It’s not only about faster authorizations—it’s about unlocking the full potential of modern cloud for government.
FedRAMP 20X is how we get there.
In this exclusive roundtable, Pete Waterman (FedRAMP Director), Karen Laughton (EVP of Advisory, CoalFire), Rob Otten (Sr. Director, Risk & Compliance, Flock Safety), Kenny Scott (Founder & CEO, Paramify), and Mike Schreiner (COO, Paramify) break down:
- The mission, process & real impact of the 20X pilot
- How Key Security Indicators (KSIs) make compliance faster & smarter
- What Continuous ATO looks like in practice
- Why agencies are holding the line—and what they actually want
- The bold vision to transform FedRAMP from 50 authorizations a year… to 50 a week
Timestamps:
0:00 – The Big Question
Pete Waterman shares the spark: “What if we did 50 FedRAMP authorizations a week?”
1:56 – Welcome & Introductions
Meet the panel: Pete Waterman, Karen Laughton, Rob Upton, Kenny Scott.
2:53 – Pilot Progress Update
Pete dives into pilot metrics, early submissions, and success stories.
5:17 – Industry Perspective: CoalFire
Karen Laughton shares lessons learned from advising CSPs and 3PAOs.
8:40 – CSP Perspective: Flock Safety + Paramify
Rob & Kenny reveal how they rapidly pivoted into the pilot and delivered results in 2 weeks.
12:03 – Why It Worked
Why KSIs resonated and how automation made it achievable.
14:22 – The Risk-Based Shift
Security is about risk, not checklists. Kenny, Rob, and Pete riff on the deeper mindset change.
17:06 – ATO vs Authorization
Pete clarifies the difference and why 20X is fixing the current barriers.
19:02 – The Good, The Bad, and the Fast
Karen details what’s working well—and what’s still a mess (agency sponsorship, complex systems, DoD holdouts).
24:04 – Rob's Advice to CSPs
Rob advocates a risk-first approach and common sense improvements.
25:48 – Breaking Outdated Rules
Kenny rants about FIPS encryption requirements and why 20X could fix it.
27:07 – Agency Buy-In: Will They Accept 20X?
Pete confirms: Yes. OMB and formal policy will mandate adoption.
36:40 – Continuous ATO in Practice
What’s working, what’s confusing, and what the FedRAMP team is learning.
42:00 – The Integration Trap
Kenny explains why black-box integrations don’t cut it—and what CSPs must do instead.
44:55 – End User Risk Responsibilities
A critical callout: security breaches are often misconfigurations by users—not tech failures.
47:00 – Monitoring What Actually Matters
Forget CVEs. Pete & Karen emphasize real-time config validation (e.g., MFA being disabled).
50:00 – Change Processes & CI/CD
How continuous snapshots and CICD can coexist with security—without slowing innovation.
56:00 – Driving Innovation Through Standards
Why 20X exists: to force the ecosystem to build what’s long been talked about but never delivered.
1:00:00 – Final Advice to CSPs
Should you jump into 20X? Panelists give concrete guidance for startups, hyperscalers, and advisors.
1:06:04 – Reframing the Goal
Pete closes with a powerful vision: delivering equal access to secure cloud tech for federal workers—faster, better, and at scale.
Learn more about our guests:
Pete Waterman: https://www.linkedin.com/in/petewaterman/
FedRAMP: https://www.fedramp.gov/
Karen Laughton: https://www.linkedin.com/in/karen-laughton-6484115/
Coalfire: https://coalfire.com/
Rob Otten: https://www.linkedin.com/in/robertotten/
Flock Safety: https://www.flocksafety.com/
Learn more about Paramify:
Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/
Mike Schreiner: https://www.linkedin.com/in/mikecschreiner/
Paramify: www.paramify.com
Looking into FedRAMP or FedRAMP 20X? Lets' talk: https://www.paramify.com/frameworks/fedramp
