Behind the Shield – Episode 2:
In our first episode featuring a guest, hosts Jason Shropshire and Jason Redding sit down with a public-sector security leader, Said Syed, CISO Snyk for Government, to unpack the real story behind FedRAMP—from the messy early days and the shared-responsibility model, to today’s accelerated authorizations and the 20x roadmap. We cover hard-won lessons, how process (not just tech) slows teams down, what RC-12 means for vulnerability reality checks, and where AI, KSIs, and agency expectations are heading next.
What you’ll learn:
How early cloud providers navigated FedRAMP before inheritable controls were common
Why the process—and acceptance criteria—trips up most teams more than technology
The shift from Rev4 → Rev5 and how to plan upgrades without derailing product roadmaps
20x Phase 1 outcomes, the move to Moderate (Phase 2), and what faster ATOs mean for SaaS
RC-12, “reachable ≠ accessible,” and pushing back on non-applicable vulns with evidence
Practical ways to use opinionated architectures, automation, and live evidence collection
Sensible guardrails for AI features in regulated environments
Mentioned:
Snyk Government: security in modern DevSecOps pipelines
InfusionPoints XBU40 + Command Center + AuditShield: “audit-ready, always-on” compliance
FedRAMP Day at GSA and growing marketplace velocity
Subscribe for new episodes on FedRAMP 20x, ATO strategy, and real-world build/manage/defend tactics coming out every Tuesday.
Have a FedRAMP question? Drop it in the comments or reach out to InfusionPoints.
#fedramp #fedramp20x #govcloud #ATO #GRC #cybersecurity #devsecops #snyk #infusionpoints
Links:
• Learn more about InfusionPoints: https://infusionpoints.com/
• Learn more about Snyk: https://snyk.io/
• Connect with us on LinkedIn: https://www.linkedin.com/company/infusionpoints