“Wild West FedRAMP” to 20x: Lessons Learned with Sam Aydlette

Behind the Shield- Episode 14

In this episode of Behind the Shield, host Jason Shropshire is joined by guest host Jason Redding (InfusionPoints Advisory) and special guest Sam Aydlette, a longtime FedRAMP leader who’s seen the program from nearly every seat: government, industry, and consulting.

Sam takes us back to the early “Wild West” days of FedRAMP, why cloud changed everything about traditional FISMA thinking, and what today’s shift toward transparency and measurable secure outcomes means for agencies and CSPs. We dig into why not every system needs to be Moderate, how tailoring should work in practice, and where standards like SBOM and OSCAL can help (and why adoption is complicated).

We also touch on the DoD side of the house, the challenge of scaling compliance and security across large enterprises, and why check-the-box compliance doesn’t build trust.
Topics we cover:
How FedRAMP evolved from early JAB days to today
Transparency, collaboration, and the move toward secure outcomes
Control tailoring, mission assurance vs. trustworthiness
Inventory, SBOM, OSCAL, and what objective measurement should look like
What’s different (and still hard) about the DoD authorization landscape
Lightning round: drums, van-life YouTube, and favorite philosophers

👍 If you enjoyed this episode, like, subscribe, and drop your biggest FedRAMP 20x question in the comments.

*Sam Aydlette's views are his own and do not represent the views of any organization or employer.
Follow Sam on LinkedIn:   / sa2  
Sam's Website: https://samaydlette.com/

Learn more about InfusionPoints:
LinkedIn:   / infusionpoints  
Website: www.InfusionPoints.com


#FedRAMP #FedRAMP20x #Cybersecurity #Compliance #FISMA #CloudSecurity #ContinuousMonitoring #OSCAL #SBOM #InfusionPoints #BehindTheShield