In this episode of Behind the Shield, we sit down with Gary Guercio, VP of Operations at Fortreum, for a deep dive into the evolution of cybersecurity auditing and what FedRAMP 20x signals for the future of federal cloud security. From the early days of manual audits filled with printed artifacts, screenshots, and physical binders, to today’s push toward automation, APIs, and machine-readable evidence, Gary shares a firsthand perspective on how dramatically the landscape has changed.
Together, we explore how the industry is shifting away from point-in-time assessments toward continuous validation, and what that really means for Cloud Service Providers, assessors, and agencies. This conversation goes beyond theory and gets into the practical realities: how auditors will need to understand code, how engineering and compliance are becoming tightly integrated, and why organizations must rethink how they build, manage, and prove security from the ground up.
We also discuss the broader impact of FedRAMP 20x on the market, including how transparency, competition, and automation could reshape how security is measured and trusted across the ecosystem. Whether you're just starting your FedRAMP journey or actively navigating 20x, this episode offers valuable insight into where things are going and how to stay ahead.
Chapters:
9:08 Introduction and Guest Intro
9:20 Career Path and Education
10:42 Early Career in Cybersecurity
13:36 Auditing and IT Controls
15:37 Booz Allen and Government Projects
20:39 FedRAMP and Fortreum
25:17 FedRAMP 20x and Automation in Auditing
59:26 The Future of Auditing and AI
What You’ll Learn:
• How cybersecurity auditing has evolved over the last 25+ years
• The biggest differences between traditional audits and FedRAMP 20x
• Why automation and machine-readable evidence are changing everything
• How the role of assessors is shifting toward code and engineering understanding
• What continuous validation actually looks like in practice
• The challenges CSPs will face when adopting 20x
• How competition in the marketplace could drive stronger security outcomes
• Where AI and automation are headed in the auditing space
• Why FedRAMP 20x is about more than compliance, it’s about changing the system
Guest Links:
Gary Guercio- https://www.linkedin.com/in/gary-guercio-48622b5b/
Fortreum- https://fortreum.com
InfusionPoints Links:
Gary Daemer- https://www.linkedin.com/in/infusionpoints/
InfusionPoints- https://www.linkedin.com/company/infusionpoints/
20x Webinar Series | Session 1- https://youtu.be/EoaXjGa-vl0?si=UmnDCXY4dhTKpC6L
20x Webinar Series | Session 2 Registration- https://xbu40.com/20x-cohort/april-28-26
About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.
