As technology evolves beyond the cloud and agencies wants to take advantage of those new tools, they’ll have to make sure those capabilities are secure — and that’s the direction the Federal Risk and Authorization Management Program is headed.
Currently, the General Services Administration’s FedRAMP provides a standardized approach to security for the cloud, working with agencies and vendors to authorize commercial cloud solutions for government use.
“One big mission is to make sure that our federal information is secure in going into these cloud technologies,” said Ashley Mahan, the first evangelist for FedRAMP and guest on the fourth episode of GovCast.
Mahan joined GSA in November 2015 to help agencies understand FedRAMP and how to use it, and three years later, she said she’s most impressed by the upswing in the number of agencies participating in the program.
“In the last year alone we’ve had more than 40 agencies come to FedRAMP,” she told GovCast hosts Camille Tuutti and Amanda Ziadeh. She works at the nexus between industry and government, while learning about the new cloud technologies in the market and keeping cybersecurity at the forefront.
But Mahan wasn’t always a technologist. She said her stories encapsulate a lot of hard work, dedication and ceasing of opportunities when they arise.
“My background is not in IT or cybersecurity in terms of my education,” she said. Mahan has a bachelor’s degree in business and a minor in real estate, and she got started with a consulting company in Washington, D.C. supporting different government agencies in the Defense Department, intelligence community and federal law enforcement. Her title was information assurance analyst junior — information assurance being what we call cybersecurity today.
She took this time to immerse herself in a lot of training, and she was “incredibly dedicated to this craft and the mission of the customers that I was supporting,” she said. “I really saw how technology was a catalyst to their mission and made things more effective,” Mahan added, like solving complex problems quicker with more complete responses. But she also realized how important it was to lock down and secure these information systems and sensitive information from bad actors.
“And so that’s really, what sealed the deal for me. That was my calling,” Mahan said. Some government customers at the time asked Mahan about cloud technology and securing it. “I said, I don’t know … I’ve got to figure that out,” she said.
Mahan began researching cloud and cybersecurity compliance. She came across FedRAMP and “I said, I’ve got to align myself with this program.”
Hear more about how Mahan approaches and educates industry partners; lingering misconceptions of FedRAMP; what’s next for the program and Mahan herself; and the FedRAMP success stories that keep her going on episode four of GovCast.