Max Aulakh and Michael Rasmussen,  GRC analyst and CEO of GRC Report, discuss the recent FedRAMP Equivalency Memo released by the DoD in January 2024. They go into depth about the memo, what is involved, the requirements, as well as how this directly effects the CSP.Topics we discuss:What is FedRAMP, and who is it for?How long has FedRAMP been around?Challenges with FedRAMPWhat is Equivalency, and why is it important?Is Equivalency a good or bad thing?What type of firms is the FedRAMP Equivalency Memo applicable to?Max Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform WebsiteResources:FedRAMP Equivalency Memo

Max Aulakh and Uliya Sparks, an ISSM at SAF Mission Partners Environment, discuss the potential of AI in federal compliance. They explore ISSMs' challenges, including managing multiple systems and navigating complex policies like NIST and FedRAMP. Uliya highlights the slow adoption of AI due to concerns about data sensitivity and job displacement, stressing the need for human expertise in validating AI-generated responses.Topics we discuss:Artificial Intelligence in context of Control ResponsesTool limitations and how we as humans can address themBringing awareness of our work to a younger generationMax Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

In this episode, Max discusses the fundamental concepts of Control Inheritance and System Reciprocity, highlighting their differences, applications, and importance in the realms of cybersecurity and organizational governance. This topic ties in closely with his recent LinkedIn post about the need for a credit system for security work being done within different parts of the DoD. Topics CoveredControl Inheritance:Definition and significance in cybersecurity.Examples of control inheritance, such as identity management systems.Utilization of control catalogs, like NIST's 800-53, for formal control inheritance.System Reciprocity:Explanation of reciprocity agreements between organizations.Distinction between Authority to Connect (ATC) and Authority to Operate (ATO).Intersection of Inheritance and Reciprocity:Clarification of the relationship between control inheritance and reciprocity processes.Ensuring compliance with controls and agreements for establishing reciprocity.Common misconceptions and reasons for conflating inheritance with reciprocity.ResourcesControl Inheritance BlogRMF Process and Reciprocal Agreements DISA Connection Approval Process for Authority to ConnectDISN Connect Process GuideMax Aulakh Bio:Max is the Managing DIrector of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

Max Aulakh invites Reuben Patton to discuss the implementation of enclaves in the context of CMMC (Cybersecurity Maturity Model Certification). Reuben, with his experience in both the classified sector and cybersecurity, provides insights on how enclaves, traditionally used in classified environments, are now being applied to manage CMMC requirements. He dives into strategies for handling Operational Technology and Research & Development in relation to CMMC, discussing the challenges and considerations of incorporating these areas into compliance frameworks. The conversation also touches on the practicalities and complexities of managing enclaves, offering valuable guidance for organizations navigating CMMC compliance.Topics we discuss:Understanding EnclavesEnclaves in Operational TechnologyStrategic Implementation of EnclavesMax Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

In this episode, we explore how global entities can serve the US and European governments. Joseph Keenan, Global Head of Security and CISO at Airbus OneWeb breaks down some challenges and provides insight into managing CMMC, Security strategy, FedRAMP while selling Commercial Off-the-shelf products into the defense market . This episode focuses on the stressors of an international company in the age of CMMC as well as dives into the differences between the US and European operations that he is experiencing in his current role.Topics we discuss:What is it like to manage US public sector compliance when your organization is distributed?Stressors of an international company in the age of CMMC How do you manage GDPR?What are the notable differences between the US and European Operations?Max Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

The podcast features Steve Demersky, the Chief Compliance Officer and Chief Legal Officer at 1010 Data. He discusses the importance of legal and compliance officers in the cybersecurity and risk management field. Data privacy is a major concern for SaaS companies, and they need to ensure they are handling client data safely and in compliance with regulations. The podcast also touches on the use of SOC audits and the need for credible auditors who can identify and address organizational flaws.Topics we discuss:Role of Legal at 1010 DataRisk Management SaaS Security ComplianceSupplier RiskCertifications & External AttestationsImproving SOC 2, FedRAMP and similar compliance initiativesMax's BioMax is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

Our guest today is Naveed Mirza, Senior Solutions Arcitect at Okta. This episode focuses on the importance of authorization boundaries and how to not only understand them but how to develop them. Naveed shares his background as a government contractor supporting the U S Marine Corps, highlighting the transferable skills and experiences that have prepared him for his role as SSA at Okta. Topics we discuss:Authorization boundaryWhat is it, why is it important? How can it help?Can a boundary establishment exercise be harmful when it comes to DevSecOps?What all goes into it developing a boundary?Complex boundaries and its relationship to Systems of Systems thinkingMax Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

Our guest today is Anthony Fisic, Chief Information Security Officer at Battelle, who conducts research and development, designs and manufactures products, and delivers critical services for government and commercial customers. This podcast episode focuses on federal compliance's impact on defense industry businesses. Anthony shares his background in law enforcement and military service, highlighting the transferable skills and experiences that have prepared him for his role as CISO at Battelle. The DIBCAC Audit JourneyGeneral Process from CISO PerspectiveStrategic Shifts internallyPreparing from a leadership perspectiveHow Anthony prepared his teamImpact on Team MembersSome challenges facedCISOs looking to prepareThoughts on new rules (Rev 3 of NIST 800-171)Key TakeawaysLinkedIn BioMax is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

Alexander Hubert talks about his journey to becoming an authorization official in the public sector. He explains how he transitioned from being a weatherman in the Air Force to becoming an IT guy and then delves into his interest in cybersecurity. Alex shares that he has worked various positions within the risk management framework, including information assurance manager and security controls assessor. As an AO, his role is to accept risk on behalf of the government and determine the suitability of systems on the network. He also discusses the mission of his organization, the Department of Defense Counterintelligence and Security Agency (DCSA), which focuses on investigations, counterintelligence, and industrial and cybersecurity.Topics we discuss:Alexander's backgroundWhat does DCSA do? What is the mission of the org?Role of AO versus a general cyber security practitionerGetting to consistency & clarity in assessmentsKey takeawaysMax's BioMax is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

Welcome to the first episode of the Reckless Compliance podcast, brought to you by Ignyte, In this episode, Max gives a high-level overview of the different key compliance terminology that will be discussed on the podcast. He provides context, definitions, and use cases. Topics we discuss:Private Sector Defense Industrial BaseCloud Service ProvidersPublic Sector Divisions of software companiesFederal Agencies DoD/Armed ServicesIntelligence AgenciesMax Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website

Welcome to episode zero of the Reckless Compliance Podcast, brought to you by Ignyte Assurance Platform, where we discover the unintended consequences of compliance. I am your host, Max Aulakh.In this inaugural episode, we cover the following topics:Overview of topics that will be covered in the podcastOverview of the goals of the podcastMax’s promise to listeners and subscribersMax Aulakh Bio:Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.Max Aulakh on LinkedInIgnyte Assurance Platform Website