Behind the Shield

From FedRAMP to the Future of AI: Tony Bai on Compliance, Cybersecurity, and What’s Next

Tue, 26 May 2026 18:00:00 -0400

In this episode of Behind the Shield, Jason Shropshire sits down with Tony Bai, Chief Solutions Officer at RISCPoint, for a wide-ranging conversation on cybersecurity, compliance, emerging technology, and the future of the workforce.

Tony shares his journey from serving in the U.S. Air Force and supporting cyber operations at the Pentagon to becoming a leader in the federal cybersecurity and compliance space. Along the way, the conversation dives into the evolution of FedRAMP, RMF, CMMC, cloud security, and the realities of helping organizations navigate increasingly complex regulatory environments.

Jason and Tony discuss the balance between real security and “check-the-box” compliance, why over-reliance on tools and outsourced accountability can create risk, and how organizations can build sustainable security programs that actually support business operations. The episode also explores common pitfalls in FedRAMP and CMMC journeys, the importance of tailored security engineering, and why mentorship and workforce development matter now more than ever.

The conversation then shifts to one of the biggest topics shaping the industry today: AI. From AI-assisted coding and automation to concerns about losing foundational technical skills, Tony and Jason unpack both the opportunities and risks that come with rapid technological acceleration. They also reflect on how today’s cybersecurity leaders can help develop the next generation of engineers and practitioners in an increasingly AI-driven world.

The episode wraps with lighter conversation around mentorship, career growth, sci-fi fandoms, Legos, and what life after cybersecurity might look like.

Links to things we talked about:
The 1969 Apollo guidance computer - https://www.youtube.com/watch?v=B1J2RMorJXM
Running Doom on a pregnancy test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

What You’ll Learn
Tony Bai’s path from the Air Force into cybersecurity and compliance leadership
How FedRAMP, RMF, CMMC, and cloud security have evolved over time
Why “real security” goes beyond compliance checklists
Common mistakes organizations make when outsourcing security responsibilities
The balance between automation, AI, and human expertise
Why foundational technical knowledge still matters in the age of AI
How companies can better mentor and grow the next generation of cybersecurity talent
The importance of long-term trusted partnerships in compliance and advisory work

Chapters:
0:11 - Introduction and Guest Welcome
1:05 - Tony's Background in Cybersecurity
3:45 - Jason's Path in IT
7:45 - Evolution of Technology
9:33 - Transition to Compliance and Advisory
13:58 - Compliance, Security Engineering, and FedRAMP
19:22 - Challenges in Compliance
24:38 - Over and Under Investment in Security
35:59 - Rapid Changes in AI and Technology
49:58 - Personal Interests and Hobbies

Guest Links:
https://www.linkedin.com/in/williamtbai/
https://www.linkedin.com/company/riscpoint/
https://www.riscpoint.com/

Learn more about InfusionPoints:
https://www.linkedin.com/company/infusionpoints/
Jason Shropshire: https://www.linkedin.com/in/shrop/
Request a Demo: https://xbu40.com/

InfusionPoints & AWS:
InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments.

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

Breaking Into Def Tech: The Top 5 Challenges Facing Modern Companies

Tue, 19 May 2026 15:00:00 -0400

The Defense Tech market is full of opportunity, but getting into the space is far from simple.

In this episode of Behind the Shield, InfusionPoints COO Jason Shropshire and CEO Gary Daemer each share their perspectives on the top 5 challenges companies face when trying to break into the Defense Tech and Department of Defense market. The conversation highlights how technical, operational, and business challenges can look very different depending on where companies are in their federal journey.

From navigating FedRAMP and the DoD Cloud Computing Security Requirements Guide (DoD CC SRG) to finding sponsorship, securing IL4/IL5 authorizations, and surviving long ATO timelines, this conversation offers a candid look at the operational, technical, and business realities of entering the federal and defense markets.

The discussion also explores:
• Why sponsorship is one of the biggest barriers to entry
• The difference between FedRAMP and DoD authorization pathways
• Challenges around IL4 and IL5 environments
• The impact of RMF, DISA, BCAP, and eMASS processes
• Why predictability and automation matter for modern compliance
• Hardening requirements, STIGs, and securing cloud environments
• The business realities of getting a second and third government customer
• How FedRAMP 20x and automation could reshape the future of Defense Tech compliance

Whether you're a startup trying to break into Defense Tech, a cloud service provider pursuing federal business, or an established company navigating DoD requirements, this episode provides practical insight from a team actively helping organizations operate in regulated federal environments.

What You’ll Learn:
• The biggest mistakes companies make entering Defense Tech
• Why compliance alone does not guarantee success
• The hidden complexity of IL4/IL5 authorizations
• How authorization delays impact business growth
• Where the Defense Tech market may be headed next

Learn more about InfusionPoints:
https://www.linkedin.com/company/infusionpoints/
Gary Daemer: https://www.linkedin.com/in/infusionpoints/
Jason Shropshire: https://www.linkedin.com/in/shrop/
Request a Demo: https://xbu40.com/
Blogs:
SWFT, cATO, 20x and the Rev. 4 Drag Still Inside DoW Cloud Authorization:
https://infusionpoints.com/blogs/swft-cato-20x-and-rev-4-drag-still-inside-dow-cloud-authorization
The Quiet Convergence: why DoD DevSecOps, SWFT, and FedRAMP 20x are Starting to Rhyme:
https://infusionpoints.com/blogs/quiet-convergence-why-dod-devsecops-swft-and-fedramp-20x-are-starting-rhyme
Subscribe for more conversations on FedRAMP, Defense Tech, cybersecurity, cloud compliance, and the future of continuous authorization.

InfusionPoints & AWS:
InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments.

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

Understanding Minimum Assessment Scope (MAS) in FedRAMP 20x

Tue, 12 May 2026 14:00:00 -0400

In this episode of Behind the Shield, InfusionPoints’ Chad Spears and Tanner Bailey break down one of the most important concepts shaping the future of FedRAMP 20x: the Minimum Assessment Scope (MAS).

As organizations begin preparing for the transition toward continuous validation and automated security evidence, understanding what actually belongs in scope has become critical. Chad and Tanner unpack how MAS is designed to help organizations focus on the systems, resources, and validations that truly matter to the security of the environment instead of wasting time, engineering effort, and budget on unnecessary complexity.

The conversation explores how FedRAMP 20x is pushing organizations toward a more operational, automation-first mindset. Rather than treating compliance as a one-time documentation exercise, the discussion highlights how continuous validation, reusable checks, and machine-readable evidence are changing the way cloud providers approach authorization readiness.

Throughout the episode, the team connects the technical realities of Minimum Assessment Scope back to real business outcomes. From reducing engineering overhead and controlling costs to accelerating authorization timelines and improving operational maintainability, MAS is positioned as a foundational starting point for organizations pursuing a modernized FedRAMP strategy.

Whether you’re a security engineer, cloud architect, compliance lead, executive stakeholder, or CSP trying to understand what FedRAMP modernization actually means in practice, this episode provides practical insight into where the ecosystem is heading and how to prepare.

Chapters:
Introduction and Overview - 0:08
Understanding MAS (Minimum Assessment Scope) - 0:56
Importance of MAS in FedRAMP 20X - 4:52
Defining the Scope and Its Impact - 7:29
Challenges and Considerations - 11:33
Business Impact of MAS - 26:46
Conclusion and Resources - 28:21

What You’ll Learn:
• What Minimum Assessment Scope (MAS) actually means in FedRAMP 20x
• How MAS can reduce complexity, cost, and engineering effort
• Why continuous validation changes the way compliance is approached
• How reusable KSI validation checks improve operational efficiency
• Why automation and machine-readable evidence are central to FedRAMP modernization
• The connection between MAS, speed-to-authorization, and long-term maintainability
• Updates on Consolidated Rules 2026 (CR2026) and evolving FedRAMP terminology
• What organizations should be doing now to prepare for the future of FedRAMP

InfusionPoints Links:
FedRAMP 20x Quick Look Assessment: https://xbu40.com/assessment
https://infusionpoints.com/
LinkedIn: https://www.linkedin.com/company/infusionpoints/
Chad Spears: https://www.linkedin.com/in/chad-spears007/
Tanner Bailey: https://www.linkedin.com/in/tanner-b-37a50a132/

InfusionPoints & AWS:
InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments.

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

From Acceleration to ATO: Navigating Defense Tech, Divestitures, and the Future of FedRAMP

Tue, 05 May 2026 17:00:00 -0400

In this episode of Behind the Shield, we sit down with Phil Hickson alongside InfusionPoints’ Jackson Gorman and Jason Shropshire for a deep dive into the evolving world of Defense Tech and federal compliance.

Phil shares a behind-the-scenes look at navigating a complex FedRAMP ATO journey during a major divestiture, including standing up a new authorization boundary while maintaining compliance and customer continuity. The conversation explores the challenges of scaling secure cloud services across federal and DoD environments, from BCAP connections and IL4/IL5 considerations to managing risk at scale.

We also unpack what modernization looks like today. With FedRAMP 20x gaining momentum, the group discusses how Defense Tech companies can balance legacy requirements with continuous validation and automated evidence. The result is a candid look at where compliance is headed and what it means for companies building for mission-critical environments.

If you’re working in Defense Tech, selling into federal or DoD markets, or trying to make sense of where FedRAMP is going next, this episode offers practical insight from people actively navigating the shift.

Chapters:
00:08 Introduction and Guest Welcome
00:31 Phil's Experience with CSPs
02:34 Divestiture and Omnissa's Origin
05:20 Challenges with FedRAMP and DOD
15:22 Navigating DOD Authorization
33:45 Modernization and 20X Discussion
49:18 Phil's Origin Story in Compliance
55:44 Lighthearted Questions and Wrap-up

Guest Links:
Phil Hickson- https://www.linkedin.com/in/philhickson/
Omnissa- https://www.linkedin.com/company/omnissa/
Omnissa trust center | Cloud security & compliance- https://www.omnissa.com/trust-center/
Omnissa Products and Platform Services- https://www.omnissa.com/products/
https://www.omnissa.com/

About Omnissa:
Omnissa provides an industry-leading digital workspace platform of services that simplifies the delivery, management, and security of devices, apps, and services to employees and IT teams alike.
Explore Omnissa - the digital work platform leader- https://www.omnissa.com/about-us/

InfusionPoints Links:
Jason Shropshire- https://www.linkedin.com/in/shrop/
Jackson Gorman- https://www.linkedin.com/in/jacksonagorman/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/
https://xbu40.com/
FedRAMP 20x Quick Look Assessment for CSPs: https://xbu40.com/assessment
'SWFT, cATO, 20x and Rev 4 Drag Still Inside DoD Cloud Authorization' Blog: https://infusionpoints.com/blogs/swft-cato-20x-and-rev-4-drag-still-inside-dow-cloud-authorization

InfusionPoints & AWS:
InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments.

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

The Agentic SOC Shift: Smarter Security, Human-Led Decisions

Wed, 29 Apr 2026 08:00:00 -0400

What happens when your SOC doesn’t just respond to threats but actively thinks, prioritizes, and takes action?

In this episode of Behind the Shield, we break down the rise of the Agentic SOC and what it means for the future of cybersecurity operations. As organizations face an overwhelming volume of alerts, evolving threats, and increasing pressure to move faster, traditional SOC models are being pushed to their limits. Enter agentic systems. These are AI-driven, decision-capable frameworks designed to augment or even transform how security teams operate.

We explore how agentic capabilities are shifting the SOC from reactive monitoring to proactive, intelligent defense. From automated triage to adaptive response workflows, this conversation dives into the real-world impact of bringing autonomy into security operations and what teams need to consider before adopting it.

Whether you're leading a SOC, building security architecture, or trying to understand how AI is reshaping cyber defense, this episode offers a grounded look at where things are headed and what it takes to get there.

What You’ll Learn:
• What an Agentic SOC actually is and how it differs from traditional SOC models
• How AI agents can triage, prioritize, and respond to threats in real time
• The role of human analysts in an increasingly autonomous environment
• Key benefits and risks of adopting agentic security operations
• How organizations can begin preparing their SOC for this shift
• Where agentic approaches align with modern frameworks like continuous monitoring and validation

InfusionPoints Links:
Alex Erhardt: https://www.linkedin.com/in/charles-e-7a2b8016a/
Nicholas Whitley: https://www.linkedin.com/in/nicholas-whitley-511085213/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/
Get continuous security without building your own SOC: https://app.hatchbuck.com/OnlineForm/93633624292

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

FedRAMP 20x and the Future of Compliance with Gary Guercio

Wed, 29 Apr 2026 08:00:00 -0400

In this episode of Behind the Shield, we sit down with Gary Guercio, VP of Operations at Fortreum, for a deep dive into the evolution of cybersecurity auditing and what FedRAMP 20x signals for the future of federal cloud security. From the early days of manual audits filled with printed artifacts, screenshots, and physical binders, to today’s push toward automation, APIs, and machine-readable evidence, Gary shares a firsthand perspective on how dramatically the landscape has changed.

Together, we explore how the industry is shifting away from point-in-time assessments toward continuous validation, and what that really means for Cloud Service Providers, assessors, and agencies. This conversation goes beyond theory and gets into the practical realities: how auditors will need to understand code, how engineering and compliance are becoming tightly integrated, and why organizations must rethink how they build, manage, and prove security from the ground up.

We also discuss the broader impact of FedRAMP 20x on the market, including how transparency, competition, and automation could reshape how security is measured and trusted across the ecosystem. Whether you're just starting your FedRAMP journey or actively navigating 20x, this episode offers valuable insight into where things are going and how to stay ahead.

Chapters:
9:08 Introduction and Guest Intro
9:20 Career Path and Education
10:42 Early Career in Cybersecurity
13:36 Auditing and IT Controls
15:37 Booz Allen and Government Projects
20:39 FedRAMP and Fortreum
25:17 FedRAMP 20x and Automation in Auditing
59:26 The Future of Auditing and AI

What You’ll Learn:
• How cybersecurity auditing has evolved over the last 25+ years
• The biggest differences between traditional audits and FedRAMP 20x
• Why automation and machine-readable evidence are changing everything
• How the role of assessors is shifting toward code and engineering understanding
• What continuous validation actually looks like in practice
• The challenges CSPs will face when adopting 20x
• How competition in the marketplace could drive stronger security outcomes
• Where AI and automation are headed in the auditing space
• Why FedRAMP 20x is about more than compliance, it’s about changing the system

Guest Links:
Gary Guercio- https://www.linkedin.com/in/gary-guercio-48622b5b/
Fortreum- https://fortreum.com

InfusionPoints Links:
Gary Daemer- https://www.linkedin.com/in/infusionpoints/
InfusionPoints- https://www.linkedin.com/company/infusionpoints/
20x Webinar Series | Session 1- https://youtu.be/EoaXjGa-vl0?si=UmnDCXY4dhTKpC6L
20x Webinar Series | Session 2 Registration- https://xbu40.com/20x-cohort/april-28-26

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

InfusionPoints Achieves FedRAMP 20x Moderate (Class C): What It Means for the Future

Wed, 15 Apr 2026 12:00:00 -0400

In this special announcement episode of Behind the Shield, we’re sharing a major milestone for InfusionPoints and what it signals for the future of federal cloud security.

Chad Spears and Tanner Bailey break down our FedRAMP 20x Moderate (Class C) achievement, what it took to get here, and why this moment matters for cloud service providers, agencies, and the broader FedRAMP ecosystem. This isn’t just another certification, it’s proof that the shift from point-in-time compliance to continuous validation is already happening.

We unpack how FedRAMP 20x is transforming how security is demonstrated, moving away from static documentation and toward real-time, machine-readable evidence through Key Security Indicators (KSIs). We also touch on the journey behind this achievement, from early automation efforts to navigating evolving PMO expectations.

You’ll hear how this approach changes the experience for providers and assessors, creating a more collaborative and efficient path to authorization. We also explore the business impact, including faster time to market and a clearer path for organizations entering the federal space.

Whether you're pursuing FedRAMP, evaluating 20x, or trying to understand where the program is headed, this episode offers practical insights and a clear view into what comes next.

Chapters:
0:10 Introduction and Special Announcement
0:45 Certification Achievement
1:23 Significance of 20X Certification
2:45 Customer Impact and FedRAMP Framework
6:07 Understanding FedRAMP Designations
11:48 Journey to 20X Certification
18:30 Team Effort and Continuous Validation
18:47 Customer Benefits of 20X Certification
19:02 Platform as a Service and FedRAMP
19:29 Security Controls and KSI's
20:25 Speed to Market with XB40
21:53 Webinar and Education Initiatives
22:48 Upcoming Webinar Details
26:22 Team Recognitions and Shoutouts
30:57 Closing Remarks

What You’ll Learn:
• What achieving FedRAMP 20x Moderate (Class C) actually means
• Why this milestone is important for CSPs and federal agencies
• How FedRAMP 20x is shifting compliance to continuous validation
• The real business impact of faster authorization timelines
• How automation and KSIs replace traditional audit processes
• What makes this approach different from Rev. 5 assessments
• How InfusionPoints approached the 20x journey internally
• What this means for customers looking to enter the federal market
• Why this proves the transition from Rev. 5 to 20x is possible

Resource Links:
https://www.fedramp.gov/rfcs/
FedRAMP 20x Community Update- https://youtu.be/eU0i6c3Yk8o?si=_kbfmhax8BD154Q7

InfusionPoints Links:
https://xbu40.com/
20x Quick Look Assessment- https://xbu40.com/assessment
20x Webinar Series | Session 1- https://youtu.be/EoaXjGa-vl0?si=UmnDCXY4dhTKpC6L
20x Webinar Series | Session 2 Registration- https://riverside.com/webinar/registration/eyJldmVudElkIjoiNjlkZDUzZmNiNWI5MjQ2YTllY2E0YmUwIiwic2x1ZyI6Imphc29uLXNocm9wc2hpcmVzLXN0dWRpbyJ9
Chad Spears-https://www.linkedin.com/in/chad-spears007/
Tanner Bailey- https://www.linkedin.com/in/tanner-b-37a50a132/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/

About Us:
InfusionPoints is a cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure environments in highly regulated markets.

We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security, supporting customers from authorization through continuous monitoring.

With a security-first approach, we deliver scalable, compliant solutions that help organizations move faster without sacrificing security.

From SQL Injection to Compliance Automation in Cybersecurity with Andrew Plato

Tue, 14 Apr 2026 16:00:00 -0400

In this episode of Behind the Shield, Jason Shropshire sits down with cybersecurity founder, author, and industry veteran Andrew Plato for a candid, wide-ranging conversation on what it really takes to build and scale a cybersecurity company.

Andrew shares his journey from accidentally discovering one of the earliest SQL injection vulnerabilities in the 90s to founding and growing a cybersecurity company over 26 years and ultimately exiting after building a successful compliance automation platform. Along the way, he breaks down the hard-earned lessons that most founders learn the hard way, covering everything from business model pivots and scaling challenges to sales strategy and the evolution of compliance in cloud environments.

This episode goes beyond technical security talk and dives into the mindset shifts that separate successful companies from the rest. From why “compliance is miserable” and how automation changed the game, to why customers do not buy products but instead buy pain relief, Andrew offers unfiltered insights that apply to startups, established companies, and anyone navigating today’s cybersecurity landscape.

Whether you are a founder, operator, or part of a growing security team, this conversation will challenge how you think about building, selling, and delivering cybersecurity solutions in a rapidly evolving market.

Chapters:
0:09 Introduction and Welcome
0:59 Andrew's Early Career and SQL Injection Discovery
3:01 Starting a Security Company
5:44 Compliance Automation and AWS Collaboration
10:49 Managed Security and Automation Insights
33:15 The Founder's Dilemma and Business Growth
52:31 Sales Strategies and Credibility Selling
61:21 Closing Remarks

What You'll Learn:
• How one of the earliest SQL injection discoveries helped spark a cybersecurity career
• The reality of building and pivoting a company over decades
• Why compliance has historically been “miserable” and how automation is changing that
• The origin and evolution of compliance automation platforms
• Why moving customers into standardized environments accelerates security and scalability
• The shift from hourly consulting to scalable, subscription-based models
• Why customers do not buy products but instead buy pain relief
• How to position cybersecurity as removing business barriers, not adding them
• The concept of opportunity barriers and how compliance impacts revenue
• Why traditional sales approaches like cold calling and product pitching no longer work
• The importance of credibility over product features in modern cybersecurity sales
• How startups can compete against larger, established players
• The biggest mistakes founders make and how to avoid them
• Why understanding your customer’s pain is the foundation of growth
• How automation and AI are accelerating the future of security and compliance

Guest Links:
Andrew Plato- https://www.linkedin.com/in/andrewplato/
The Founder's User Manual (Book)- https://www.amazon.com/dp/B0CZXP7TNF/ref=tsm_1_fb_lk
Company- https://zenaciti.com/

InfusionPoints Links:
Jason Shropshire- https://www.linkedin.com/in/shrop/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every e

From Monthly Scans to Continuous Monitoring: Mastering FedRAMP Vulnerability Management

Tue, 07 Apr 2026 17:00:00 -0400

n this episode of Behind the Shield, hosted by Mike Strohecker, the Cloud Operations team at InfusionPoints dives into the realities of vulnerability management in FedRAMP environments.

Mike is joined by Ryan Adcock and James Bolton from the Cloud Operations team, where they support customers operating in FedRAMP High and IL5 environments. Together, they break down what it really takes to maintain compliance through continuous monitoring and why strong vulnerability management practices are critical to keeping an authorization in place.

This conversation goes beyond high-level compliance talk and gets into the day-to-day execution. From running scans and managing vulnerabilities to maintaining accurate inventories and communicating with engineering teams, the group shares what actually happens behind the scenes to keep systems secure and compliant.

They also explore how vulnerability management is evolving. What used to be a monthly exercise is shifting into a continuous, always-on process. With the introduction of Vulnerability Detection and Response, organizations are expected to move faster, respond smarter, and understand their environments at a much deeper level.

If you are a Cloud Service Provider, security professional, or part of a team working toward or maintaining FedRAMP authorization, this episode provides practical insight into what works, what does not, and what is coming next.

Chapters:
0:00 Introduction and Guest Backgrounds
2:35 Vulnerability Management and Compliance
5:24 Continuous Monitoring and Best Practices
12:01 Understanding Customer Environments
17:34 VADR and Continuous Monitoring
23:03 Prevention and Security Improvements
27:15 Communication and Closing Remarks

What You’ll Learn

• What continuous monitoring requires in a FedRAMP environment and how it impacts your daily operations
• The different types of vulnerability scans including OS, database, container, and web application scans
• How Plans of Action and Milestones are used to track and report vulnerabilities
• Key remediation timelines and why meeting them is essential to maintaining authorization
• Why authenticated scans are necessary and where many organizations struggle
• Common challenges when scanning containers and web applications
• The importance of maintaining an accurate asset inventory and avoiding blind spots
• How communication between security and engineering teams improves remediation timelines
• What changes are coming with Vulnerability Detection and Response and continuous scanning expectations
• How automation and risk-based decision making are shaping the future of FedRAMP compliance

InfusionPoints Links:
Mike Strohecker, VP of Engineering and Operations: https://www.linkedin.com/in/michael-strohecker-238326172/
Ryan Adcock, Cloud Operations / Senior Consultant:
https://www.linkedin.com/in/ryanaadcock/
James Bolton, Cloud Operations / Senior Consultant:
https://www.linkedin.com/in/james-bolton-cyber/
https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

From Interns to SOC Analysts: Real Cybersecurity Careers Start Here

Tue, 31 Mar 2026 15:00:00 -0400

In this episode of Behind the Shield, we continue our internship series with a real, behind-the-scenes look at what it’s actually like to start a career in cybersecurity.

Host Felisha Daemer sits down with Levi Church and Ben Collins, two former interns turned full-time Security Operations Analysts, to talk through their journeys from local students to working hands-on in a 24/7 SOC environment.

They share how they found InfusionPoints, what surprised them most stepping into a professional environment, and how quickly things shift from theory to real-world application.

From navigating “acronym soup” on day one to building real solutions during live incidents, including a response to the global CrowdStrike outage, this episode highlights just how impactful hands-on experience can be.

You’ll also hear how InfusionPoints’ rotational internship model exposes interns to multiple teams, including security operations, engineering, advisory, cloud ops, and even marketing, helping them find where they thrive.

And maybe most importantly, why culture, curiosity, and being willing to figure things out matter just as much as technical knowledge.

Whether you’re a student exploring cybersecurity, a hiring manager building an internship program, or just curious how talent actually develops in this space, this episode gives you an unfiltered look.

Chapters:
0:10 Introduction
0:31 Levi's Introduction
1:23 Ben's Introduction
2:12 Inspiration to Enter the Field
3:40 Internship Experiences
6:50 Advice for Future Interns
8:23 Certifications and Learning
10:24 Culture and Work Environment
15:00 Projects and Achievements
21:15 Fun Questions

What You’ll Learn:
What it’s really like transitioning from cybersecurity theory to hands-on work in a SOC
How internships can shape and sometimes completely change career paths
The value of rotational vs. specialized internship experiences
Why “culture shock” is normal and how to push through it
How small teams create faster learning opportunities and require wearing multiple hats
Building an automated emergency communication system during a major outage
Streamlining internal SOC documentation for faster analyst onboarding
Automating employee bio updates for operational efficiency
Why certifications like AWS Cloud Practitioner, CySA+, and tools like CloudQuest can give you a head start
The importance of continuous learning, curiosity, and problem-solving in cybersecurity
How collaboration across teams (SOC, marketing, engineering, leadership) accelerates growth
What makes a strong intern and what advice current analysts would give to future applicants

InfusionPoints Links:
Apply to the Internship- https://infusionpoints.com/careers/InfusionPoints-Internship
Felisha Daemer- https://www.linkedin.com/in/felisha-daemer/
Levi Church- https://www.linkedin.com/in/levichurch/
Ben Collins- https://www.linkedin.com/in/benjamincollins001/
https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

FedRAMP 20x Explained, CMMC Impact, and Real Compliance Talk with Matt Bruggeman

Tue, 24 Mar 2026 16:00:00 -0400

In this episode of Behind the Shield, Jason Shropshire, InfusionPoints COO, sits down with Matt Bruggeman, Director of GTM Federal at A-LIGN, to explore one of the most unique career paths in the compliance space and how it directly shapes the way he approaches FedRAMP today. Starting in engineering, transitioning into improv comedy, and ultimately moving into sales engineering, Matt brings a perspective that blends technical depth with communication, adaptability, and real-world problem solving.

We dive into the realities of FedRAMP, including the friction points that have challenged CSPs over the last several years, from inconsistent interpretations to long timelines and the operational burden of maintaining authorization. Matt shares firsthand insight into how these challenges have impacted both providers and assessors, and where the industry is starting to shift.

The conversation also unpacks FedRAMP 20x and what it actually means beyond the headlines. We talk about automation, machine-readable evidence, and what organizations need to start thinking about now if they want to keep pace with where the program is going. This isn’t just about moving faster, it’s about fundamentally changing how compliance is approached.

We also touch on CMMC and its growing influence across the defense ecosystem, how it compares to FedRAMP, and why organizations need to think strategically about overlapping requirements and long-term compliance investments.

Throughout the episode, Matt highlights the importance of clear communication, storytelling, and being able to translate complex technical requirements into something actionable, especially in a space that often leans too heavily on jargon and process.

Whether you're early in your FedRAMP journey, actively working toward authorization, or rethinking your approach in light of 20x, this episode offers practical insight, honest perspective, and a look at where compliance is headed next.

What You’ll Learn:

• Matt’s journey from engineering to improv and how it shaped his approach to problem-solving
• The realities of FedRAMP challenges and why the process has been so difficult historically
• How FedRAMP is evolving and what changes are underway
• What FedRAMP 20x actually means and what it requires from organizations
• The impact of CMMC on the broader compliance and defense ecosystem
• Why communication, storytelling, and adaptability matter in technical roles
• Key insights for navigating compliance in a rapidly changing environment

Chapters:

0:00 - Introduction to the Podcast
0:29 - Meet Matt Bruggeman
1:16 - Matt's Engineering Background
2:13 - Transition to Improv Comedy
4:04 - Sales Engineering Journey
6:02 - Joining A-LIGN and FedRAMP
11:01 - FedRAMP Challenges and Changes
17:12 - CMMC and Industry Impact
23:33 - FedRAMP 20X Discussion
47:43 - Lighter Fare and Closing

If you’re building, managing, or defending in regulated environments, make sure to subscribe for more conversations like this.
Interested in learning more about FedRAMP 20x? Join our FedRAMP 20x Explained webinar on April 2nd at 1 PM EST: https://xbu40.com/20x-cohort

Guest Links:
Matt Bruggeman Linkedin: https://www.linkedin.com/in/matt-bruggeman/
A-LIGN- https://www.a-lign.com/
Mostly Compliant Podcast- https://www.youtube.com/playlist?list=PLLU5Lb_V9iSyFhftOkbrOE_y0DVAvDmO4
Sooper Doods- https://www.youtube.com/@SooperDoods

InfusionPoints Links:
Jason Shropshire, COO- https://www.linkedin.com/in/shrop/
https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

Inside the InfusionPoints Internship Program with Rachael & Aidan

Tue, 17 Mar 2026 16:00:00 -0400

What does an internship at InfusionPoints actually look like, and what can it lead to?

In this episode of Behind the Shield, Tanner Bailey sits down with former interns Rachael Smith and Aidan Fratcher, who are now full-time members of the InfusionPoints team, to talk about their journey from students to professionals in cybersecurity, compliance, and cloud.

They share how they first connected with InfusionPoints, what made the internship experience stand out, and what it was like to move through the rotational internship program across multiple teams. From shadowing engineers and SOC analysts to learning cloud operations and advisory work, this conversation gives an inside look at how interns gain real exposure to the business, technology, and culture behind the work.

Rachael and Aidan also discuss the projects their internship cohorts completed, including real-world automation concepts inspired by operational needs, and reflect on how those experiences helped shape their careers. The episode also dives into advice for students, career changers, and future interns on staying curious, continuing to learn, using AI tools wisely, and standing out in a fast-changing industry.

Whether you are exploring cybersecurity careers, interested in the InfusionPoints internship program, or just want a candid look at how early career talent can grow into impactful team members, this episode is packed with helpful perspective.

Chapters:

00:08 Welcome and Episode Overview
00:37 Interns' Backgrounds and Interests
02:54 Application Process and Networking Tips
05:26 Infusion Points' Culture and Learning Focus
08:21 Day in the Life of an Intern
09:58 Rotational Program and Team Exposure
12:34 Real-World Projects and Automation Solutions
18:30 Cross-Department Collaboration and Crisis Handling
33:31 Advice for Aspiring Cybersecurity Professionals
42:52 Fun Questions and Closing Thoughts

What You'll Learn:

• How Rachael and Aidan found the InfusionPoints internship program
• What the application and interview process was like
• What a day in the life of an InfusionPoints intern looks like
• How the rotational program exposes interns to engineering, cloud operations, advisory, and security operations
• Real internship project examples and how they created value for the company
• Why culture, curiosity, and initiative matter in cybersecurity careers
• Advice for students and early career professionals entering the field
• A few fun closing questions, including favorite snacks, movies, and shows

InfusionPoints Links:
https://infusionpoints.com/careers/InfusionPoints-Internship
Tanner Bailey, Senior Consultant: https://www.linkedin.com/in/tanner-b-37a50a132/
Rachael Smith, Consultant: https://www.linkedin.com/in/rachael-n-smith/
Aidan Fratcher, Consultant: https://www.linkedin.com/in/aidanfratcher/

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

FedRAMP 20x Public Notices: What CSPs and Assessors Need to Know

Tue, 10 Mar 2026 15:00:00 -0400

FedRAMP modernization is moving quickly, and one of the newest developments is the introduction of FedRAMP Public Notices. In this episode of Behind the Shield, the team explains what these notices are, why the FedRAMP PMO created them, and what they reveal about the future direction of FedRAMP 20x.

Public Notices serve as a formal communication channel that provides transparency and a chronological record of key program updates. Instead of relying on blogs or scattered announcements, the FedRAMP Public Notices page offers a centralized place where industry stakeholders can track developments, including outcomes from Requests for Comment (RFCs), operational updates, and emergency directives.

During the conversation, the team walks through the first seven FedRAMP Public Notices and discusses what they mean for Cloud Service Providers (CSPs), assessors, and advisors navigating the evolving FedRAMP ecosystem. They highlight outcomes from recent RFCs, including updates to authorization terminology, changes to the FedRAMP Marketplace, and how the program is responding to industry feedback.

The episode also explores operational updates such as quarterly security inbox testing requirements and the role of emergency directives that may require CSPs to respond quickly to vulnerabilities.

The conversation also touches on the broader FedRAMP 20x modernization effort, including the push toward automation, machine-readable evidence, and reducing barriers to entry for cloud providers supporting federal customers.

Chapters:
00:08 Understanding FedRAMP Notices and Their Importance
03:09 Navigating FedRAMP Notices
05:55 Understanding Security Assessments
08:12 Changes in Authorization Designations
10:59 Marketplace Updates and CSP Pathways
13:50 Emergency Directives and Testing Procedures
17:24 Leveraging External Frameworks for Certification
28:35 Conclusion and Future Outlook
30:09 Update: RFC-0023 Notice added
34:14 Alternate Intro Outtake

What You’ll Learn:

• What FedRAMP Public Notices are and why the FedRAMP PMO introduced them
• Key updates and initial outcomes from RFC 19, RFC 20, RFC 21, and RFC 22
• The shift toward FedRAMP Certified designations and new class-based certification levels (A–D)
• New security inbox monitoring and quarterly testing expectations for Cloud Service Providers (CSPs)
• How FedRAMP may begin leveraging external frameworks like SOC 2 Type II
• What these changes signal about the future direction of FedRAMP 20x and cloud authorization modernization

Links to visit:
https://www.fedramp.gov/notices/

InfusionPoints Links:

Jason Shropshire, COO- https://www.linkedin.com/in/shrop/
Mike Strohecker, VP of Engineering and Operations: https://www.linkedin.com/in/michael-strohecker-238326172/
Tanner Bailey, Senior Consultant/FedRAMP 20x Lead: https://www.linkedin.com/in/tanner-b-37a50a132/

https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

Winning Government Work Without the Overwhelm with Nick Bernardo

Tue, 03 Mar 2026 14:00:00 -0500

Government contracting can feel overwhelming, with complex regulations, countless tools, and uncertainty about where to begin. In this episode of Behind the Shield, host Felisha Daemer is joined by Jeff Bivens of InfusionPoints and Nick Bernardo, President of MyGovWatch.com, to explore how businesses can enter and succeed in the government marketplace without overcomplicating the process.

Nick shares how MyGovWatch bridges the gap between low-cost but ineffective lead tools and expensive enterprise platforms, helping organizations identify the right opportunities without unnecessary complexity. The conversation covers how contracting works across federal, state, and local levels, how to build sustainable pipelines, and why reverse engineering your business development strategy is key.

They also discuss the real value of AI in opportunity matching, how subcontracting opens doors for new entrants, and common myths that hold companies back. Whether contracts are your primary focus or a supplemental revenue stream, this episode offers practical guidance to help you pursue opportunities strategically and confidently.

Chapters:
[0:00] Introduction and Guest Introduction
[0:26] How We Met and Introduction to MyGovWatch
[1:42] The Goldilocks Analogy and Target Users
[3:42] Comparison with Competitors and Bid Notification
[6:08] Customer Success Story
[7:44] Advice for Contractors
[10:12] GovWatch Coverage and AI Utilization
[16:16] Government Contracting Lifecycle
[20:08] Subcontracting Opportunities
[25:11] Common Myths in Government Contracting
[28:54] Fun Questions and Closing Remarks

What You’ll Learn:

• How to identify the right government opportunities without expensive enterprise tools
• Why reverse engineering your BD strategy saves time and resources
• The difference between federal, state, and local contracting pipelines
• When subcontracting is a smarter entry point than prime contracting
• How AI and smart data curation improve opportunity matching
• Common government contracting myths and what is actually true
• Ways to build relationships and position your company before an RFP is released
• How open records requests can reveal teaming and subcontracting opportunities
• Practical advice for companies adding government work as a supplemental revenue stream

Book Recommendations:
The Millionaire Next Door - Thomas J. Stanley, Ph.D. and William D. Danko, Ph.D.
The First 90 Days - Michael D. Watkins
The Grit Factor: Courage, Resilience, and Leadership in the Most Male-Dominated Organization in the World - Shannon Huffman Polson
Lean In: Women, Work, and the Will to Lead - Sheryl Sandberg

Guest Links:
Nick Bernardo: https://www.linkedin.com/in/nickthegovconguy/
https://www.mygovwatch.com/

InfusionPoints Links:
Felisha Daemer: https://www.linkedin.com/in/felisha-daemer/
Jeff Bivens: https://www.linkedin.com/in/jeffbivens/
https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

Protecting Community Colleges from Cyber Threats with Michael Wingler, CIO- Wilkes Community College

Tue, 24 Feb 2026 15:00:00 -0500

In this episode of Behind the Shield, Chad Spears (Director of Security Operations at InfusionPoints) sits down with Michael Wingler, VP of IT & Operations / CIO at Wilkes Community College, to talk about a reality more schools are facing: community colleges are targets now.

Michael shares what’s changed in the threat landscape, why attacks love nights, weekends, and holidays, and how limited budgets and staffing make higher-ed security uniquely challenging. They dig into real-world lessons learned from close calls, vendor/partner risk, and why you can’t rely on “8–5 security” when threat actors work 24/7.

You’ll also hear what’s working: building a strategic IT program that earns a seat at the leadership table, leveraging security awareness training (including measurable phishing-rate improvements), and partnering locally for 24/7 monitoring and response.

If you work in higher ed, SLED, or IT/security leadership, this one hits home.

🔔 Subscribe for more conversations on cybersecurity, leadership, and real-world security operations.

Links / resources

InfusionPoints: www.InfusionPoints.com

Wilkes Community College: www.WilkesCC.edu

#Cybersecurity #HigherEd #HigherEdIT #SLED #ITLeadership #SecurityAwareness #Phishing #SOC #MDR #BehindTheShield #InfusionPoints #WilkesCommunityCollege

Inside InfusionPoints Development: Command Center, FedRAMP 20x & Hackathon Builds

Tue, 17 Feb 2026 17:00:00 -0500

Go Behind the Shield with a special 3-segment episode, hosted by Jason Shropshire, featuring members of the InfusionPoints engineering team as they break down what they’re building, how they’re building it, and the lessons learned along the way. Recorded after hours during Hackathon week, this one’s a little less buttoned-up in the best way. Expect real talk, real lessons, and a few laughs as the engineers unwind.

Segment 1: Meet Chris Eaves and Gavin Blankenship from R&D as they share how they found InfusionPoints, what it’s like building in a “jack-of-all-trades” environment, and how Command Center became a purpose-built, opinionated GRC platform designed to make complex compliance (FedRAMP, DoD, and more)- manageable without relying on someone else’s roadmap.
They also talk roadmap highlights like automated user onboarding, incident response tracking, and a behind-the-scenes look at building a deployment pipeline to scale Command Center across environments.

Segment 2: Kay and Mike Strohecker join to talk life on the dev team, what Kay’s working on now (vulnerability + asset management), and what it’s like ramping up in the world of acronym soup—especially in the era of FedRAMP 20x. Plus: Hackathon reality check (no sleeping bags required).

Segment 3: Caleb Brinkley (backend) and Matthew Melang (frontend) share what they focus on day-to-day in Command Center, how cross-functional hackathon teams spark better ideas, and how automation (including tools like Power Automate + Teams workflows) can eliminate repetitive work across the business.

And yes… there’s a legendary story about AWS Bedrock, throttling, and an accidental “stress test” you don’t want to recreate.

🎧 Topics covered:

Command Center as a “one pane of glass” for compliance + security operations

FedRAMP 20x and the growing importance of KSIs

Continuous monitoring automation + customer feedback loops

Infrastructure + serverless architecture (Python, AWS services, Terraform)

Hackathon builds: onboarding automation, back-office workflows, and more

Lightning round essentials: dark mode, tabs vs spaces, and dev playlists

👍 Like, subscribe, and follow along for more real-world engineering + security conversations from the InfusionPoints team.

#BehindTheShield #InfusionPoints #Cybersecurity #Engineering #FedRAMP #FedRAMP20x #GRC #CloudSecurity #DevOps #AWS

Selling in AWS Marketplace Without Guessing: Analytics, Private Offers, and Co-Sell with Trés Vance

Tue, 10 Feb 2026 11:00:00 -0500

What happens when you treat AWS Marketplace like real commerce, not a static listing page?

In this episode of Behind the Shield, Gary Daemer and Jason Shropshire sit down in North Wilkesboro with Trés “Trey” Vance, Executive Chairman of CloudSmart, to talk about the business mechanics behind modern cloud go-to-market: marketplace analytics, private offers, channel partner private offers, and why co-sell is the difference between “we built something” and “we built a business.”

Trey shares the origin story behind CloudSmart (starting with AMIs and “steak dinner money”), why marketplace reporting has historically been harder than it should be, and how CloudSmart Insights helps sellers understand who’s buying, why they’re buying, and what’s actually working. The conversation also dives into newer marketplace realities, including multi-product solutions and bundles, marketplace APIs, CRM integrations (Salesforce and HubSpot), and the coming wave of AI listings that may force everyone to rely on smarter search and better data.

You’ll also hear how InfusionPoints and Trey first connected through the early ATO on AWS days, why focus versus “we do every cloud” matters, and how rural North Carolina tech teams can absolutely compete with the biggest hubs without inheriting the traffic.

Topics covered:

Marketplace intelligence: payouts, customers, intent, trends

Public offers vs. private offers and why 95%+ of transactions are private offers

Co-sell vs. go-to-market and why it changes customer acquisition cost

Marketplace APIs and CRM connectors to eliminate swivel chair operations

Multi-product solutions: bundling software, services, and security tools

Usage-based pricing and making buying frictionless

Building tech talent pipelines in rural communities

🎧 Watch and listen to the full episode and drop your questions in the comments.

FedRAMP 20x: From 12–18 Months to Weeks? Reality Check with Andrea Livero-Scott

Tue, 03 Feb 2026 16:00:00 -0500

In this episode of Behind the Shield, host Gary Daemer sits down with Andrea Livero-Scott, Director for Cybersecurity at Kratos Defense & Security Solutions, to unpack what is changing across FedRAMP and why the shift to FedRAMP 20x is more than a process update.

We cover:

The biggest FedRAMP pain points from the last 4–5 years (timelines, reviewer interpretation, package churn)

The real differences between civilian and DoD authorization paths

FedRAMP 20x: automation readiness, KSIs, and what “faster” really requires

Machine-readable evidence and the questions agencies and assessors still need answered

The sponsorless pathway and what it could unlock for commercial providers

Where AI fits, including why agentic AI starts to look like an insider threat

Subscribe for more conversations on compliance, cloud security, automation, and what it takes to build, manage, and defend in regulated environments.

www.InfusionPoints.com

FedRAMP 20x Phase 2: Building Trust, Transparency, and ATO Monitoring at Scale

Tue, 27 Jan 2026 15:00:00 -0500

FedRAMP 20x is moving fast and in this episode of Behind the Shield, host Gary Daemer and co-host Chad Spears break down what it actually looks like to go from Phase 1 pilot to Phase 2 production-ready thinking.
We cover the real shift happening right now from “is the thing there?” to “is the control effective?” plus how KSIs, continuous and persistent validation, and machine-readable evidence are changing the game for CSPs, 3PAOs, and agencies.
In this episode, we discuss:
What FedRAMP 20x Phase 2 changes and why it feels like crawl, walk, run
How trust is built by showing how evidence is pulled, not just what it is
Why continuous and persistent checking matters and how it prevents configuration drift
Machine-readable evidence, faster audits, and faster time to market
Transparency through Trust Centers and public-facing security status
What CSPs should do next including cloud-native readiness and API integration
The evolving role of 3PAOs and verifying automated compliance
How a Build | Manage | Defend mindset supports the future of FedRAMP
If you are navigating FedRAMP, modern compliance automation, or want a clearer picture of where 20x is headed, this episode is for you.
Links and Resources
Learn more about InfusionPoints: www.InfusionPoints.com
FedRAMP 20x resources: https://www.fedramp.gov
Contact us: https://app.hatchbuck.com/OnlineForm/53273431050

#FedRAMP #FedRAMP20x #ComplianceAutomation #ContinuousMonitoring #CloudSecurity #GRC #ATO #3PAO #GovCloud

Inside our Cyber and Cloud Talent Pipeline - Part 1

Tue, 20 Jan 2026 16:00:00 -0500

Building talent is part of building secure systems.
In Episode 1 of our 3-part Internship Series, host Felisha Daemer sits down with Tanner Bailey (former InfusionPoints intern turned Internship Coordinator) to unpack how we develop the next generation of cybersecurity and cloud professionals through a rotational program across Advisory, Cloud Ops/Engineering, and a 24x7 SOC.
If you are not looking for an internship, this episode is still for you. You will hear:
How we scale delivery without sacrificing quality or customer outcomes
Why fresh eyes and repeatable processes improve security and operations
What it takes to cross-train teams in a real-world cloud security services org
How we assess “Hungry, Humble, Smart” and why that matters in high-trust environments
Lessons learned from turning interns into contributors who ship meaningful work
You will also learn:
How the rotational program is structured and what interns do day to day
The certification and training paths we support (AWS Cloud Practitioner, Solutions Architect, Security Ops)
How evaluations work and what the path to full-time can look like
Interested in applying or sharing with someone who should?
Website: InfusionPoints.com/careers (internships link at the bottom)
Email: internships@infusionpoints.com
Meet us in person:
App State Career Fair: January 28, 2026
App State Cyber Summit: April 9 to 10, 2026 (booth + sponsoring the social hour)
Subscribe for Part 2 and Part 3, where we hear directly from past interns about what they built, learned, and how they leveled up.
#CloudSecurity #Cybersecurity #SOC #AWS #GovCloud #FedRAMP20X #Leadership #TalentDevelopment #BehindTheShield #InfusionPoints

From Tokens to Passwordless: RSA CISO, Rob Hughes, On FedRAMP REV 5 and AI Risk

Wed, 14 Jan 2026 16:00:00 -0500

In this episode, hosts Mike Strohecker and Jason Shropshire sit down with Rob Hughes, CISO of RSA, for a deep dive into identity security, FedRAMP Rev 5, and emerging AI risk.

Rob shares his journey into the CISO role and how RSA has evolved from its early days of hardware tokens into a modern, cloud focused identity provider. The conversation covers real world lessons from RSA’s FedRAMP authorization experience, including navigating the JAB process, operating during the shift to remote work, and balancing compliance requirements with meaningful security outcomes.

The group also explores what FedRAMP Rev 5 changes actually mean for identity, phishing resistant authentication, and passwordless approaches, as well as how FedRAMP is moving toward more outcome driven security models. Rob offers candid insight into how these changes affect both federal and commercial environments.

The discussion wraps with a practical look at AI risk, including data leakage, shadow AI usage, and why identity and zero trust principles are becoming even more critical as AI tools become part of everyday workflows. A lightning round at the end adds a lighter close to the conversation.

Topics covered include:

Rob Hughes’ path to CISO and RSA’s identity evolution

FedRAMP Rev 5 and phishing resistant authentication

Lessons learned from the FedRAMP JAB process

Identity as the modern security perimeter

AI risk, data exposure, and shadow AI concerns

Lightning round questions

Subscribe for more conversations on cloud security, compliance, and the people behind the programs shaping federal and enterprise cybersecurity.

#FedRAMP #CloudSecurity #FedRAMPRev5 #identitysecurity

“Wild West FedRAMP” to 20x: Lessons Learned with Sam Aydlette

Tue, 06 Jan 2026 16:00:00 -0500

Behind the Shield- Episode 14

In this episode of Behind the Shield, host Jason Shropshire is joined by guest host Jason Redding (InfusionPoints Advisory) and special guest Sam Aydlette, a longtime FedRAMP leader who’s seen the program from nearly every seat: government, industry, and consulting.

Sam takes us back to the early “Wild West” days of FedRAMP, why cloud changed everything about traditional FISMA thinking, and what today’s shift toward transparency and measurable secure outcomes means for agencies and CSPs. We dig into why not every system needs to be Moderate, how tailoring should work in practice, and where standards like SBOM and OSCAL can help (and why adoption is complicated).

We also touch on the DoD side of the house, the challenge of scaling compliance and security across large enterprises, and why check-the-box compliance doesn’t build trust.
Topics we cover:
How FedRAMP evolved from early JAB days to today
Transparency, collaboration, and the move toward secure outcomes
Control tailoring, mission assurance vs. trustworthiness
Inventory, SBOM, OSCAL, and what objective measurement should look like
What’s different (and still hard) about the DoD authorization landscape
Lightning round: drums, van-life YouTube, and favorite philosophers

👍 If you enjoyed this episode, like, subscribe, and drop your biggest FedRAMP 20x question in the comments.

*Sam Aydlette's views are his own and do not represent the views of any organization or employer.
Follow Sam on LinkedIn: https://www.linkedin.com/in/sa2/
Sam's Website: https://samaydlette.com/

Learn more about InfusionPoints:
LinkedIn: https://www.linkedin.com/company/infusionpoints/
Website: www.InfusionPoints.com

#FedRAMP #FedRAMP20x #Cybersecurity #Compliance #FISMA #CloudSecurity #ContinuousMonitoring #OSCAL #SBOM #InfusionPoints #BehindTheShield

From Screenshots to Signals with SK Bhachech: FedRAMP Automation and What Comes Next

Tue, 23 Dec 2025 13:00:00 -0500

In this episode of Behind the Shield, host Gary Daemer is joined by new co-host Ryan Adcock from the InfusionPoints Cloud Team and special guest SK Bhachech from Riverbed Technology for a candid conversation on what it really takes to navigate federal compliance when the goalposts move mid-flight.

Together, they unpack Riverbed’s authorization journey, why FedRAMP is often customer-driven rather than chosen, and what makes FedRAMP uniquely prescriptive. From implementing hundreds of controls to sustaining month-over-month operational rigor, SK shares lessons learned from building and maturing a security program inside a regulated environment.

The conversation also looks ahead to FedRAMP 20x, Key Security Indicators, and machine-readable evidence. The group explores how automation can reduce human error, lower costs, and shift audits away from screenshot collection toward continuous validation. They also discuss where AI may help, such as summarization and review support, and why human oversight remains critical in cybersecurity.

To close, the episode gets more personal with favorite books, shows, and a discussion on service, leadership, and giving back to the community.

Topics covered include:

Why companies are pulled into FedRAMP and why it is hard to walk away

What makes FedRAMP prescriptive and operationally demanding

Staying nimble when requirements change during authorization

FedRAMP 20x, KSIs, and continuous validation

Automation and AI as accelerators with humans still in the loop

One Pane, Zero Panic: Command Center on XBU40, FedRAMP 20x Phase 2 Moderate & ATO Monitoring

Tue, 16 Dec 2025 11:00:00 -0500

Disclaimer: This conversation includes a live demo of Command Center on XBU40. To see the dashboards, workflows, and visuals discussed, watch the full episode on YouTube: https://youtu.be/2db13PnF62s

In this episode of Behind the Shield, host Gary Daemer is joined by co-host Chad Spears (Director, Security Operations) and special guest Alex Earhart (Lead SecOps Engineer and 20x pilot engineer) for a live walkthrough of Command Center on XBU40.

We go hands-on with the platform and the tooling that helps teams operate, manage, and prove security across FedRAMP and DoD environments, while also showing what we are taking forward into our FedRAMP 20x Phase 2 Moderate approach.

In the demo, you will see how Command Center brings everything into one place, including:

Built-in ticketing designed for FedRAMP workflows, evidence collection, and KSI-aligned tracking (including significant change support)

Continuous monitoring and vulnerability management, including POA&M support and the shift to VDR (Vulnerability Detection & Response)

Alert management with integrations, automated ticket creation, and SOC metrics like mean time to respond and close

SSP management as a living system, structured as data (not a static document) with the ability to import existing SSPs and generate outputs

AuditShield for FedRAMP 20x, including automated KSI validations, machine-readable evidence, and the ability to run checks on a schedule or live

Trust Center views that publish scorecards and trends, plus secure sharing through the document repository

A look at ATO Monitoring, built around machine-readable outputs to help agencies and teams track security posture across multiple ATOs in a single view

If you are navigating FedRAMP Rev 5, exploring 20x, supporting DoD IL workloads, or just tired of chasing screenshots, this one is for you.

Explore the Trust Center: XB40.com

From the Assessment Side: FedRAMP 20X, Automation & Continuous Validation with Christian Baer

Tue, 09 Dec 2025 11:00:00 -0500

Behind the Shield- Episode 11
What does FedRAMP look like from the assessor’s seat?
In this episode of Behind the Shield, host Gary Daemer sits down with Christian Baer, Technical Fellow at Schellman, to unpack what FedRAMP 20X really means from the inside of the assessment process.
Christian shares first-hand insight into:
• How automation is reshaping federal security assessments
• The shift from point-in-time audits to continuous validation
• Why KSIs and real-time visibility matter more than endless screenshots
• The balance between risk, context, and compliance in modern cloud environments
• What CSPs should expect as FedRAMP, Rev 5, and 20X continue to evolve
From exceptions and vulnerability prioritization to red-yellow-green security posture views, this conversation explores how assessors, CSPs, and agencies can move faster without sacrificing security.
If you work in federal cloud, compliance, cybersecurity, or GRC, this is an episode you don’t want to miss.
🔐 Learn how InfusionPoints is helping CSPs prepare for FedRAMP 20X with automation, transparency, and continuous assurance.
👉 Subscribe for more real-world compliance and cybersecurity conversations.
👉 Visit InfusionPoints.com to learn more.
#FedRAMP #FedRAMP20X #Cybersecurity #GRC #CloudSecurity #ContinuousMonitoring #FederalCompliance #KSIs #ATO #CyberRisk #BehindTheShield

Meet Mike Strohecker: Turning Real-World Experience into Cloud Ops Success

Tue, 02 Dec 2025 16:00:00 -0500

Behind the Shield- Episode 10

In this introductory episode of Behind the Shield, host Jason Shropshire sits down with Mike Strohecker, Director of Cloud Operations at InfusionPoints, to highlight Mike’s professional journey, leadership role, and perspective on the future of cloud security and FedRAMP 20x.

As part of our series, we periodically introduce members of InfusionPoints’ leadership team, many of whom will also appear as hosts in future episodes. These leadership spotlights allow our audience to get to know the people shaping our mission and guiding our work between our guest-focused interviews.

In this episode, Mike discusses how he:

Transitioned from a 14-year law enforcement career in Maryland to earning a cybersecurity degree and starting a new chapter in North Carolina

Entered the world of digital forensics and chain-of-custody processes through crash reconstruction and vehicle data analysis

Joined InfusionPoints through a timely LinkedIn connection and a CEO willing to support a career pivot

Grew from advisory work into leading Cloud Operations, overseeing complex customer environments and advancing how we secure cloud solutions

Views FedRAMP 20x, VADER, and the shift from traditional control documentation to Key Security Indicators (KSIs) and real security outcomes

Advises aspiring cybersecurity professionals on the value of cloud expertise, certifications, and embracing AI

This episode also offers a personal look at Mike, including:

Life as a father of three

His passion for tinkering and hands-on projects

A recent family trip to Dollywood

Why Abraham Lincoln would be his ideal historical dinner guest

For those interested in career transitions into cybersecurity, cloud operations, or the evolution of FedRAMP 20x and vulnerability management, this conversation provides meaningful insight and perspective.

Small SaaS to ATO: Teo Balbach on Government Compliance for Small Businesses

Tue, 25 Nov 2025 13:00:00 -0500

Behind the Shield- Episode 9

Getting a government Authority to Operate (ATO) can feel impossible for small businesses- but it doesn’t have to be.

In this episode of Behind the Shield, CoachMePlus CEO Teo Balbach shares how a five-person sports technology startup turned its athlete-management platform into a DoD-authorized SaaS used by Army and Air Force programs. Joined by InfusionPoints’ Jackson Gorman and Gary Daemer, Teo explains what it really takes to move from “commercial-ready” to cyber-compliant in government environments.

What you’ll learn:

How CoachMePlus built trust and sponsorship inside DoD programs

The value of early gap assessments and knowing your system boundary

Surviving documentation and continuous monitoring without derailing your roadmap

Translating strong cybersecurity into audit-ready evidence

How partnerships accelerate ATOs for small SaaS teams

Real lessons on cost, timing, and scaling across Army, Navy, and Air Force

Who should watch:
Founders, CTOs, engineers, and compliance leaders at small SaaS or tech companies hoping to serve the federal or defense market—without losing focus on innovation and delivery.

Keywords: small business cybersecurity, DoD ATO, Authority to Operate, DISA provisional authorization, FedRAMP 20x, SBIR grants, SaaS compliance, AWS GovCloud, continuous monitoring, audit readiness, government software, CoachMePlus, InfusionPoints

Featuring:
🎙️ Teo Balbach, CEO of CoachMePlus
🎙️ Jackson Gorman, Advisory Consultant, InfusionPoints
🎙️ Gary Daemer, CEO, InfusionPoints

From Intern to VP: Felisha Daemer on Building Culture and Leading Public Sector Growth

Tue, 18 Nov 2025 08:00:00 -0500

Behind the Shield- Episode 9

In this episode of Behind the Shield, host Gary Daemer, CEO of InfusionPoints, sits down with Felisha Daemer, VP of Public Sector and one of the driving forces behind the company’s culture and growth.

Felisha shares her personal journey from college intern to executive leadership — and how being “humble, hungry, and smart” became the foundation of InfusionPoints’ hiring philosophy and team success. Together, Gary and Felisha reflect on what it means to stay scrappy and authentic in the cybersecurity world, how InfusionPoints built its culture of grit and continuous learning, and what makes their internship program a true pipeline for future leaders.

They also discuss current trends in federal cybersecurity and FedRAMP 20x, from “doing it live” compliance to solving agencies’ “hair-on-fire” problems through automation and trust-center visibility.

🎧 Topics Covered:

Felisha’s journey from intern to VP of Public Sector

The father–daughter dynamic in leadership

The “Ideal Team Player” philosophy: humble, hungry, and smart

InfusionPoints’ internship pipeline and culture of growth

What “scrappy” means in cybersecurity and compliance

How FedRAMP 20x and automation are reshaping public sector security

➡️ Subscribe for more Behind the Shield episodes featuring stories, strategies, and insights from the people building, managing, and defending secure cloud environments.

Automation, Trust, and the Next Era of Compliance with Tim Sandage (AWS)

Tue, 11 Nov 2025 10:00:00 -0500

Behind the Shield- Episode 7

In this episode of Behind the Shield, we’re joined by Tim Sandage, Head of AWS Global Security & Compliance Acceleration, to explore how automation, AI, and platform-driven design are reshaping the future of cloud compliance.

Tim sits down with Gary Daemer and Jason Shropshire of InfusionPoints to discuss the evolution from static audits to continuous validation—and what it really takes to build trust in an automated world.

🔹 How FedRAMP 20x is changing the path to authorization
🔹 Why “Security by Design” remains essential in the AI era
🔹 Continuous audit vs. annual audit panic
🔹 Platform-driven compliance and opinionated architectures
🔹 Balancing automation with human oversight and trust

If you’re navigating FedRAMP, CMMC, or enterprise-grade security frameworks, this episode highlights the real-world strategies AWS and InfusionPoints use to accelerate compliance without compromising assurance.

🎧 Listen now to see how automation and AI are transforming the next era of security and compliance.

#BehindTheShield #FedRAMP20x #AWS #CloudSecurity #ContinuousCompliance #Automation #AI #Cybersecurity #InfusionPoints #SecurityByDesign

Leverage Compliance Pipelines to Bust Down Walls

Tue, 04 Nov 2025 09:00:00 -0500

Behind the Shield- Episode 6

In this episode of Behind the Shield, Jason Shropshire and Gary Daemer connect history, innovation, and compliance. What can the fall of Constantinople teach us about modern cybersecurity and FedRAMP 20x?

They explore why traditional “walls and moats” thinking no longer works in today’s cloud world, how compliance pipelines are changing the game, and why automation—not screenshots—is the future of assurance.

You’ll hear how InfusionPoints’ platforms like XBU40, XccelerATOr, and AuditShield are helping customers move from static audits to continuous validation—and how FedRAMP 20x is leading that transformation.

Topics include:

What “walls and moats” have to do with compliance

Why continuous validation beats point-in-time audits

The rise of compliance pipelines under FedRAMP 20x

Platform vs. GRC approaches in federal cybersecurity

Hosted by: Jason Shropshire & Gary Daemer
🎧 Subscribe for more Behind the Shield episodes on FedRAMP 20x, cloud security, and compliance innovation.

Click here to read the blogs:
https://infusionpoints.com/blogs/rethinking-walls-and-moats-cybersecurity-and-compliance
https://infusionpoints.com/blogs/opinionated-design-why-platform-plus-grc-wins-fedramp20x

#fedramp20x #compliance #grc

From SaaS to FedRAMP 20x: Meet Jeff Bivens, VP of Customer Success

Tue, 28 Oct 2025 11:00:00 -0400

Behind the Shield- Episode 5

Meet our new VP of Customer Success, Jeff Bivens. Jeff shares his path from late-90s client-server to SaaS, through a Dell acquisition and multiple ATOs, to why he joined InfusionPoints now. We dig into how strong program management turns compliance into momentum, how FedRAMP 20x can lower barriers without lowering security, and why “customer success” in public sector means repeatable outcomes, faster audits, and durable trust. We also touch on AI’s role in detection and operations, evergreen company values, and what changes when a services firm becomes a true cloud service provider.

What you’ll learn:

How SaaS delivery, faster releases, and customer feedback loops shaped Jeff’s approach

Lessons from taking platforms through Low and Moderate ATOs with speed and cost control

Why FedRAMP 20x matters for automation, machine-readable controls, and audit reuse

The program management skills that keep complex portfolios on track

How Customer Success aligns security outcomes, business value, and long-term relationships

Highlights

From support queues to SaaS startup life in Austin

Dell and the pivot to cloud offerings

Two ATOs in two years and what changed

Using compliance to improve engineering hygiene and costs

Evergreen culture, coaching, and building teams that last

Subscribe for more Behind the Shield conversations on building, managing, and defending in the federal cloud.

Abolish Screenshots and Ship Security: FedRAMP 20x with Ethan Troy

Tue, 21 Oct 2025 11:00:00 -0400

Behind the Shield- Episode 4:
FedRAMP 20x, KSIs, and the End of Screenshots (with Fortreum’s Ethan Troy & InfusionPoints’ Tanner Bailey)

In this episode we explore how FedRAMP 20x is changing audits. Instead of relying on screenshots, auditors now focus on scripts, APIs, and code logic. Host Gary Daemer sits down with InfusionPoints’ Tanner Bailey and Fortreum’s Ethan Troy to talk about KSIs, Trust Centers, and the skills auditors need for the future.

What you’ll learn:

Why screenshots are being replaced with automated, repeatable checks

How KSIs and themes make audits clearer and faster

Trust Centers built on JSON and Markdown instead of PDFs

Why auditors must understand Python, Linux, networking, and infrastructure as code

How InfusionPoints is building AuditShield and Command Center to support FedRAMP 20x

Host:
Gary Daemer – CEO and Founder of InfusionPoints
Guests:
Ethan Troy – Assessor at Fortreum, focused on technical audits and code review
Tanner Bailey – Advisory team lead at InfusionPoints and coordinator for the 20x project

Subscribe for more conversations on FedRAMP, audit automation, and the future of cloud security.

#FedRAMP #FedRAMP20x #AuditAutomation #CloudSecurity #InfusionPoints #Fortreum

Introducing Chad Spears & A Deep Dive into FedRAMP 20x

Tue, 14 Oct 2025 09:00:00 -0400

Behind the Shield - Episode 3:
Meet one of our hosts, Chad Spears (Director of Security Operations at InfusionPoints), as he sits down with Gary Daemer to talk about the journey from hands-on IT to leading a modern SOC, the power of automation, and how FedRAMP 20x is reshaping audits, evidence, and continuous monitoring.

What you’ll learn

How a major ransomware event shaped Chad’s approach to defense and incident response

Why we split Security Operations and Security Engineering to scale outcomes

The origin of AuditShield and what “automated evidence collection” looks like in practice

The core goals of FedRAMP 20x: automation, inheritance, continuous monitoring, trust, and faster innovation

Phase 1 lessons and our path into Phase 2 (Moderate), including KSI validation, self-healing remediations, and significant change notifications

How Command Center, Trust Center, and VDR (“Vader”) tie into faster ATOs and better agency confidence

Subscribe for more conversations on FedRAMP, automation, and security engineering.
Watch, comment, and tell us what you want covered next.

From Rev4 to FedRAMP 20x: Faster ATOs & AI — with Said Syed (Snyk)

Tue, 07 Oct 2025 13:00:00 -0400

Behind the Shield – Episode 2:
In our first episode featuring a guest, hosts Jason Shropshire and Jason Redding sit down with a public-sector security leader, Said Syed, CISO Snyk for Government, to unpack the real story behind FedRAMP—from the messy early days and the shared-responsibility model, to today’s accelerated authorizations and the 20x roadmap. We cover hard-won lessons, how process (not just tech) slows teams down, what RC-12 means for vulnerability reality checks, and where AI, KSIs, and agency expectations are heading next.

What you’ll learn:

How early cloud providers navigated FedRAMP before inheritable controls were common

Why the process—and acceptance criteria—trips up most teams more than technology

The shift from Rev4 → Rev5 and how to plan upgrades without derailing product roadmaps

20x Phase 1 outcomes, the move to Moderate (Phase 2), and what faster ATOs mean for SaaS

RC-12, “reachable ≠ accessible,” and pushing back on non-applicable vulns with evidence

Practical ways to use opinionated architectures, automation, and live evidence collection

Sensible guardrails for AI features in regulated environments

Mentioned:

Snyk Government: security in modern DevSecOps pipelines

InfusionPoints XBU40 + Command Center + AuditShield: “audit-ready, always-on” compliance

FedRAMP Day at GSA and growing marketplace velocity

Subscribe for new episodes on FedRAMP 20x, ATO strategy, and real-world build/manage/defend tactics coming out every Tuesday.

Have a FedRAMP question? Drop it in the comments or reach out to InfusionPoints.

#fedramp #fedramp20x #govcloud #ATO #GRC #cybersecurity #devsecops #snyk #infusionpoints

Links:
• Learn more about InfusionPoints: https://infusionpoints.com/
• Learn more about Snyk: https://snyk.io/
• Connect with us on LinkedIn: https://www.linkedin.com/company/infusionpoints

The Origins of InfusionPoints & the Future of FedRAMP

Tue, 30 Sep 2025 12:00:00 -0400

Behind the Shield- Episode 1:
In the premiere episode of Behind the Shield, hosts Gary Daemer (CEO of InfusionPoints) and Jason Shropshire (COO) share the story of InfusionPoints’ journey from its early federal and commercial projects to becoming a leader in cloud compliance and security engineering. They discuss how the rise of FedRAMP in 2012 pushed the team to pioneer automation, compliance-as-code, and platform engineering long before it became industry standard.
Listeners will hear candid stories about the “hardware days” of building compliant systems, the painful lessons learned from InfusionPoints’ first customers, and how those experiences fueled the creation of the XccelerATOr platform—a solution that helps SaaS providers accelerate their ATO journey. The conversation also dives into the evolution of platform engineering, opinionated architectures, and the Command Center, InfusionPoints’ “crown jewel” for managing compliance, risk, vulnerabilities, and evidence in a single pane of glass.
This episode sets the stage for the Behind the Shield series: authentic conversations about the challenges, innovations, and future of federal cloud security and compliance—with insights drawn from real-world engineering, not just theory.