Paramify
The Paramify Podcast
The Paramify Podcast is a practical, occasionally chaotic show about GRC, risk management, and staying audit-ready without losing your mind. It’s part talking security strategy, and part group therapy. We talk with cybersecurity and GRC leaders, including CISOs, auditors, founders, and security engineers, about FedRAMP and FedRAMP 20x, SOC 2, CMMC, NIST RMF, the shift toward continuous evidence, and everything in between. Learn about what we do at P aramify here: www.paramify.com
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Printer Security, FedRAMP High, and the Road to IL6 with Justin Scott 29.06.2026 38:48
Justin Scott didn't set out to build a security program. But after Vasion's customers started asking hard questions about cloud security, he ended up leading the company through ISO 27001, SOC 2, FedRAMP Moderate, and all the way to FedRAMP High, with IL6 on the horizon. He breaks down what actually worked, what didn't, and why automation is non-negotiable. Learn more about Vasion at https://vasio...
The VDR Mandate Is Here: FedRAMP NTC-0014 and CISA BOD 26-04 Explained 26.06.2026 47:42
Monthly vulnerability scans and POA&M spreadsheets aren't going to cut it anymore. Kenny and Isaac break down FedRAMP NTC-0014 and CISA BOD 26-04, the two mandates reshaping how cloud service providers approach vulnerability management, and what CSPs need to do before the December 7, 2026 deadline hits. They cover why AI has fundamentally changed the threat landscape, how tools like Wiz are he...
FedRAMP 20x, CMMC, and the Future of GRC with Matt Bruggeman 26.05.2026 42:03
"For years defense contractors kept hearing CMMC's coming. And then it kept not coming. So they grew this boy who cried wolf mentality where once it finally really was coming, they were like, I've heard that before." - Matt Bruggeman Kenny and Mike sit down with Matt Bruggeman, Director of Federal GTM at A-LIGN. Matt has done it all, he's a trained electrical engineer, improv comedian, and indepen...
AI, FedRAMP and the "Dark Matter" of Data with Bhanu Jagasia and Vincent Tham 18.05.2026 55:34
Is legacy compliance actually dead? In this episode of the Paramify Podcast, we sit down with Bhanu Jagasia and Vincent Tham from BladeStack to talk about the massive shift happening in the GRC world. From the "dark matter of data" to the transition toward FedRAMP 20X, we’re moving away from 1,500-page "black box" documents and toward real-time, automated evidence. We also dive deep into the AI h...
GRC Engineering, FedRAMP 20x, and AI with Ethan Troy 12.05.2026 1:06:44
"Anytime someone says something is dead, that's exactly what I have to go learn." - Ethan Troy Kenny and Isaac sit down with Ethan Troy, Senior GRC Engineer at TRM Labs, Head of AI Research at GRC Engineering Club, and Hacker at hackIDLE. One of the GOATs of GRC engineering. He's been shipping GRC tools, automations, and agents nonstop. He's assessed FedRAMP packages from the 3PAO side at Coalfire...
Justin Merhoff on FedRAMP 20x, Secure AI, Trust Centers, and Modern Cybersecurity 02.03.2026 55:15
In this episode of The Paramify Podcast, Kenny sits down with Justin Merhoff to talk about what makes security actually work: usability, speed, adaptability, and real-world adoption. Justin shares lessons from nearly three decades in cybersecurity, from his time in the U.S. Army to leading security and compliance programs in the private sector. The conversation covers FedRAMP 20x, trust centers, s...
An Apropos of Nothing 17.02.2026 28:14
Today's episode is An Apropos of Nothing. This episode is optional, you can skip it if you want, but it's a pretty honest glimpse into what hanging out with us is actually like.
Making Risk Make Sense with Rob Black 02.02.2026 54:14
“There’s a 5% chance of a $5 million loss. Is it exactly right? No. But it’s way better than saying medium, because medium means nothing.” Kenny sits down with Rob Black, Founder and CEO of Fractional CISO, to break down how to translate cyber risk into language executives actually act on: probability, dollars, tradeoffs, and clear acceptance instead of vague labels that disappear into a slide dec...
From Film to FedRAMP with Justin Rende 20.01.2026 47:06
Federal compliance is having a moment. FedRAMP, FedRAMP 20x, CMMC, the whole alphabet soup is going mainstream, fast. In this episode of The Paramify Podcast, we sit down with Justin Rende, Founder and CEO of Rhymetec, to talk about what’s actually changing, what’s still painfully hard, and why “compliance automation” only works if you stay obsessed with real risk. Justin also shares his origin st...
GRC Lasagna with Ayoub Fandi 05.01.2026 1:25:21
“There’s this misconception in the marketplace that you need to be a coder to do GRC Engineering. You don’t. I don’t want people to be bogged down in scripting. I want them to be systems thinkers focusing on architecture and orchestration.” Kenny and Mike sit down with the GOATed pioneer of GRC Engineering, Ayoub Fandi. In case you’ve been living under a rock, Ayoub is the Security Assurance Autom...
SOC 2, FedRAMP 20x, and the Future of Audits with Dixon Wright 16.12.2025 57:05
Kenny and Mike sit down with Dixon Wright, Head of Delivery at Eden Data, for a grounded and insightful conversation on security, compliance, and building smarter systems. They cover: - Dixon’s journey from college football to leading security at Eden Data - What it takes to actually deliver cybersecurity — not just sell it - Why Eden Data joined the FedRAMP 20x pilot - How compliance is evolving...
The Future of GRC with Jack Rumsey 08.12.2025 52:43
"The AI age we're in is going to force startups to compete in the higher upper echelon of risk assurance." Jack Rumsey Head of GRC at Swimlane explains why startups will no longer have the luxury of maturing later and how the AI era is pushing even early-stage teams into enterprise-grade security. This episode covers why assurance needs to evolve, how 20X can level the playing field, why automatio...
The Giant Washing Machine of Open Source: Container Security with George Manuelian 27.10.2025 51:56
Security isn’t sexy. It’s laundry. You know you need to do it, but you’d rather have a tool do it for you. Kenny Scott and Mike Schreiner from Paramify sit down with George Manuelian from RapidFort to talk about freeing the captives — the engineers buried in spreadsheets, patch tickets, and compliance chaos. They cover: Why security always seems at odds with progress How automation can fix wha...
The End of FedRAMP as We Know It? Mike Craig on 20x, DoD, and What’s Next 22.09.2025 56:05
FedRAMP as we know it is changing. In this episode, Mike and Kenny sit down with Mike “Waffle” Craig, founder and CEO of Vanaheim Security and longtime cloud and cybersecurity leader, to unpack what FedRAMP 20x means for agencies and vendors across FedCiv and DoD. We get into compliance philosophy, how to define your boundary the right way, why sponsorship strategies matter, and where scalability...
#45 - The Evolution of FedRAMP and FedRAMP 20x with Jason Oksenhendler 25.08.2025 1:02:36
“Once you’re in Hotel FedRAMP, you can’t leave.” Jason Oksenhendler, Cybersecurity Director of FedRAMP®/GovRAMP at Baker Tilly x Moss Adams, sits down with Kenny and Isaac to talk about FedRAMP’s past, how 20x is shaping the future, and why nobody ever really checks out of Hotel FedRAMP. 👉 Key Takeaways: • FedRAMP 20x was a “hand grenade” for everyone’s roadmap, and it’s already transforming com...
#44 - Karen Laughton on FedRAMP 20X, AI, and the Future of Compliance 12.08.2025 51:28
In this episode of the Paramify Podcast, Karen Laughton, EVP of Advisory at Coalfire, joins Kenny Scott (CEO of Paramify) and Mike Schreiner to unpack the future of government cybersecurity and compliance modernization. From the hard realities of FedRAMP 20X to lessons learned from the early days of FSMA and CMMC confusion, this conversation pulls no punches. Karen shares how she broke into cybers...
FedRAMP 20X Roundtable with FedRAMP Director Pete Waterman 17.07.2025 1:12:55
It’s not only about faster authorizations—it’s about unlocking the full potential of modern cloud for government. FedRAMP 20X is how we get there. In this exclusive roundtable, Pete Waterman (FedRAMP Director), Karen Laughton (EVP of Advisory, CoalFire), Rob Otten (Sr. Director, Risk & Compliance, Flock Safety), Kenny Scott (Founder & CEO, Paramify), and Mike Schreiner (COO, Paramify) brea...
#43 - Martin Rieger on FedRAMP 20X, The Future of FedRAMP Compliance, Cloud, and Security 12.05.2025 1:05:41
Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance. We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many compan...
#42 - FedRAMP 20x and The Creation of FedRAMP with Dave Fairburn Jr. 15.04.2025 1:04:42
Today we're sitting down with the Father of FedRAMP himself — Dave Fairburn Jr. — for a raw, detailed, and at times hilarious deep dive into the origin story, evolution, and future of the FedRAMP program. From 16-hour days and bureaucracy battles to 2,500-page documentation drafts reduced by weight tests (yes, really), Dave walks us through how the entire FedRAMP framework was created, challenged,...
#41 - Discussing FedRAMP 20x 31.03.2025 31:59
What do DC sneakers, HR-approved marriage advice, and compliance robots have in common? They’re all part of this episode as Kenny and Mike dive into the bold future of FedRAMP 20X — and why it’s finally time to fix the pain points for both private companies and government agencies. Here’s what they cover: - The (not) shift in risk ownership — why agencies have always owned the risk and the PMO wil...
#40 - Discussing FedRAMP with Pete Waterman 19.03.2025 1:14:46
Today, we're pretending it's August 24, 2024, as Kenny and Mike sit down with Pete Waterman to talk about his backstory and what inspired him to apply to become the new FedRAMP Director. Spoiler alert: we discuss frustration, bureaucracy, and a wild career move. Also these things: - Pete's Origin Story – Every hero has one. - Government Tech: Why Is It So Hard? – Bureaucracy, risk, and the myth o...
#39 - Discussing FedRAMP with Jason Ford 03.03.2025 1:04:32
Today Kenny and Mike are talking to the one and only Jason Ford , CEO & Founder of Steel Patriot Partners —a true FedRAMP guru who's been securing systems since digital transformation was still a baby. Jason shares his battle-tested strategies for navigating security audits, implementing encryption the right way, and avoiding common pitfalls that can delay your compliance efforts for months. ...
#38 - Building a Great Security Program with Google Sheets 17.02.2025 34:43
Getting started with risk management is easier than you think- and you don’t need fancy tools to do it. In this episode, Kenny and Mike break down how a simple Google Sheet can be your secret weapon for designing a great security program. Whether you’re navigating FedRAMP, SOC 2, or ISO 27001, the key is just getting started—no expensive software required. If you're a startup founder, security...
#37 - A Journey Into FedRAMP with Eric Britton Adams 03.02.2025 1:00:44
Eric, the CISO at Federal Cyber Defense Solutions and former Chief FedRAMP Strategist at IBM and FedRAMP Leader at HP, shares his journey from growing up on a farm to becoming a CISO and FedRAMP expert. We dive into the challenges of FedRAMP compliance, the evolution of cybersecurity, and how today's security teams can strike the balance between technical expertise and meeting compliance demands....
#36 - What are the Control Assessment Phases? 21.01.2025 22:55
Whether you’re launching a brand-new security program or fine-tuning your existing one, this episode has everything you need to know. Kenny and Mike are breaking down the 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗽𝗵𝗮𝘀𝗲𝘀 – why they matter and how they can transform your security processes. Here’s what’s on deck in this episode of The Paramify Podcast: - How to plan your security framework so it’s rock-solid from the star...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.