ Why the SSP is becoming the SSDR (System Security Decision Record) and what that means for FedRAMP® 20x

→ Why domain expertise is what separates good AI output from great AI output

FedRAMP is changing rapidly. Want to learn more about these changes check out this webinar here: https://lnkd.in/ge9wQ2Zf

Learn more about Ethan Troy:
https://www.linkedin.com/in/ethantroy/?skipRedirect=true

Learn more about TRM Labs:
https://www.trmlabs.com/

Learn more about Kenny Scott:
https://www.linkedin.com/in/kenny-g-scott/

Learn more about Isaac Teuscher:
https://www.linkedin.com/in/isaacteuscher/

Learn more about Paramify:
https://www.paramify.com/

Chapters:

00:58 - Introductions & GRC Engineering

02:12 - From Nursing to Cybersecurity

05:18 - The Problem with Legacy GRC Tools

12:13 - FedRAMP 2.0: The End of SSPs?

16:48 - The FedRAMP Marketplace Metaphor

24:38 - Outcome-Based vs. Hourly Consulting

31:51 - Automating Evidence Collection

37:16 - AI & Real-Time Incident Response

45:10 - Secure Configuration Guides

52:43 - Building an AI-First Culture

58:51 - Principles for AI Agents in GRC

01:05:03 - The 85/15 Rule for AI Logic

Justin Merhoff on FedRAMP 20x, Secure AI, Trust Centers, and Modern Cybersecurity

Mon, 02 Mar 2026 14:03:05 -0600

In this episode of The Paramify Podcast, Kenny sits down with Justin Merhoff to talk about what makes security actually work: usability, speed, adaptability, and real-world adoption.

Justin shares lessons from nearly three decades in cybersecurity, from his time in the U.S. Army to leading security and compliance programs in the private sector. The conversation covers FedRAMP 20x, trust centers, secure AI, accessibility in cybersecurity, and why security should support the business instead of slowing it down.

They also get into the real burden of FedRAMP and CMMC documentation, why better tooling can reduce burnout for lean security teams, and why “usable security” is often the difference between a control that works in practice and one that only looks good on paper.

Note: At the time this episode was recorded, Justin was with Rhymetec. He is now Director of Compliance at DTEX.ai.

Links:
Justin Merhoff on LinkedIn: https://www.linkedin.com/in/justinmerhoff
Kenny Scott on LinkedIn: https://www.linkedin.com/in/kenny-g-scott
DTEX.ai: https://www.dtex.ai/
Paramify: https://www.paramify.com/

In this episode, you’ll hear:
- Why usable security is better security
- How secure AI can help small teams move faster
- Why trust centers are becoming more important
- How accessibility gaps can create real security risk
- Why servant leadership matters in cybersecurity
- Why FedRAMP 20x is shifting the focus back to risk

Chapters:
0:00 Secure AI, lean teams, and why the right tools matter
1:12 Intro to Justin Merhoff
2:08 How Justin got started in cybersecurity
8:31 Army stories, leadership, and early security lessons
16:06 Moving from the military into corporate security
19:17 Why security should enable the business
20:45 The future of trust centers
25:20 Secure AI, small teams, and reducing compliance burnout
29:32 Why FedRAMP 20x is a needed change
36:31 Cyber leadership, adaptability, and how people break into security
44:13 Why accessibility is a cybersecurity issue
51:18 What Justin was doing at the time and how Rhymetec helps clients
54:35 Outro

This episode is a great listen for anyone working in FedRAMP, CMMC, GRC, compliance, security leadership, or third-party trust.

An Apropos of Nothing

Tue, 17 Feb 2026 14:38:21 -0600

Today's episode is An Apropos of Nothing.

This episode is optional, you can skip it if you want, but it's a pretty honest glimpse into what hanging out with us is actually like.

Making Risk Make Sense with Rob Black

Mon, 02 Feb 2026 12:48:55 -0600

“There’s a 5% chance of a $5 million loss. Is it exactly right? No. But it’s way better than saying medium, because medium means nothing.”

Kenny sits down with Rob Black, Founder and CEO of Fractional CISO, to break down how to translate cyber risk into language executives actually act on: probability, dollars, tradeoffs, and clear acceptance instead of vague labels that disappear into a slide deck.

We also get into the “magic genie” myth of GRC tools, what vCISO looked like back in 2017, and the origin story behind Rob’s legendary wig videos.

Key takeaways:
• How to quantify risk without pretending it’s perfectly precise
• Why “high/medium/low” breaks the conversation with leadership
• Where humans are still required (even with great tools)

Learn more about Rob Black here:
https://www.linkedin.com/in/blackrob/

Learn more about FractionalCISO:
https://fractionalciso.com/

Learn more about Kenny:
https://www.linkedin.com/in/kenny-g-scott/

Learn more about Paramify:
https://www.paramify.com/

From Film to FedRAMP with Justin Rende

Tue, 20 Jan 2026 14:09:47 -0600

Federal compliance is having a moment. FedRAMP, FedRAMP 20x, CMMC, the whole alphabet soup is going mainstream, fast.

In this episode of The Paramify Podcast, we sit down with Justin Rende, Founder and CEO of Rhymetec, to talk about what’s actually changing, what’s still painfully hard, and why “compliance automation” only works if you stay obsessed with real risk.

Justin also shares his origin story (tech ➝ film festivals ➝ tech), how Rhymetec grew from early penetration tests into full vCISO and compliance programs, and the most New York lead gen strategy ever: biking around the city delivering Google Homes and handwritten notes to prospects.

If you’ve ever been promised an “easy button” for SOC 2, ISO, or FedRAMP, this one’s for you.

In this episode:

Why federal compliance is exploding (and why it’s not slowing down)

FedRAMP 20x and the pace of government innovation (yes, really)

The risk of “checkbox compliance” in a world of automation

How to set expectations with customers when security is never just one toggle

Bootstrapping, building recurring revenue, and staying flexible

Customer experience as the real differentiator (care scales better than you think)

Where to find Justin and Rhymetec:
https://rhymetec.com
/ justin-rende

Learn more about Paramify:
Paramify website: https://www.paramify.com/
Mike Schreiner (LinkedIn): / mikecschreiner
Kenny Scott (LinkedIn): / kenny-g-scott

Chapters

0:00 Federal compliance is exploding (and getting mainstream)
0:30 Welcome to The Paramify Podcast + Justin Rende intro
1:34 Justin’s origin story: tech ➝ film ➝ tech
2:53 Starting Rhymetec with pentesting (and betting on SaaS early)
4:25 Tribeca and Doha: running VIP experiences and meeting “heroes”
5:33 The real lesson from film: make the customer have a good time
7:01 Mess-ups happen, recovery is the job
8:15 “Don’t meet your heroes” (Rudy story)
9:24 Leaving film, chasing stability, spotting outdated consulting
10:43 Bootstrapping vs taking investment and why flexibility wins
13:53 From big pentest checks to recurring revenue and vCISO programs
15:24 Employee experience: quality of life, culture, and remote done right
18:10 SOC 2 and ISO automation: the pros, the cons, and the risk gap
20:25 The “easy button” myth (MFA is never just one button)
21:38 Sales overpromising, complexity, and doing right by the customer
25:36 Biking NYC: Google Homes, handwritten notes, and standing out
27:13 “Magic” in packaging, Alchemy, and why it works
31:28 Why Rhymetec leaned into federal compliance
32:24 SOC 2 race to the bottom vs doing it the right way
39:15 What’s improving in federal compliance (and what still hurts)
40:11 FedRAMP 20x innovation and building in public
42:52 FedRAMP scale, CMMC scale, and why it’s all accelerating
44:29 Legacy environments and why DoD adoption takes longer
46:24 Where to find Rhymetec + closing thoughts

GRC Lasagna with Ayoub Fandi

Mon, 05 Jan 2026 12:29:46 -0600

“There’s this misconception in the marketplace that you need to be a coder to do GRC Engineering. You don’t. I don’t want people to be bogged down in scripting. I want them to be systems thinkers focusing on architecture and orchestration.”

Kenny and Mike sit down with the GOATed pioneer of GRC Engineering, Ayoub Fandi. In case you’ve been living under a rock, Ayoub is the Security Assurance Automation Team Lead at GitLab and the Founder of GRC Engineer.

This episode covers Ayoub’s wild pivot from middle school English teacher to sending 500 cold LinkedIn DMs to break into security. We dive into his first trip to Utah (discovery of "sugarcane fillets" and life-changing butter cake), why APIs are the “landlines” of the past, and how he sparked the movement behind the GRC Engineering Manifesto to give practitioners their own “Phoenix Project” moment for compliance.

Key Takeaways:
* Systems Over Scripts: GRC Engineering isn't about being a "coder." It’s about systems thinking and moving away from the "crawl space" of manual scripting.
* The "Cell Phone" Moment: Why GRC is skipping the "landline" era of APIs and jumping straight to agentic workflows with MCP (Model Context Protocol).
* FedRAMP® 20x: How Key Security Indicators (KSIs) move the burden of proof from 4,000-page narratives to 80%+ automated validation.
* The 7-Minute Threat: AI-powered adversaries can pop a machine in 7 minutes. If your compliance isn't "threat-driven," it's irrelevant.

Learn more about Ayoub:
Gitlab: https://about.gitlab.com/
GRC Engineer: https://grcengineer.com/
GRC Engineer Podcast: https://www.youtube.com/channel/UC8cvmIXoEEBs0dryLh2p2cA
Ayoub's LinkedIn: https://www.linkedin.com/in/ayoubfandi/

Learn more about Paramify:
Website: https://www.paramify.com/
Kenny's LinkedIn: https://www.linkedin.com/in/kenny-g-scott/
Mike's LinkedIn: https://www.linkedin.com/in/mikecschreiner/

Chapters

00:00 Intro — Utah, butter cake, and Ayoub's first time in the U.S.
02:00 How Ayoub got into GRC (500 cold DMs and ISO cramming)
09:00 Struggling to commit to GRC — until Adobe's program changed everything
13:00 What GRC Engineering actually means
15:00 Why evidence collection is plumbing, not strategy
20:00 Why AI won’t kill GRC — it’ll force it to grow up
25:00 Architecting assurance: the new role of GRC
30:00 Why APIs are losing ground to agentic protocols like MCP
35:00 Landlines vs. Cell Phones: How automation skipped a generation
38:00 Platformization, assurance, and the SaaS vendor dilemma
43:00 Can platforms fix SOC 2 quality?
48:00 Sticker fatigue and the case for continuous assurance
52:00 Why threat-driven compliance is the only way forward
56:00 Advice for early-career GRC professionals in an AI-native world

SOC 2, FedRAMP 20x, and the Future of Audits with Dixon Wright

Tue, 16 Dec 2025 15:44:49 -0600

Kenny and Mike sit down with Dixon Wright, Head of Delivery at Eden Data, for a grounded and insightful conversation on security, compliance, and building smarter systems.

They cover:

- Dixon’s journey from college football to leading security at Eden Data

- What it takes to actually deliver cybersecurity — not just sell it

- Why Eden Data joined the FedRAMP 20x pilot

- How compliance is evolving across commercial and federal sectors

- Why trust, transparency, and execution matter more than buzzwords

It’s one of the most real conversations we’ve had about what delivery actually looks like in the compliance world.

Chapters
00:00 Intro: From field goals to FedRAMP
02:00 Dixon’s career in security consulting
05:00 What Eden Data does and who they serve
09:00 Joining the FedRAMP 20x pilot
14:00 Building credibility through execution
18:00 Security in practice vs. theory
23:00 Why delivery teams need flexibility
27:00 Shifts in federal and commercial compliance
32:00 Trust, tools, and transparent reporting
36:00 The future of cybersecurity delivery
41:00 Final thoughts

Learn more about Eden Data:
https://www.edendata.com

Learn more about Dixon Wright:
/ dixon-wright-aab68321

Learn more about Paramify:
https://www.paramify.com/

Learn more about Kenny:
/ kenny-g-scott
Learn more about Mike:
/ mikecschreiner

The Future of GRC with Jack Rumsey

Mon, 08 Dec 2025 12:30:00 -0600

"The AI age we're in is going to force startups to compete in the higher upper echelon of risk assurance."

Jack Rumsey Head of GRC at Swimlane explains why startups will no longer have the luxury of maturing later and how the AI era is pushing even early-stage teams into enterprise-grade security.

This episode covers why assurance needs to evolve, how 20X can level the playing field, why automation is changing everything about how companies prove trust, and Jack's brief era as "the richest fifth-year college student of all time."

Key Takeaways:
• Automation is reshaping how companies prove trust and security
• Startups will need enterprise-grade security earlier than ever
• Continuous monitoring is becoming the new foundation for real assurance

Chapters
00:00 Security teams are drowning
02:40 Scaling trust in public sector
06:10 Check-the-box isn’t cutting it
10:00 The promise of low-code automation
13:40 Swimlane’s mission and momentum
17:00 How to reduce alert fatigue
21:30 Integrating detection with compliance
26:15 CMMC and automation opportunities
30:00 Why orchestration needs flexibility
34:00 Future of GRC tooling
36:50 Final thoughts on doing more with less

Learn more about Jack Rumsey:
https://www.linkedin.com/in/jack-rumsey-83303469/
Learn more about GRC Destroyer: https://grcdestroyer.substack.com
Learn more abou Swimlane: https://swimlane.com

Learn more about Kenny: https://www.linkedin.com/in/kenny-g-scott/
Learn more about Mike: https://www.linkedin.com/in/mikecschreiner/
Learn more about Paramify: https://www.paramify.com/

Learn more about Jack Rumsey:
https://www.linkedin.com/in/jack-rumsey-83303469/
Learn more about GRC Destroyer: https://grcdestroyer.substack.com
Learn more abou Swimlane: https://swimlane.com

Learn more about Kenny: https://www.linkedin.com/in/kenny-g-scott/
Learn more about Mike: https://www.linkedin.com/in/mikecschreiner/
Learn more about Paramify: https://www.paramify.com/

The Giant Washing Machine of Open Source: Container Security with George Manuelian

Mon, 27 Oct 2025 11:19:54 -0600

Security isn’t sexy. It’s laundry. You know you need to do it, but you’d rather have a tool do it for you.

Kenny Scott and Mike Schreiner from Paramify sit down with George Manuelian from RapidFort to talk about freeing the captives — the engineers buried in spreadsheets, patch tickets, and compliance chaos.

They cover:

Why security always seems at odds with progress

How automation can fix what boredom created

The giant washing machine for open source

Starting clean, staying clean, and why “7 million vulnerabilities” isn’t a vibe

FedRAMP, CMMC, and the art of not losing your mind in compliance

It’s the least boring conversation you’ll ever hear about vulnerabilities.

The End of FedRAMP as We Know It? Mike Craig on 20x, DoD, and What’s Next

Mon, 22 Sep 2025 12:11:49 -0600

FedRAMP as we know it is changing. In this episode, Mike and Kenny sit down with Mike “Waffle” Craig, founder and CEO of Vanaheim Security and longtime cloud and cybersecurity leader, to unpack what FedRAMP 20x means for agencies and vendors across FedCiv and DoD. We get into compliance philosophy, how to define your boundary the right way, why sponsorship strategies matter, and where scalability will make or break 20x.

Mike Craig shares hard-won lessons from incident response, multi-cloud ATOs, and advising startups so they don’t burn six or seven figures chasing the wrong path.

What we cover:

• Why FedRAMP 20x signals the future of federal compliance

• Sponsorship realities, Ready pitfalls, and how small vendors survive

• Boundary, data flows, and “if you can’t draw it, you can’t secure it”

• Zero trust in practice and multi-zone risk profiles across stacks

• AI and LLM/RAG inside a FedRAMP world and change approval at scale

• JAB is gone, human variance is not, and how to navigate the psychology of yes

• CSFC as a model for defined stacks and what that could mean for AI patterns

• Practical diagramming tips and the surprising power of PowerPoint

• The “Waffle” origin story and a DoD “Beta Blocks” style experiment

Guest:
Learn more about Mike Craig: https://www.linkedin.com/in/michaelcraig26/
Learn more about Vanaheim Security: www.vanaheimsecurity.com

Learn more about Paramify:
https://www.paramify.com/?utm_source=MikeCraig&utm_medium=Podcast&utm_campaign=Mikecraig&utm_id=Podcast&utm_term=podcast&utm_content=Mikecraig

Exploring FedRAMP 20x, GovRAMP, FISMA, or CMMC and want a faster path to audit-ready deliverables and ConMon at scale? Talk to Paramify. We help teams get compliant and stay compliant 90% faster at a quarter of the cost.

Timestamps / Chapters
0:00 — “FedRAMP as we know it” and the 20x future
1:42 — Welcome back to The Paramify Podcast (Mike & Kenny)
3:01 — Meet Mike “Waffle” Craig (Vanaheim Security)
4:04 — Hero’s journey: Air Force → cyber → IR → compliance
5:04 — “Cyber warfare” era and being the translator across teams
6:02 — Global regs, midnight IR, and burnout
7:04 — From IR to compliance architecture & multi-cloud ATOs
8:05 — Protecting small vendors from six–seven figure mistakes
9:11 — When compliance runway kills a program (DoD case)
11:03 — Waffle’s 0% abandonment rate and why it matters
11:14 — DoD “defense combine” experiment (Beta Blocks vibe)
13:41 — Operators, COs, entrepreneurs: fixing feedback loops
16:26 — Federal sponsorship 101 (pre-20x) and targeting wisely
18:16 — Two bad options for first-timers: sponsor vs. Ready gamble
21:02 — FedRAMP Ready pitfalls and the 12-month clock
22:08 — Cost realities (150k+ assessments) for small teams
22:44 — Why 20x changes the game (starting low, scaling up)
27:04 — Compliance philosophy: scope, boundaries, and frameworks
30:00 — “If you can’t draw it, you can’t secure it” (data flows)
31:04 — Hot take: PowerPoint is the best diagramming tool
33:39 — Prototype confession: Excel/Sheets and millennial ops
37:39 — 20x at scale: staffing, humans-in-the-loop, and risk
39:07 — Post-JAB reality: more variance, harder prediction
40:05 — LLM/RAG in FedRAMP: data sources & significant change
42:05 — Boundaries got harder—how to think about them
43:08 — Paramify’s CIA risk profile approach across stacks
47:01 — Corporate, dev, infosec, tech-ops: multi-zone modeling
49:05 — Knowing your data (AI makes the gap bigger, faster)
50:06 — Control weighting & psychology of “yes”
50:47 — NSA CSFC as a model for defined stacks
52:02 — Could FedRAMP define AI patterns? (playbook potential)
54:46 — Where to find Mike / Vanaheim Security
55:31 — Name jokes and close

#45 - The Evolution of FedRAMP and FedRAMP 20x with Jason Oksenhendler

Mon, 25 Aug 2025 15:13:45 -0600

“Once you’re in Hotel FedRAMP, you can’t leave.”

Jason Oksenhendler, Cybersecurity Director of FedRAMP®/GovRAMP at Baker Tilly x Moss Adams, sits down with Kenny and Isaac to talk about FedRAMP’s past, how 20x is shaping the future, and why nobody ever really checks out of Hotel FedRAMP.

👉 Key Takeaways:

• FedRAMP 20x was a “hand grenade” for everyone’s roadmap, and it’s already transforming compliance speed and evidence collection.

• Risk-first programs survive change — smart architecture and design decisions matter more than chasing checklists.

• Flexibility vs. rigor — 20X offers new freedom, but assessors must still enforce strong security.

• Collaboration wins — assessors and CSPs working together can turn impossible timelines into success.

Learn more about Jason:

https://www.linkedin.com/in/jason-oksenhendler/

Learn more about Baker Tilly x Moss Adams:

https://www.bakertilly.com/

https://www.mossadams.com/

Learn more about Kenny:

https://www.linkedin.com/in/kenny-g-scott/

Learn more about Isaac:

https://www.linkedin.com/in/isaacteuscher/

Learn more about Paramify:

https://www.paramify.com/

Timestamps:

00:00 – Moss Adams x Paramify team-up
Jason recounts how a shared client pushed both teams into the deep end of 20X, asking to include the auditors before Paramify even had an assessment portal built.

01:00 – Less than two-week deadline
The group describes the chaos of spinning up a 20X package in record time, with Rob (the auditor) agreeing to figure things out alongside them.

01:44 – Submitting against moving targets
Just as the package was ready to go, the final low 20X KSIs dropped — forcing last-minute changes and stress.

02:24 – Nature of FedRAMP change
Jason compares FedRAMP shifts to “big boulders” coming at you, not “mousy” tweaks — change is always disruptive and massive.

02:56 – Success despite chaos
Teams (Paramify, Flock, Baker Tilly) pulled it together, got the package in on time, and landed among the first four 20X submissions posted publicly.

03:07 – The reality check
Jason: not everything in FedRAMP is “dillydallying” — clients, deadlines, and bills make delivery non-negotiable.

03:13 – Official podcast kickoff
Kenny introduces the episode: Jason Oksenhendler (Baker Tilly, formerly Moss Adams), and Paramify’s “rising star” Isaac Teuscher.

04:01 – Jason’s career origin story
From news anchor ➝ IT tech writer ➝ into FedRAMP (starting around NIST 800-53 Rev 2).

05:40 – First FedRAMP assignment
Jason recalls his boss handing him a paper: “Go do FedRAMP.” He walks through early JAB/ISSO processes, feedback loops, and working with Matt Goodrich and Ashley Mahan.

11:43 – Co-creating the FedRAMP High Baseline
Jason describes working with DoD’s Ron Rice to build the High Baseline from scratch.

13:00 – Early FedRAMP pain
Microsoft Word & Excel “hell,” endless regurgitated control statements, and why some CSPs made assessors want to “bang their heads on the desk.”

15:32 – “You could do a Seinfeld routine on this crap.”
Jason on version control disasters and 600-page SSP reviews without track changes.

17:30 – Culture shock of change
Reactions to FedRAMP 20X mirror the same resistance to earlier shifts — but it’s always been “do once, use many.”

20:00 – Continuous monitoring reality
Jason emphasizes executive buy-in as essential, recalling how ConMon and POA&Ms separate prepared orgs from overwhelmed ones.

22:50 – FedRAMP rigor vs. other frameworks
Jason argues FedRAMP is among the toughest frameworks, on par with DoD IL4-6.

25:00 – 20X blows up the roadmap
Kenny calls 20X a “hand grenade” for Paramify’s product plans.

29:00 – Cross-team collaboration
Jason highlights how six strangers in a Slack channel worked seamlessly under pressure — “like a chocolate fountain.”

34:00 – 20X flexibility vs. rigor
Jason explains the challenge of balancing new freedoms with maintaining strong security.

38:00 – Scaling 20X & future baselines
Speculation about moderate and high 20X baselines and how CSPs will adapt.

46:00 – Tools then vs. now
From CSAM, RSAM, and E-MASS to Paramify — Jason praises ease-of-use as critical to speed and quality.

49:30 – Lifelong learning
FedRAMP’s ever-changing landscape keeps security careers fresh, like his days in broadcasting.

55:00 – “Get over it. This is the future.”
Jason’s blunt advice on 20X: stop resisting change, go where the work is, and be all-in.

59:02 – Career lesson from a mentor
Jason shares the Navy SEAL “my way, the right way, or the wrong way?” story — the moment that launched his assessment career.

1:02:04 – Closing
Relationships last longer than frameworks; Kenny, Jason, and Isaac wrap up the episode.

#44 - Karen Laughton on FedRAMP 20X, AI, and the Future of Compliance

Tue, 12 Aug 2025 11:54:55 -0600

In this episode of the Paramify Podcast, Karen Laughton, EVP of Advisory at Coalfire, joins Kenny Scott (CEO of Paramify) and Mike Schreiner to unpack the future of government cybersecurity and compliance modernization. From the hard realities of FedRAMP 20X to lessons learned from the early days of FSMA and CMMC confusion, this conversation pulls no punches.

Karen shares how she broke into cybersecurity via HR (and a saltine-fueled CISSP exam), why automation without strategy won’t scale, and what it's going to take to make 20X work at moderate and high baselines. If you're curious where compliance, automation, AI, and public sector modernization are headed—you’ll want to tune in.

⏱️ Timestamps:
00:00 – "Dang, we need to modernize our government" — Karen's IRS nightmare becomes a metaphor for digital transformation.

02:44 – Meet Karen Laughton: Coalfire EVP, community leader, and accidental cyber exec.

03:35 – Saltines, pregnancy, and passing the CISSP: Karen’s origin story in cyber.

08:01 – AC-7 and the mouse jiggler: when coarse-grained controls meet real-world demos.

10:03 – FedRAMP in the early days: the “marathon in flip-flops” era of inconsistent TR feedback.

13:01 – The worst documentation nitpicks Karen’s ever seen (IP addresses and diagram chaos).

14:46 – FedRAMP then vs. now: why decentralization could hurt even as risk-focus improves.

17:28 – What scaling 20X to moderate and high will actually require.

20:03 – Are we solving the right problem with KSIs? Recapping Coalfire's “automation of arrested development” blog.

23:08 – Why automation isn’t a silver bullet (and why it still needs humans).

24:57 – 3PAOs aren't going anywhere — and that’s not just job security talk.

26:15 – Andrej Karpathy, robot soccer, and the early innings of AI assurance.

29:30 – Why agencies aren’t lining up to sponsor FedRAMP 20X.

31:08 – How Coalfire responded to 20X: culture, planning, and Compliance Essentials.

33:41 – Leveraging Paramify to accelerate automation where it makes sense.

36:42 – Politics, acquisitions, and why automation hits limits in complex orgs.

37:27 – DoD, CMMC, and 20X: where things stand and why there’s still confusion.

41:01 – The case for CMMC enclaves (and why most orgs want to isolate the mess).

42:00 – Mentorship, career pivots, and embracing “knowing nothing” as a superpower.

47:58 – Why questions make you smarter — and why cybersecurity people love answering them.

50:00 – Why cybersecurity never gets boring (and feels like a family reunion at every conference).

50:59 – Wrap-up & future part two tease.

Learn more about Coalfire: https://coalfire.com/
Learn more about Karen Laughton: https://www.linkedin.com/in/karen-laughton-6484115/

Learn more about Paramify: https://www.paramify.com/
Learn more about Kenny: https://www.linkedin.com/in/kenny-g-scott/
Learn more about Mike: https://www.linkedin.com/in/mikecschreiner/

FedRAMP 20X Roundtable with FedRAMP Director Pete Waterman

Thu, 17 Jul 2025 10:00:00 -0600

It’s not only about faster authorizations—it’s about unlocking the full potential of modern cloud for government.

FedRAMP 20X is how we get there.

In this exclusive roundtable, Pete Waterman (FedRAMP Director), Karen Laughton (EVP of Advisory, CoalFire), Rob Otten (Sr. Director, Risk & Compliance, Flock Safety), Kenny Scott (Founder & CEO, Paramify), and Mike Schreiner (COO, Paramify) break down:

- The mission, process & real impact of the 20X pilot

- How Key Security Indicators (KSIs) make compliance faster & smarter

- What Continuous ATO looks like in practice

- Why agencies are holding the line—and what they actually want

- The bold vision to transform FedRAMP from 50 authorizations a year… to 50 a week

Timestamps:
0:00 – The Big Question
Pete Waterman shares the spark: “What if we did 50 FedRAMP authorizations a week?”

1:56 – Welcome & Introductions
Meet the panel: Pete Waterman, Karen Laughton, Rob Upton, Kenny Scott.

2:53 – Pilot Progress Update
Pete dives into pilot metrics, early submissions, and success stories.

5:17 – Industry Perspective: CoalFire
Karen Laughton shares lessons learned from advising CSPs and 3PAOs.

8:40 – CSP Perspective: Flock Safety + Paramify
Rob & Kenny reveal how they rapidly pivoted into the pilot and delivered results in 2 weeks.

12:03 – Why It Worked
Why KSIs resonated and how automation made it achievable.

14:22 – The Risk-Based Shift
Security is about risk, not checklists. Kenny, Rob, and Pete riff on the deeper mindset change.

17:06 – ATO vs Authorization
Pete clarifies the difference and why 20X is fixing the current barriers.

19:02 – The Good, The Bad, and the Fast
Karen details what’s working well—and what’s still a mess (agency sponsorship, complex systems, DoD holdouts).

24:04 – Rob's Advice to CSPs
Rob advocates a risk-first approach and common sense improvements.

25:48 – Breaking Outdated Rules
Kenny rants about FIPS encryption requirements and why 20X could fix it.

27:07 – Agency Buy-In: Will They Accept 20X?
Pete confirms: Yes. OMB and formal policy will mandate adoption.

36:40 – Continuous ATO in Practice
What’s working, what’s confusing, and what the FedRAMP team is learning.

42:00 – The Integration Trap
Kenny explains why black-box integrations don’t cut it—and what CSPs must do instead.

44:55 – End User Risk Responsibilities
A critical callout: security breaches are often misconfigurations by users—not tech failures.

47:00 – Monitoring What Actually Matters
Forget CVEs. Pete & Karen emphasize real-time config validation (e.g., MFA being disabled).

50:00 – Change Processes & CI/CD
How continuous snapshots and CICD can coexist with security—without slowing innovation.

56:00 – Driving Innovation Through Standards
Why 20X exists: to force the ecosystem to build what’s long been talked about but never delivered.

1:00:00 – Final Advice to CSPs
Should you jump into 20X? Panelists give concrete guidance for startups, hyperscalers, and advisors.

1:06:04 – Reframing the Goal
Pete closes with a powerful vision: delivering equal access to secure cloud tech for federal workers—faster, better, and at scale.

Learn more about our guests:

Pete Waterman: https://www.linkedin.com/in/petewaterman/
FedRAMP: https://www.fedramp.gov/

Karen Laughton: https://www.linkedin.com/in/karen-laughton-6484115/
Coalfire: https://coalfire.com/

Rob Otten: https://www.linkedin.com/in/robertotten/
Flock Safety: https://www.flocksafety.com/

Learn more about Paramify:
Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/
Mike Schreiner: https://www.linkedin.com/in/mikecschreiner/
Paramify: www.paramify.com

Looking into FedRAMP or FedRAMP 20X? Lets' talk: https://www.paramify.com/frameworks/fedramp

#43 - Martin Rieger on FedRAMP 20X, The Future of FedRAMP Compliance, Cloud, and Security

Mon, 12 May 2025 11:00:00 -0600

Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.

We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and gives his take on where FedRAMP 20x is headed.

Key takeaways
- AI can't replace expertise: Using ChatGPT (or any AI) to generate FedRAMP documentation without human validation leads to failure—AI is a tool, not a replacement for expertise.

- Right tools + right people = success: AI and automation can massively accelerate compliance work if handled by professionals who understand the frameworks deeply.

- FedRAMP’s evolution: FedRAMP has matured from infrastructure-heavy beginnings to a focus on SaaS and cloud-native tools, with an increasing push toward automation and standards like OSCAL.

- Common ATO pitfalls: Many companies underestimate the effort required for continuous monitoring (ConMon) and maintaining their ATO, mistakenly thinking the hardest part is getting authorized.

- Martin: FedRAMP may move toward sponsor-less paths (like StateRAMP) for Low/Moderate baselines, and AI + OSCAL will likely reshape how security packages are created, validated, and shared.

This episode is loaded with insights for anyone serious about federal cloud compliance.

⏱️ Timestamps:
04:10 – Martin’s early FedRAMP journey & Navy background
10:00 – DIACAP, early tools, and Excel-era compliance
16:35 – How Kenny and Martin met (NIST OSCAL event story)
25:00 – StackArmor’s shift from golden images to modern cloud
35:00 – The problem with AI-generated SSPs
43:30 – POAMs, audit problems, and compliance documentation
49:45 – FISMA vs. FedRAMP, ‘FISRamp’, and ATO inefficiencies
56:40 – Predictions: FedRAMP 20x, agency sponsorship & PMO
1:02:20 – The future of FedRAMP automation & OSCAL + AI

🔗 Learn more about StackArmor: https://stackarmor.com/
👤Learn more about Martin Rieger: https://www.linkedin.com/in/martinrieger/

🔗 Learn more about Paramify: https://www.paramify.com/?utm_medium=social
👤 Connect with Kenny: Kenny G. Scott: / https://www.linkedin.com/in/kenny-g-scott/
👤 Connect with Mike: Mike Schreiner: / https://www.linkedin.com/in/mikecschreiner/

#42 - FedRAMP 20x and The Creation of FedRAMP with Dave Fairburn Jr.

Tue, 15 Apr 2025 13:54:00 -0600

Today we're sitting down with the Father of FedRAMP himself — Dave Fairburn Jr. — for a raw, detailed, and at times hilarious deep dive into the origin story, evolution, and future of the FedRAMP program. From 16-hour days and bureaucracy battles to 2,500-page documentation drafts reduced by weight tests (yes, really), Dave walks us through how the entire FedRAMP framework was created, challenged, and still, nearly 15 years later, hasn’t been "screwed up" (his words). This episode is packed with insider stories, lessons learned, and real talk about:

Why the original FedRAMP design was JAB-only (no agency ATOs)

How 3PAOs came to be — and the concern about quality today

Why the “paperwork exercise” argument drives Dave crazy
What Dave thinks about FedRAMP 20x, AI, OSCAL, automation, and PMO changes
Predictions about what will (and won’t) change in the next 10 years

Learn more about Dave Fairburn Jr.: / %e2%98%81%ef%b8%8f-dave-fairburn-jr-cissp-... 🔗 Learn more about Paramify: https://www.paramify.com/?utm_medium=... 👤 Connect with Kenny: Kenny G. Scott: / kenny-g-scott 👤 Connect with Mike: Mike Schreiner: / mikecschreiner

#41 - Discussing FedRAMP 20x

Mon, 31 Mar 2025 11:00:00 -0600

What do DC sneakers, HR-approved marriage advice, and compliance robots have in common? They’re all part of this episode as Kenny and Mike dive into the bold future of FedRAMP 20X — and why it’s finally time to fix the pain points for both private companies and government agencies.

Here’s what they cover:

- The (not) shift in risk ownership — why agencies have always owned the risk and the PMO will focus on standards

- The myth of "set-it-and-forget-it" security — and the need for continuous monitoring

- The problem with screenshot audits — and smarter ways to prove assurance

- The role of auditors vs. automation — balancing trust and verification

- Why developers don’t love security — and how to make it less painful

- The future for faster authorizations, and why you shouldn't wait for the FedRAMP changes to happen to get FedRAMP Authorized.

If you’ve ever yelled at your SSP or cried over a screenshot audit, this one’s for you.

Learn more about Paramify here: https://www.paramify.com/

Learn more about Kenny: https://www.linkedin.com/in/kenny-g-scott/

Learn about Mike: https://www.linkedin.com/in/mikecschreiner/

#40 - Discussing FedRAMP with Pete Waterman

Wed, 19 Mar 2025 11:00:00 -0600

Today, we're pretending it's August 24, 2024, as Kenny and Mike sit down with Pete Waterman to talk about his backstory and what inspired him to apply to become the new FedRAMP Director.

Spoiler alert: we discuss frustration, bureaucracy, and a wild career move. Also these things:

- Pete's Origin Story – Every hero has one.
- Government Tech: Why Is It So Hard? – Bureaucracy, risk, and the myth of FISMA jail.
- The Future of FedRAMP – Can it get faster?
- Motorcycles & Risk Management – How intercontinental motorcycle camping trips bring perspective.
- Compliance Theater - "Can I get a screenshot of that?"

This episode is equal parts insightful, hilarious, and maybe a little chaotic—just the way we like it.

Learn more about Pete Waterman: https://www.linkedin.com/in/petewaterman/

Learn more about Paramify: https://www.paramify.com/

Learn more about Kenny: https://www.linkedin.com/in/kenny-g-scott/

Learn more about Mike: https://www.linkedin.com/in/mikecschreiner/

#39 - Discussing FedRAMP with Jason Ford

Mon, 03 Mar 2025 12:27:06 -0600

Today Kenny and Mike are talking to the one and only Jason Ford, CEO & Founder of Steel Patriot Partners—a true FedRAMP guru who's been securing systems since digital transformation was still a baby. Jason shares his battle-tested strategies for navigating security audits, implementing encryption the right way, and avoiding common pitfalls that can delay your compliance efforts for months.

Here's what we're tackling in this episode:

- "If You Can't Draw It, You Can't Secure It" – Why mapping your architecture is step one in cybersecurity.

- FedRAMP High vs. Moderate – Why enterprises (not just government) are demanding higher security standards.

- Encryption 101 – What's really required, and why some ciphers belong in the dumpster.

- Privileged Access Done Right – No more random one-off permissions for Jeff! Use roles, not regrets.

- The Future of Security Compliance – Automation, AI, and why FedRAMP is about to change everything.

If you're serious about building a security-first organization, tackling FedRAMP without losing your mind, or just figuring out how to keep your systems locked down like a fortress, this episode is for you.

Learn more about Paramify here: https://www.paramify.com/

Learn more about Steel Patriot Partners here: https://www.steelpatriotpartners.com/

#38 - Building a Great Security Program with Google Sheets

Mon, 17 Feb 2025 13:04:15 -0600

Getting started with risk management is easier than you think- and you don’t need fancy tools to do it.

In this episode, Kenny and Mike break down how a simple Google Sheet can be your secret weapon for designing a great security program. Whether you’re navigating FedRAMP, SOC 2, or ISO 27001, the key is just getting started—no expensive software required.

If you're a startup founder, security pro, or just compliance-curious, this episode is packed with easy, actionable steps to help you kick off your compliance journey—without breaking the bank.

Learn more about Paramify: https://www.paramify.com/

Learn more about Kenny: https://www.linkedin.com/in/kenny-g-scott/

Learn more about Mike: https://www.linkedin.com/in/mikecschreiner/

#37 - A Journey Into FedRAMP with Eric Britton Adams

Mon, 03 Feb 2025 14:34:27 -0600

Eric, the CISO at Federal Cyber Defense Solutions and former Chief FedRAMP Strategist at IBM and FedRAMP Leader at HP, shares his journey from growing up on a farm to becoming a CISO and FedRAMP expert. We dive into the challenges of FedRAMP compliance, the evolution of cybersecurity, and how today's security teams can strike the balance between technical expertise and meeting compliance demands.

In this episode, we cover:
- The real struggles of legacy tech and security controls
- How cybersecurity careers have evolved—then vs. now
- The shift toward security by design and the future of security operations
- Advice for new cybersecurity professionals on breaking into the industry

If you're interested in FedRAMP in 2025, compliance innovation, or cybersecurity career growth, this episode is a must-listen!

Learn more about Eric here:
LinkedIn: https://www.linkedin.com/in/eadams2/

Learn more about Paramify:
https://www.paramify.com/

Learn more about Kenny:
Linkedin: https://www.linkedin.com/in/kenny-g-scott/

#36 - What are the Control Assessment Phases?

Tue, 21 Jan 2025 12:53:47 -0600

Whether you’re launching a brand-new security program or fine-tuning your existing one, this episode has everything you need to know.

Kenny and Mike are breaking down the 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗽𝗵𝗮𝘀𝗲𝘀 – why they matter and how they can transform your security processes.

Here’s what’s on deck in this episode of The Paramify Podcast:
- How to plan your security framework so it’s rock-solid from the start.
- Common pitfalls in frameworks like FedRAMP (and how to avoid them, no trench runs required).
- The importance of boundaries, collaboration, and a digital-first approach.
- Real-world lessons (and Star Wars stories) for simplifying security challenges.

𝗟𝗶𝘀𝘁𝗲𝗻 𝗻𝗼𝘄 and learn how planning, assessing, and reporting can level up your risk management game.

#35 - Risk Management Explained Through Star Wars

Mon, 06 Jan 2025 11:00:00 -0600

We’ve heard you. We all want to know just how much it cost The Empire when the first Death Star was blown to oblivion by a young boy from Tatooine? How could the Empire let this happen?

Kenny Scott and Mike Schreiner dive deep into risk management and cybersecurity—all through the lens of Star Wars.

Kenny uses Star Wars analogies to break down key concepts like:
• 𝗔𝘀𝘀𝗲𝘁𝘀 (Death Stars)
• 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 (Thermal Exhaust Ports)
• 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 (X-wings)
• 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝘀 (Force fields, turrets, the Dark Side and Darth Vader)
• 𝗥𝗶𝘀𝗸 𝗧𝗿𝗲𝗮𝘁𝗺𝗲𝗻𝘁 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀:
• 𝗠𝗶𝘁𝗶𝗴𝗮𝘁𝗲 all by yourself
• 𝗦𝗵𝗮𝗿𝗲 risk like pizza
• 𝗧𝗿𝗮𝗻𝘀𝗳𝗲𝗿 it to some do-gooder
• 𝗔𝗰𝗰𝗲𝗽𝘁 the risk (aka, just flat out ignore it)
• 𝗔𝘃𝗼𝗶𝗱 the risk it cuz you’re just too scared.

Whether you're looking to build a risk management program OR just geek out over Star Wars references, this episode has something for you.

#34 - Discussing CMMC with Tony Bai from RISCPoint

Mon, 09 Dec 2024 10:00:00 -0600

Today we’re talking to Tony Bai. He’s got 25 years of experience in cyber defense and operations, Tony Bai serves as the Chief Solutions Officer at RISCPoint. A United States Air Force veteran and lots of leadership experience at leading consulting organizations. Tony specializes in FedRAMP, CMMC and other NIST frameworks and is a leading voice on their latest developments that seem to be pretty intense these days. This is a great episode!

Learn more about Tony Bai: https://www.linkedin.com/in/williamtbai/ Learn more about RISCPoint: RISCPoint is an industry-leading management consulting firm, specializing in cybersecurity, compliance, and risk management, providing both strategy and tactical implementation. Our founding vision is a seamless integration with your team, focusing on creating impactful solutions to help you achieve your objectives. https://www.riscpoint.com/ https://www.riscpoint.com/services/public-sector https://www.riscpoint.com/contact Learn more about Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/ Learn more about Paramify: https://www.paramify.com/

#33 - Discussing Cybersecurity with Mandy Andress CISO at Elastic

Mon, 25 Nov 2024 10:00:00 -0600

We're talking with Mandy Andress, Chief Information Security Officer (CISO) at Elastic. Mandy is making a huge impact in the security industry as the author of Surviving Security: How to Integrate People, Process, and Technology, a Top 100 CISO (C100) Award recipient, and a LinkedIn Top Voice. Her leadership goes well beyond her role as CISO – she's also a trusted advisor to many organizations, a frequent speaker at global conferences like BlackHat and Networld + Interop, and a driving force behind Elastic's IPO success.

Learn more about Mandy Andress:
Mandy's Linkedin: https://www.linkedin.com/in/mandyandress/

Learn more about Elastic:
Elastic's Website: https://www.elastic.co/

Learn more about Kenny Scott:
Kenny's LinkedIn: https://www.linkedin.com/in/kenny-g-scott/

Learn more about Paramify:
Paramify's website: https://www.paramify.com/

#32 - Discussing FedRAMP with Michael Carter

Fri, 06 Sep 2024 08:00:00 -0600

Today, we’re honored to have Michael Carter on the show! Michael is the Managing Partner and Co-founder of Fortreum. Michael brings over two decades of expertise in cybersecurity and compliance, specializing in FedRAMP, FISMA, PCI, and more. He has held key leadership roles at Coalfire and Veris Group, shaping compliance strategies for top organizations across both government and commercial sectors. Michael’s deep insights into security and risk management make him a leading voice in the industry.

Learn more about Michael Carter: / carte2ms

Learn more about Fortreum: https://fortreum.com/

Learn more about Kenny Scott: / kenny-g-scott

Learn more about Paramify: https://www.paramify.com/

#31 - Discussing OSCAL and Cybersecurity with Alexander Stein

Fri, 23 Aug 2024 08:00:00 -0600

Today, we're honored to have Alexander Stein on the show. Alexander has a host of experience in Cybersecurity. He has worked as an IT Cybersecurity Specialist at the National Institute of Standards and Technology (NIST). With over two years at NIST focusing on Information Technology and Vulnerability Management, Alex has also held key roles at Flexion Inc. as a Security Practice Lead and Application Security Engineer,

and at BAM Technologies Learn more about Alexander Stein here: LinkedIn: / alexanderjstein

GitHub: github.com/aj-stein.

Learn more about NIST: https://www.nist.gov/

Learn more about Kenny Scott: LinkedIn: / kenny-g-scott Learn more about Paramify: Website: https://www.paramify.com/ LinkedIn: / dashboard

#30 - Discussing Government Affairs & Compliance with Michael Clauser

Fri, 09 Aug 2024 08:00:00 -0600

Today, we're honored to have Michael Clauser, on the show. Mike is the Founder & Managing Director of Ark where he helps tech and defense companies navigate government relations. He is a seasoned professional in government affairs, cybersecurity, and national security. Michael has led pivotal roles at Okta, Access Partnership, Analog Devices, and Fujitsu Limited, and served as a national security aide in the Pentagon. With a decade as an Intelligence Officer in the U.S. Navy, he has also held leadership roles supporting veterans and contributing to public policy.

Learn more about Michael Clauser:
LinkedIn: https://www.linkedin.com/in/michaelaclauser/

Learn more about Ark: https://ark.ga/

Learn more about Kenny Scott:
LinkedIn: https://www.linkedin.com/in/kenny-g-scott/

Learn more about Paramify:
Website: https://www.paramify.com/

LinkedIn: https://www.linkedin.com/company/80788473/admin/dashboard/

#29 - Discussing GRC Automation with Matt Hillary

Fri, 26 Jul 2024 08:00:00 -0600

Today we're honored to have Matt Hillary on the podcast. Matt is the Vice President of Security and Chief Information Security Officer at Drata. He is a seasoned cybersecurity leader with 15 years of experience and a passion for enabling innovation.

Learn more about Matt Hillary:
LinkedIn: https://www.linkedin.com/in/matthewhillary/
Matt Hillary's Forbes Article: https://www.forbes.com/sites/forbestechcouncil/2024/06/20/privacy-by-design-and-its-impact-on-security-and-grc/

Learn More about Drata:
Drata's Website: https://drata.com/
Drata's LinkedIn: https://www.linkedin.com/company/drata/posts/?feedView=all

Learn more about Paramify:
Paramify's Website: https://www.paramify.com/
Paramify's LinkedIn: https://www.linkedin.com/company/80788473/admin/dashboard/

Matt Hillary brings over 15 years of experience in executive security leadership, risk management, and compliance. His impressive track record includes roles at Lumio, Weave HQ, Workfront, and Instructure. Matt holds a Master’s in Information Systems Management from Brigham Young University and is a CISA-certified professional. Known for his strong technical background, positive leadership style, and effective communication, Matt is dedicated to building tailored security solutions that drive measurable success.

#28 - Discussing Cloud Security and GRC with Eric Evans

Fri, 12 Jul 2024 08:00:00 -0600

Today we're honored to have Eric Evans on the show! Eric is the Founder and CTO of HanaByte, he is a cloud security and compliance expert. He has led security initiatives for startups to Fortune 10 companies and is a renowned public speaker on cloud security and compliance automation.

Learn more about Hanabyte:

https://www.hanabyte.com/ https://www.linkedin.com/company/hanabyte/posts/?feedView=all

Hanabyte's write-up on the OMB Memo:

https://www.hanabyte.com/a-look-at-the-modernizing-fedramp-memo/

Eric Evans's LinkedIn: https://www.linkedin.com/in/ericgonzalesevans/

Kenny Scott's LinkedIn: https://www.linkedin.com/in/kenny-g-scott/

Learn more about Paramify: https://www.paramify.com/

#27 - Discussing Cybersecurity and Compliance with Den Jones

Fri, 28 Jun 2024 08:00:00 -0600

Today, we're honored to be joined by Den Jones, Founder and CEO of 909Cyber and a veteran in cybersecurity. With a robust career that includes roles as Chief Security Officer at SonicWall, CSO at Banyan Security and Senior Director of Enterprise Security at Cisco, Den brings a wealth of experience to the table. He's a Stanford alumnus with a focus on Cyber Security and Executive Strategy, holds a Higher National Certificate in Computing from West Lothian College, and is a certified CISSP. Den also hosts 'Get IT Started. Get IT Done.', a podcast that discusses the cybersecurity industry. He’s here to share his expertise on the evolving cybersecurity landscape, tackling complex security challenges, and his approach to leadership in this crucial sector.

Learn more about Den Jones: https://www.linkedin.com/in/denwjones/

Get IT Started. Get IT Done. Podcast: https://podcasters.spotify.com/pod/show/banyan-security

Learn more about Paramify here: https://www.paramify.com/

Learn more about Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/

#26 - Exploring OSCAL and GRC with Rob Sherwood

Fri, 14 Jun 2024 08:00:00 -0600

Today, we’re honored to have Rob Sherwood on the podcast. Rob is a seasoned cybersecurity professional with extensive experience in policy management, PKI architecture, and identity management. With over two decades in the field, Rob has left a lasting impact through his dedication to standards development, including his significant contributions to the Open Security Controls Assessment Language (OSCAL). From his role as a Principal Consultant at Credentive Security to his pivotal involvement in projects like the oscal-pki-policy-converter tool, Rob's passion for advancing cybersecurity practices is evident. As an advocate for collaboration and knowledge-sharing, his insights into OSCAL offer invaluable perspectives for professionals and organizations navigating the complexities of cybersecurity policy management.

Learn more about Rob: https://www.linkedin.com/in/rob-sherwood-credentive/

Credentive Security: https://www.credentive.com/

Paramify: https://www.paramify.com/

#25 - Exploring GRC & FedRAMP with Matthew Graham

Fri, 31 May 2024 08:00:00 -0600

Today we had the honor to talk with Matthew Graham, the Director of US Federal Practice at Prescient Security. Matthew is a seasoned cybersecurity expert whose extensive career has spanned technical and strategic leadership roles. With a rich background that includes high-level certifications such as CISSP, CASP+, and CCNA, Matthew brings a wealth of knowledge on FedRAMP & cybersecurity practices and trends.

In this episode, we talk about everything from FedRAMP Rev 5 to Hurricane Katrina and police interrogations.

Learn more about Matthew Graham: https://www.linkedin.com/in/msgcyberassessments/

Learn more about Prescient Security: prescientsecurity.com

Learn more about Paramify: https://www.paramify.com/

#24 - Discussing GRC & OSCAL with Brandt Keller

Fri, 17 May 2024 08:00:00 -0600

Today we had honor to talk with Brandt Keller, a distinguished software engineer and open source developer advocate with a comprehensive background that spans significant achievements in both the military and technology sectors. A veteran of the U.S. Marine Corps, Brandt has transitioned his disciplined and strategic approach from the field of communications within the military to the forefront of software engineering and cybersecurity. His recent endeavors have led him to explore the intricacies of Governance, Risk Management, and Compliance (GRC), focusing on the adoption of the Open Security Controls Assessment Language (OSCAL) by NIST to promote data freedom and enhance the automation of compliance processes. Brandt's commitment to leveraging his expertise for the advancement of technology and compliance standards showcases his dedication to innovation and continuous improvement. We're truly excited to have Brandt on the show to delve into his rich experience, explore his contributions to the field of technology, and discuss his visionary work in making compliance data more accessible and actionable.

Brandt Keller's open source project: https://github.com/defenseunicorns/lula

Brant Keller's LinkedIn: https://www.linkedin.com/in/brandtkeller/

Paramify: https://www.paramify.com/

#23 - Discussing Data Privacy with Tommy Hoschouer

Fri, 03 May 2024 08:00:00 -0600

Today we're honored to host Tommy Hoschouer, who currently leads the global public sector efforts at DeleteMe. Tommy's rich history at companies like Sprinklr, Medallia, SAP, and Qualtrics has equipped him with a unique perspective on using technology to enhance public sector operations, leading to significant improvements in revenue and efficiency. Now at DeleteMe, he is dedicated to defending personal and professional information from increasingly sophisticated digital threats, such as identity theft and cyber attacks. His focus on strengthening data privacy and security is crucial in our digital era. We look forward to unpacking his valuable insights on how to protect digital identities and adapt to the evolving technological landscape in the public sector.

In today's episode Kenny, Keaton, and Tommy talk about everything from data privacy, the importance of protecting your data, to our favorite ice cream shakes.

Learn more about Tommy: https://www.linkedin.com/in/tommy-h-18484087/

Learn more about DeleteMe: https://joindeleteme.com/

Learn more about Paramify: https://www.paramify.com/

#22 - A Journey from Journalism to GRC with Brian Martinez

Fri, 19 Apr 2024 08:00:00 -0600

Today, we had the honor to have Brian Martinez, a leading expert in governance, risk, and compliance (GRC) with over two decades of experience at Michigan State University and the broader cybersecurity community. As the Governance, Risk, and Compliance Lead at MSU, Brian has spearheaded critical security projects and compliance frameworks, contributing significantly to the university's research and security posture. Beyond MSU, Brian enriches the cybersecurity field through his roles as Founder and President of BIDE Consulting and Director at #misec, alongside his volunteer work with (ISC)² in developing the CISSP certification exam. In this episode, we'll dive into Brian's extensive career, his approach to GRC in academia, and his insights into the future of cybersecurity. It's a pleasure to have Brian join us to share his valuable experience, expertise, and perspectives.

Brian's LinkedIn: https://www.linkedin.com/in/brianrmartinez/

Learn more about Paramify: https://www.paramify.com/

#21 - Discussing Cybersecurity & GRC with Troy Fine

Fri, 05 Apr 2024 08:00:00 -0600

Today we had the honor to speak with Troy Fine, the Senior Advisor at Geels Norton, where he's making significant strides in cybersecurity and compliance. With a rich history in the field, including key positions at Drata and Schneider Downs, Troy's credentials—boasting certifications like ISO 27001:2013 Lead Auditor and CISSP—speak volumes of his expertise. Beyond his professional acumen, Troy captures the cybersecurity community's attention with insightful, humorous memes on LinkedIn, making the dense world of GRC and IT audit accessible and engaging. His memes commonly refer to SOC 2 not being a certification.

In today's episode we talk about everything from SOC 2 not being a certification, Troy's legendary memes to Troy's history and how he started his career in Cybersecurity.

Troy Fine's LinkedIn: https://www.linkedin.com/in/troyjfine/

Learn more Geels Norton: geelsnorton.com

Learn More about Paramify: paramify.com

#20 - Discussing GRC and Infosec with Beau Butaud

Fri, 22 Mar 2024 08:00:00 -0600

Today we had the honor to talk to Beau Butaud, a visionary in the compliance and cybersecurity field and the co-founder of Render Compliance. With a background that includes leading roles in risk advisory and compliance management at Moss Adams, and significant contributions at BDO USA, LLP, and Peterson Sullivan LLP, Beau brings a wealth of expertise to the forefront of cybersecurity. His credentials, including AWS Security Fundamentals, CISA, and CPA certifications, underscore his deep commitment to the industry. Beau's innovative approach to SOC 2 assessments at Render Compliance is redefining standards, making security compliance both accessible and impactful for businesses striving to build trust in today's digital landscape. Learn more about Paramify: https://www.paramify.com/ Learn more about Beau Butaud: https://www.linkedin.com/in/beaubutaud/ Learn about Beau's approach: https://rendercompliance.com/approach/

#19 - Discussing GRC and IT Audit with Jack Rumsey

Fri, 08 Mar 2024 08:00:00 -0600

Today we had the honor to talk to Jack Rumsey, the Head of GRC at Swimlane. With a rich background in IT security and audit, including roles at DaVita, Schellman, and KPMG, Jack is an expert in compliance standards like SOC II, ISO27001, GDPR, and FedRAMP. Holding a Bachelor's degree in Computer and Information Systems Security from Illinois State University.

In today's episode, we talk about everything from the difficulties of explaining a GRC career to someone outside of GRC, to building GRC tools in OSCAL.

Learn more about Paramify here: https://www.paramify.com/blog/accurate-fedramp-high-ssp-in-less-than-4-hours

Jack Rumsey's LinkedIn: https://www.linkedin.com/in/jack-rumsey-83303469/

The GRC Destroyer: https://grcdestroyer.substack.com/

Learn about Swimlane here: https://swimlane.com/cpg-swimlane-turbine/?utm_source=google&utm_medium=cpc&utm_campaign=17300073347&creative=691938325323&keyword=swimlane&matchtype=b&network=g&device=c&gad_source=1&gclid=CjwKCAiA6KWvBhAREiwAFPZM7qRRyeO8sghv0oF3G_HDQGIORB22_EHb64pCZJFTFI5L-4mIBwcj8hoC8goQAvD_BwE

#18 - Discussing CMMC & Cybersecurity with Fernando Machado

Fri, 23 Feb 2024 08:00:00 -0600

Today, we're excited to welcome a true luminary in the field of cybersecurity, Fernando Machado. Not only is he the Managing Principal and CISO at Cybersec Investments, LLC, but Fernando is also a recognized Certified Third-Party Assessment Organization (C3PAO) leader. His extensive experience spans over two decades with key roles in companies like L3Harris Technologies and Raytheon. Fernando is the author of "CMMC Simplified," a pivotal resource for understanding the complexities of the Cybersecurity Maturity Model Certification.

In today's episode, Fernando tells us about his invaluable insights on cybersecurity's evolving landscape and the nuances of CMMC 2.0.

Fernando Machado's book CMMC Simplified: https://www.amazon.com/CMMC-Simplified-

Fernando-Machado/dp/1088207707 Fernando Machado's LinkedIn: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/

Learn more about Paramify here: https://www.paramify.com/

#17 - Discussing FedRAMP and The Origin of Paramify with Brad Bartholomew

Fri, 09 Feb 2024 08:00:00 -0600

Today we had the honor to sit down with Brad Bartholomew, the Director of FedRAMP Compliance at Trellix, and a veteran in the cybersecurity field. With a rich history spanning Adobe to Palo Alto Networks, Brad brings invaluable insights into GRC, cloud security, and the evolving landscape of cybersecurity frameworks.

In this episode, we discuss everything from creating an ATO package in 3.5 hours to the challenges of FedRAMP and the origins of Paramify.

Learn more about Brad Bartholomew: https://www.linkedin.com/in/bradbartholomew7/

Learn more about Paramify: https://www.paramify.com/

#16 - Exploring The Fatal Funnel of Sales with Reade King

Fri, 26 Jan 2024 11:00:00 -0600

Today we had the honor to sit down with Reade King, a seasoned professional whose dynamic career spans over 15 years, including roles in the Department of Defense, and the Utah Army National Guard, and is now involved in the fast-paced world of SaaS startups. Reade brings a unique blend of strategic relationship-building and resilience honed in high-pressure environments to his current role in Sales Development at Anonyome Labs, Inc.

In our conversation, we talk about everything from the "color of money" to fixing trucks. Perhaps the most interesting concept we discuss is the concept of the "Fatal Funnel" – a term that Reade learned throughout his military training. Reade masterfully draws parallels between this concept and his approach to sales, providing insights into how recognizing and navigating through the 'fatal funnels' in sales processes can lead to more successful outcomes.

Learn more about Reade King:

Reade King's LinkedIn: https://www.linkedin.com/in/readeking/

Anonyome Labs: https://anonyome.com

Learn more about Paramify here: https://www.paramify.com/

#15 - Discussing Cybersecurity with Frank Kyazze

Fri, 12 Jan 2024 11:00:00 -0600

Frank is a renowned expert in cybersecurity and Governance, Risk Management, and Compliance (GRC). As the Founder and CEO of GRC Knight, he has spearheaded the integration of advanced detection technologies with comprehensive security and privacy compliance consulting. His rich experience includes key roles at TrustCloud, Cognizant, and Schellman & Company. In Today's episode, we talk about everything from CMMC 2.0, to our love of pizza.

Learn more about Frank Kyazze here:

Frank Kyazze's LinkedIn: https://www.linkedin.com/in/grcknight/

GRC Knight's website: https://www.linkedin.com/company/grcknight/ GRC Knight's

CMMC white paper: https://44444846.fs1.hubspotusercontent-na1.net/hubfs/44444846/A%20CMMC%20Survival%20Guide%20for%20Companies.pdf

Learn more about Paramify here: https://www.paramify.com/

#14 - Discussing Cybersecurity with Josh Pugmire and Bryson Loughmiller

Fri, 29 Dec 2023 11:00:00 -0600

In today's episode, Kenny and Keaton talk with Josh Pugmire and Bryson Loughmiller. Both men are notable figures in cybersecurity, each boasting extensive careers marked by significant contributions to the field. Their expertise and experience have made them influential voices in cybersecurity circles.

Currently, they hold pivotal roles at Entrata, a leading technology company in the property management industry. Josh Pugmire serves as the Head of Compliance and Information Security, a role critical for ensuring that Entrata adheres to various cybersecurity standards and regulatory requirements. Josh is also a Board Member of SL|CISO a group that focuses on bringing the Utah InfoSec Community together and giving back to the next generation of Security Leadership and Practitioners.

In parallel Bryson Loughmiller occupies the position of Principal Platform Security Engineer, where he plays a key role in safeguarding Entrata's technology platforms against potential cybersecurity threats. Together, their work at Entrata exemplifies their commitment to maintaining robust cybersecurity frameworks and protecting sensitive information in a digitalized world.

Entrata's website: https://loom.ly/ZhLecww

Learn more about Paramify here: https://www.paramify.com/

SL|CISO's website: http://www.slciso.org

Josh Pugmire's LinkedIn: https://loom.ly/JcNW4VI

Bryson Loughmiller's LinkedIn: https://loom.ly/nBCdypc

#13 - Discussing The Future of AI and Recruiting with Neal Schmidt

Fri, 15 Dec 2023 11:00:00 -0600

In today's episode, we talk with Neal Schmidt, the Founder of ScreenDoor.ai, about everything from our favorite concerts to where we think the future of AI and recruiting is going.

Neal Schmidt’s LinkedIn https://www.linkedin.com/in/nealschmidt/overlay/about-this-profile/

Neal’s business: https://screendoor.ai/

Learn more about Paramify here: https://www.paramify.com/

#12 - Discussing Mentorship and Cybersecurity with Blake Entrekin

Fri, 01 Dec 2023 11:00:00 -0600

Blake Entrekin is an experienced Security Compliance leader with a notable 21-year tenure in the Security and Technology field, complemented by a decade of expertise as a people manager. He is currently the Director of Security Compliance at HackerOne.

In this episode, we discuss FedRAMP, compliance, cybersecurity, and the importance of having a mentor.

Learn more about Blake Entrekin:

https://www.linkedin.com/in/blake-entrekin/

Blakes's blog post about the new NIST control around public disclosure programs: https://www.hackerone.com/security-compliance/nist-vdp-control

Learn more about Paramify here: https://www.paramify.com/

#11 - Discussing Cybersecurity with Bryce Kunz

Fri, 17 Nov 2023 11:00:00 -0600

Bryce Kunz is a prominent Information Security Researcher and the Chief Security Officer (CSO) at UltraViolet Cyber. Renowned for his expertise in exploiting cloud environments, Bryce has a keen focus on critical systems like containers, orchestration systems, and web applications. His rich professional background spans across key agencies such as the NSA, DoD, DHS, and CBP, and extends into the tech industry with notable companies like Adobe. In his role at UltraViolet Cyber, Bryce combines his extensive experience in vulnerability research, penetration testing, and incident response to spearhead innovative cybersecurity strategies. His academic credentials are equally impressive, holding an MBA with a focus in Information Assurance (IA) from Idaho State University, a program recognized as a "Center of Excellence" by the NSA, backed by a full academic scholarship from the National Science Foundation (NSF). Bryce is also distinguished by his numerous certifications, including OSCP and CISSP, and is a recognized voice in the cybersecurity community, having spoken at prestigious conferences like BlackHat, DerbyCon, and BSidesLV.

Learn more about Bryce Kunz:

UltraVIolet Cyber: https://www.uvcyber.com/

Learn more about Paramify here: https://www.paramify.com/

Twitter: https://twitter.com/TweekFawkes

LinkedIn: https://www.linkedin.com/in/brycekunz/

#10 - Exploring Joshua Baron’s Transition to a Referral Based Business

Fri, 03 Nov 2023 11:00:00 -0600

In today's episode, we sit down with seasoned criminal defense attorney, Joshua Baron, to delve into his journey of transitioning his law practice from being heavily ad-dependent to thriving on referrals.

When the COVID-19 pandemic hit and courtrooms shuttered, Joshua was faced with the daunting task of keeping his practice afloat amidst dwindling ad returns. His narrative of adaptation from spending over $30,000 monthly on ads to building a sustainable referral-based business model is nothing short of inspiring.

Get Joshua Baron's Book "The Business of Criminal Law: How to Build a Criminal Defense Practice You and Your Clients Will Love" here: https://www.amazon.com/dp/1521853576/ref=tsm_1_fb_lk

Joshua Baron's LinkedIn: https://www.linkedin.com/in/joshuabaron/

Joshua Baron's News Letter:https://businessofcriminallaw.substack.com/

Learn more about Paramify here: https://www.paramify.com/

#9 - Discussing Information Security with Ryan Jamieson

Fri, 20 Oct 2023 11:00:00 -0600

In this episode of The Paramify Podcast, Kenny Scott talks with Ryan Jamieson, founder of Knit Security, about moving beyond compliance to achieve robust security. They discuss the challenges posed by security questionnaires and share practical advice on how to build a solid security posture aligned with business operations. Ryan also sheds light on his approach at Knit Security to ensure a company's security measures are in tune with its core business processes. Tune in for an enlightening discussion on making security work in the real world.

Ryan Jamieson's LinkedIn: https://www.linkedin.com/in/ryanjamieson/

Knit Security: https://www.knitsec.com/

Learn more about Paramify here: https://www.paramify.com/

#8 - A Journey into Information Security with Derek Espiritu

Fri, 06 Oct 2023 10:45:00 -0600

Charting a successful trajectory in information security isn't a straightforward task, and who better to shed light on this journey than Derek Espiritu? In this insightful episode of The Paramify Podcast, hosts Kenny Scott and Keaton Olson explore Derek's path into the world of cybersecurity. Derek shares his experiences from working with renowned companies like Labelbox, Adobe, Anglepoint, and Symantec. From his early days in the industry to the milestones he achieved along the way, Derek's candid narrative provides a unique blend of inspiration and practical insights.

Want to delve even deeper into Derek's story? Join him at SAINTCON 2023 in Provo, Utah on October 24th at 11:30 am, where he'll further discuss "Breaking Into Cyber Security." Witness firsthand the expertise he garnered from years in the field and the major players he collaborated with. https://www.saintcon.org/speakers/

Derek's LinkedIn: https://www.linkedin.com/in/derek-espiritu-1011a7110/

#7 - Discussing Information Security with Isaac Painter

Fri, 22 Sep 2023 09:00:00 -0600

Today, we were privileged to sit down with Isaac Painter. An established figure in information security, Isaac boasts an impressive trajectory that includes stints at industry giants like Adobe and Aumni. His deep-rooted expertise and insights from various roles provide a rich backdrop for an enlightening conversation.

Isaac Painters LinkedIn: https://www.linkedin.com/in/isaac-painter-3861ab15/

Learn more about Paramify here: https://www.paramify.com/

#6 - Discussing the Future of Sales with Next LvL AI

Fri, 08 Sep 2023 11:00:00 -0600

Today we are joined by our good friends Tanner Green, and Dan Robinson of Next Lvl AI. We talk about everything from changing the cringe nature of LinkedIn through an AI bot to the theoretical possibilities of AI.

Tanner Green is the visionary founder and CEO of Next LvL Ai. Next LvL AI has merged AI's brilliance with sales to optimize representative interactions. Beyond technological prowess, he showcased his commitment to personal growth at Catalyst Life Coaching, guiding many through their life challenges. His stint as a software engineer at Domino Data Lab saw him significantly amplify search speeds and forge a partnership with Nvidia. Not one to rest on his laurels, Tanner dabbled in cryptocurrency with CryptoClock, capturing RevRoad's interest. His academic achievements at BYU are underscored by leading UAV projects and captaining the Mars Rover Team to global recognition. With foundational learning from Utah Valley University, Tanner is a blend of tech savviness and leadership. Tanner Green's LinkedIn: https://www.linkedin.com/in/tanner-green-213a62137/

Daniel Robinson is not only an adept software engineer but also the dynamic Co-founder of Next LvL Ai, a pioneering venture sculpting the future of AI-driven solutions. Before embarking on this journey, Daniel wore several prestigious hats, from being the Founding Engineer at DAOhub to delving deep into e-commerce as a Full Stack Engineer for Shopswap. His stint with Fragmints NFT showcases his adaptability, maneuvering through the dynamic world of non-fungible tokens. Daniel kickstarted his professional odyssey with Current Technologies, refining his skills and setting the stage for his future endeavors. Beyond his tech expertise, Daniel boasts a solid academic foundation in Finance from the Jon M. Huntsman School of Business at Utah State University, revealing a rare blend of financial acumen and technological prowess. Daniel Robinson's LinkedIn: https://www.linkedin.com/in/danielrobinson94/

Next LvL AI is revolutionizing the sales ecosystem with its groundbreaking flowchart software. Expertly crafted to integrate effortlessly with CRMs, sales methodologies, and complex workflows, this platform aims to illuminate and optimize the sales journey. Users can anticipate clarity in their sales processes, giving them real-time insights into each deal's progression, and unlocking strategies to enhance efficiency and revenue growth. One standout feature is its ability to foster accountability among sales reps without imposing undue pressure, making it simpler for them to manage tasks and finalize deals. Furthermore, sales consistency is no longer a distant dream; with automatic CRM updates facilitated by Next LvL AI, the era of unreliable data is consigned to the past. For businesses seeking to elevate their sales game, Next LvL AI stands out as the premier choice.

Next LvL AI's Website: https://www.nextlvlai.com/

Next LvL AI's LinkedIn: https://www.linkedin.com/company/next-lvl-ai/

Learn more about Paramify: https://www.paramify.com/

#5 - Exploring FedRAMP Rev 5 With Christian Hansen

Fri, 25 Aug 2023 11:07:00 -0600

In this episode, we host Christian Hansen of Moss Adams. Christian delves into his foundational years in cybersecurity and traces his professional trajectory that led him to his current role. As an expert on FedRAMP, he provides an in-depth analysis of the recent changes introduced with FedRAMP Rev 5. Join us for an informative session with a leading expert in the field.

Christian Hansen's LinkedIn: https://www.linkedin.com/in/christian-hansen-3570b98/

Learn more about Paramify: https://www.paramify.com/

#4 - Becoming a CISO with Debra Baker

Fri, 11 Aug 2023 11:00:00 -0600

Today Kenny talks to Debra Baker. Debra Baker is a passionate Cybersecurity Professional with over 20 years experience in multi-faceted, complex, fast-paced environments in the public and private sectors. Debra excels in Risk Management and Compliance with proven leadership experience on issues concerning information security. In her most recent role, she was the Director of Information Security (CISO) at RedSeal, Inc. She built the SOC2 program and within 6 months achieved SOC2 compliance for RedSeal's SaaS product Stratus. She built the information security program at RedSeal and managed all GRC (CC, FIPS, SOC2, FedRAMP, and GDPR) as well as third-party vendor risk assessments, wrote the security policies, and managed the information security awareness program. She is a critical thinker, connector, innovator, and an effective translator between technical and non-technical entities in Cybersecurity.

LEARN MORE about Debra Baker:

https://trustedciso.com/

https://www.linkedin.com/in/debrabakernc/

LEARN MORE about Paramify here: https://www.paramify.com/

#3 - Kenny’s Backstory Pt. 2

Fri, 28 Jul 2023 11:17:00 -0600

Today, Keaton & Adam talk to Kenny about his interesting past, from being a pioneer for the Adobe Common Controls Framework to starting a hedge fund, and what ultimately led Kenny to start Paramify.

Learn more about Paramify on our website: www.paramify.com

#2 - Using AI Securely with Walter Haydock

Fri, 14 Jul 2023 09:00:00 -0600

Walter Haydock is a dynamic and multifaceted professional specializing in the intersection of cybersecurity and artificial intelligence. As the founder and CEO of StackAware, Walter leverages industry-standard frameworks, his own extensive experience, and responsible use of AI tools to help businesses manage AI-related cybersecurity, privacy, and compliance risks. Through StackAware, businesses can harness the power of new technologies by building effective and repeatable AI risk management programs.

Additionally, in his role as a Cybersecurity Author, Consultant, and Ghostwriter for Deploy Securely, Walter utilizes his expertise to transform cybersecurity CEOs into thought leaders within the industry. His approach includes driving inbound leads through consistent LinkedIn posting, nurturing them with expertly written long-form content, and converting prospects into customers by demonstrating value. His broad set of skills includes data privacy, AI, cybersecurity, regulatory compliance, product development, enterprise software, and cross-functional team leadership.

With his entrepreneurial spirit and a strong commitment to cybersecurity and AI, Walter continues to be a vital resource for businesses navigating the complexities of today's technological landscape.

Learn more about Walter Haydock and his businesses through the links below:

AI security course Deploy Securely blog StackAware's free quantitative vulnerability management email course

Walter Haydock's LinkedIn: https://www.linkedin.com/in/walter-haydock/

LEARN MORE about Paramify here: https://www.paramify.com/

#1 - Kenny’s Backstory

Thu, 06 Jul 2023 09:54:38 -0600

Welcome to the genesis of The Paramify Podcast. Today, we uncover the beginning of Kenny's journey that culminated in the creation of Paramify.

LEARN MORE about Paramify here: https://www.paramify.com/