Behind the Shield

Breaking Into Def Tech: The Top 5 Challenges Facing Modern Companies

The Defense Tech market is full of opportunity, but getting into the space is far from simple. In this episode of Behind the Shield, InfusionPoints COO Jason Shropshire and CEO Gary Daemer each share their perspectives on the top 5 challenges companies face when trying to break into the Defense Tech and Department of Defense market. The conversation highlights how technical, operational, and business challenges can look very different depending on where companies are in their federal journey. From navigating FedRAMP and the DoD Cloud Computing Security Requirements Guide (DoD CC SRG) to finding sponsorship, securing IL4/IL5 authorizations, and surviving long ATO timelines, this conversation offers a candid look at the operational, technical, and business realities of entering the federal and defense markets. The discussion also explores: • Why sponsorship is one of the biggest barriers to entry • The difference between FedRAMP and DoD authorization pathways • Challenges around IL4 and IL5 environments • The impact of RMF, DISA, BCAP, and eMASS processes • Why predictability and automation matter for modern compliance • Hardening requirements, STIGs, and securing cloud environments • The business realities of getting a second and third government customer • How FedRAMP 20x and automation could reshape the future of Defense Tech compliance Whether you're a startup trying to break into Defense Tech, a cloud service provider pursuing federal business, or an established company navigating DoD requirements, this episode provides practical insight from a team actively helping organizations operate in regulated federal environments. What You’ll Learn: • The biggest mistakes companies make entering Defense Tech • Why compliance alone does not guarantee success • The hidden complexity of IL4/IL5 authorizations • How authorization delays impact business growth • Where the Defense Tech market may be headed next Learn more about InfusionPoints: https://www.linkedin.com/company/infusionpoints/ Gary Daemer: https://www.linkedin.com/in/infusionpoints/ Jason Shropshire: https://www.linkedin.com/in/shrop/ Request a Demo: https://xbu40.com/ Blogs:  SWFT, cATO, 20x and the Rev. 4 Drag Still Inside DoW Cloud Authorization: https://infusionpoints.com/blogs/swft-cato-20x-and-rev-4-drag-still-inside-dow-cloud-authorization The Quiet Convergence: why DoD DevSecOps, SWFT, and FedRAMP 20x are Starting to Rhyme: https://infusionpoints.com/blogs/quiet-convergence-why-dod-devsecops-swft-and-fedramp-20x-are-starting-rhyme Subscribe for more conversations on FedRAMP, Defense Tech, cybersecurity, cloud compliance, and the future of continuous authorization. InfusionPoints & AWS: InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments. About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

Understanding Minimum Assessment Scope (MAS) in FedRAMP 20x

In this episode of Behind the Shield, InfusionPoints’ Chad Spears and Tanner Bailey break down one of the most important concepts shaping the future of FedRAMP 20x: the Minimum Assessment Scope (MAS). As organizations begin preparing for the transition toward continuous validation and automated security evidence, understanding what actually belongs in scope has become critical. Chad and Tanner unpack how MAS is designed to help organizations focus on the systems, resources, and validations that truly matter to the security of the environment instead of wasting time, engineering effort, and budget on unnecessary complexity. The conversation explores how FedRAMP 20x is pushing organizations toward a more operational, automation-first mindset. Rather than treating compliance as a one-time documentation exercise, the discussion highlights how continuous validation, reusable checks, and machine-readable evidence are changing the way cloud providers approach authorization readiness. Throughout the episode, the team connects the technical realities of Minimum Assessment Scope back to real business outcomes. From reducing engineering overhead and controlling costs to accelerating authorization timelines and improving operational maintainability, MAS is positioned as a foundational starting point for organizations pursuing a modernized FedRAMP strategy. Whether you’re a security engineer, cloud architect, compliance lead, executive stakeholder, or CSP trying to understand what FedRAMP modernization actually means in practice, this episode provides practical insight into where the ecosystem is heading and how to prepare. Chapters: Introduction and Overview - 0:08 Understanding MAS (Minimum Assessment Scope) - 0:56 Importance of MAS in FedRAMP 20X - 4:52 Defining the Scope and Its Impact - 7:29 Challenges and Considerations - 11:33 Business Impact of MAS - 26:46 Conclusion and Resources - 28:21 What You’ll Learn: • What Minimum Assessment Scope (MAS) actually means in FedRAMP 20x • How MAS can reduce complexity, cost, and engineering effort • Why continuous validation changes the way compliance is approached • How reusable KSI validation checks improve operational efficiency • Why automation and machine-readable evidence are central to FedRAMP modernization • The connection between MAS, speed-to-authorization, and long-term maintainability • Updates on Consolidated Rules 2026 (CR2026) and evolving FedRAMP terminology • What organizations should be doing now to prepare for the future of FedRAMP InfusionPoints Links: FedRAMP 20x Quick Look Assessment: https://xbu40.com/assessment https://infusionpoints.com/ LinkedIn: https://www.linkedin.com/company/infusionpoints/ Chad Spears: https://www.linkedin.com/in/chad-spears007/ Tanner Bailey: https://www.linkedin.com/in/tanner-b-37a50a132/ InfusionPoints & AWS: InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments. About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

From Acceleration to ATO: Navigating Defense Tech, Divestitures, and the Future of FedRAMP

In this episode of Behind the Shield, we sit down with Phil Hickson alongside InfusionPoints’ Jackson Gorman and Jason Shropshire for a deep dive into the evolving world of Defense Tech and federal compliance. Phil shares a behind-the-scenes look at navigating a complex FedRAMP ATO journey during a major divestiture, including standing up a new authorization boundary while maintaining compliance and customer continuity. The conversation explores the challenges of scaling secure cloud services across federal and DoD environments, from BCAP connections and IL4/IL5 considerations to managing risk at scale. We also unpack what modernization looks like today. With FedRAMP 20x gaining momentum, the group discusses how Defense Tech companies can balance legacy requirements with continuous validation and automated evidence. The result is a candid look at where compliance is headed and what it means for companies building for mission-critical environments. If you’re working in Defense Tech, selling into federal or DoD markets, or trying to make sense of where FedRAMP is going next, this episode offers practical insight from people actively navigating the shift. Chapters: 00:08 Introduction and Guest Welcome 00:31 Phil's Experience with CSPs 02:34 Divestiture and Omnissa's Origin 05:20 Challenges with FedRAMP and DOD 15:22 Navigating DOD Authorization 33:45 Modernization and 20X Discussion 49:18 Phil's Origin Story in Compliance 55:44 Lighthearted Questions and Wrap-up Guest Links:  Phil Hickson- https://www.linkedin.com/in/philhickson/ Omnissa- https://www.linkedin.com/company/omnissa/ Omnissa trust center | Cloud security & compliance- https://www.omnissa.com/trust-center/ Omnissa Products and Platform Services- https://www.omnissa.com/products/  https://www.omnissa.com/ About Omnissa:  Omnissa provides an industry-leading digital workspace platform of services that simplifies the delivery, management, and security of devices, apps, and services to employees and IT teams alike. Explore Omnissa - the digital work platform leader- https://www.omnissa.com/about-us/ InfusionPoints Links:  Jason Shropshire- https://www.linkedin.com/in/shrop/ Jackson Gorman- https://www.linkedin.com/in/jacksonagorman/ https://www.linkedin.com/company/infusionpoints/ https://infusionpoints.com/ https://xbu40.com/ FedRAMP 20x Quick Look Assessment for CSPs: https://xbu40.com/assessment 'SWFT, cATO, 20x and Rev 4 Drag Still Inside DoD Cloud Authorization' Blog: https://infusionpoints.com/blogs/swft-cato-20x-and-rev-4-drag-still-inside-dow-cloud-authorization InfusionPoints & AWS: InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments. About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

The Agentic SOC Shift: Smarter Security, Human-Led Decisions

What happens when your SOC doesn’t just respond to threats but actively thinks, prioritizes, and takes action? In this episode of Behind the Shield, we break down the rise of the Agentic SOC and what it means for the future of cybersecurity operations. As organizations face an overwhelming volume of alerts, evolving threats, and increasing pressure to move faster, traditional SOC models are being pushed to their limits. Enter agentic systems. These are AI-driven, decision-capable frameworks designed to augment or even transform how security teams operate. We explore how agentic capabilities are shifting the SOC from reactive monitoring to proactive, intelligent defense. From automated triage to adaptive response workflows, this conversation dives into the real-world impact of bringing autonomy into security operations and what teams need to consider before adopting it. Whether you're leading a SOC, building security architecture, or trying to understand how AI is reshaping cyber defense, this episode offers a grounded look at where things are headed and what it takes to get there. What You’ll Learn: • What an Agentic SOC actually is and how it differs from traditional SOC models • How AI agents can triage, prioritize, and respond to threats in real time • The role of human analysts in an increasingly autonomous environment • Key benefits and risks of adopting agentic security operations • How organizations can begin preparing their SOC for this shift • Where agentic approaches align with modern frameworks like continuous monitoring and validation InfusionPoints Links:  Alex Erhardt: https://www.linkedin.com/in/charles-e-7a2b8016a/ Nicholas Whitley: https://www.linkedin.com/in/nicholas-whitley-511085213/ https://www.linkedin.com/company/infusionpoints/ https://infusionpoints.com/ Get continuous security without building your own SOC: https://app.hatchbuck.com/OnlineForm/93633624292 About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.

FedRAMP 20x and the Future of Compliance with Gary Guercio

In this episode of Behind the Shield, we sit down with Gary Guercio, VP of Operations at Fortreum, for a deep dive into the evolution of cybersecurity auditing and what FedRAMP 20x signals for the future of federal cloud security. From the early days of manual audits filled with printed artifacts, screenshots, and physical binders, to today’s push toward automation, APIs, and machine-readable evidence, Gary shares a firsthand perspective on how dramatically the landscape has changed. Together, we explore how the industry is shifting away from point-in-time assessments toward continuous validation, and what that really means for Cloud Service Providers, assessors, and agencies. This conversation goes beyond theory and gets into the practical realities: how auditors will need to understand code, how engineering and compliance are becoming tightly integrated, and why organizations must rethink how they build, manage, and prove security from the ground up. We also discuss the broader impact of FedRAMP 20x on the market, including how transparency, competition, and automation could reshape how security is measured and trusted across the ecosystem. Whether you're just starting your FedRAMP journey or actively navigating 20x, this episode offers valuable insight into where things are going and how to stay ahead. Chapters: 9:08 Introduction and Guest Intro 9:20 Career Path and Education 10:42 Early Career in Cybersecurity 13:36 Auditing and IT Controls 15:37 Booz Allen and Government Projects 20:39 FedRAMP and Fortreum 25:17 FedRAMP 20x and Automation in Auditing 59:26 The Future of Auditing and AI What You’ll Learn: • How cybersecurity auditing has evolved over the last 25+ years • The biggest differences between traditional audits and FedRAMP 20x • Why automation and machine-readable evidence are changing everything • How the role of assessors is shifting toward code and engineering understanding • What continuous validation actually looks like in practice • The challenges CSPs will face when adopting 20x • How competition in the marketplace could drive stronger security outcomes • Where AI and automation are headed in the auditing space • Why FedRAMP 20x is about more than compliance, it’s about changing the system Guest Links: Gary Guercio- https://www.linkedin.com/in/gary-guercio-48622b5b/ Fortreum- https://fortreum.com InfusionPoints Links:  Gary Daemer- https://www.linkedin.com/in/infusionpoints/ InfusionPoints- https://www.linkedin.com/company/infusionpoints/ 20x Webinar Series | Session 1- https://youtu.be/EoaXjGa-vl0?si=UmnDCXY4dhTKpC6L 20x Webinar Series | Session 2 Registration- https://xbu40.com/20x-cohort/april-28-26 About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.