In this episode of Behind the Shield, host Gary Daemer is joined by new co-host Ryan Adcock from the InfusionPoints Cloud Team and special guest SK Bhachech from Riverbed Technology for a candid conversation on what it really takes to navigate federal compliance when the goalposts move mid-flight.

Together, they unpack Riverbed’s authorization journey, why FedRAMP is often customer-driven rather than chosen, and what makes FedRAMP uniquely prescriptive. From implementing hundreds of controls to sustaining month-over-month operational rigor, SK shares lessons learned from building and maturing a security program inside a regulated environment.

The conversation also looks ahead to FedRAMP 20x, Key Security Indicators, and machine-readable evidence. The group explores how automation can reduce human error, lower costs, and shift audits away from screenshot collection toward continuous validation. They also discuss where AI may help, such as summarization and review support, and why human oversight remains critical in cybersecurity.

To close, the episode gets more personal with favorite books, shows, and a discussion on service, leadership, and giving back to the community.

Topics covered include:

Why companies are pulled into FedRAMP and why it is hard to walk away

What makes FedRAMP prescriptive and operationally demanding

Staying nimble when requirements change during authorization

FedRAMP 20x, KSIs, and continuous validation

Automation and AI as accelerators with humans still in the loop

Disclaimer:  This conversation includes a live demo of Command Center on XBU40. To see the dashboards, workflows, and visuals discussed, watch the full episode on YouTube: https://youtu.be/2db13PnF62s 

In this episode of Behind the Shield, host Gary Daemer is joined by co-host Chad Spears (Director, Security Operations) and special guest Alex Earhart (Lead SecOps Engineer and 20x pilot engineer) for a live walkthrough of Command Center on XBU40.

We go hands-on with the platform and the tooling that helps teams operate, manage, and prove security across FedRAMP and DoD environments, while also showing what we are taking forward into our FedRAMP 20x Phase 2 Moderate approach.

In the demo, you will see how Command Center brings everything into one place, including:

Built-in ticketing designed for FedRAMP workflows, evidence collection, and KSI-aligned tracking (including significant change support)

Continuous monitoring and vulnerability management, including POA&M support and the shift to VDR (Vulnerability Detection & Response)

Alert management with integrations, automated ticket creation, and SOC metrics like mean time to respond and close

SSP management as a living system, structured as data (not a static document) with the ability to import existing SSPs and generate outputs

AuditShield for FedRAMP 20x, including automated KSI validations, machine-readable evidence, and the ability to run checks on a schedule or live

Trust Center views that publish scorecards and trends, plus secure sharing through the document repository

A look at ATO Monitoring, built around machine-readable outputs to help agencies and teams track security posture across multiple ATOs in a single view

If you are navigating FedRAMP Rev 5, exploring 20x, supporting DoD IL workloads, or just tired of chasing screenshots, this one is for you.

Explore the Trust Center: XB40.com

Behind the Shield- Episode 11
What does FedRAMP look like from the assessor’s seat?
In this episode of Behind the Shield, host Gary Daemer sits down with Christian Baer, Technical Fellow at Schellman, to unpack what FedRAMP 20X really means from the inside of the assessment process.
Christian shares first-hand insight into:
• How automation is reshaping federal security assessments
• The shift from point-in-time audits to continuous validation
• Why KSIs and real-time visibility matter more than endless screenshots
• The balance between risk, context, and compliance in modern cloud environments
• What CSPs should expect as FedRAMP, Rev 5, and 20X continue to evolve
From exceptions and vulnerability prioritization to red-yellow-green security posture views, this conversation explores how assessors, CSPs, and agencies can move faster without sacrificing security.
If you work in federal cloud, compliance, cybersecurity, or GRC, this is an episode you don’t want to miss.
🔐 Learn how InfusionPoints is helping CSPs prepare for FedRAMP 20X with automation, transparency, and continuous assurance.
👉 Subscribe for more real-world compliance and cybersecurity conversations.
👉 Visit InfusionPoints.com to learn more.
#FedRAMP #FedRAMP20X #Cybersecurity #GRC #CloudSecurity #ContinuousMonitoring #FederalCompliance #KSIs #ATO #CyberRisk #BehindTheShield

Behind the Shield- Episode 10 

In this introductory episode of Behind the Shield, host Jason Shropshire sits down with Mike Strohecker, Director of Cloud Operations at InfusionPoints, to highlight Mike’s professional journey, leadership role, and perspective on the future of cloud security and FedRAMP 20x.

As part of our series, we periodically introduce members of InfusionPoints’ leadership team, many of whom will also appear as hosts in future episodes. These leadership spotlights allow our audience to get to know the people shaping our mission and guiding our work between our guest-focused interviews.

In this episode, Mike discusses how he:

Transitioned from a 14-year law enforcement career in Maryland to earning a cybersecurity degree and starting a new chapter in North Carolina

Entered the world of digital forensics and chain-of-custody processes through crash reconstruction and vehicle data analysis

Joined InfusionPoints through a timely LinkedIn connection and a CEO willing to support a career pivot

Grew from advisory work into leading Cloud Operations, overseeing complex customer environments and advancing how we secure cloud solutions

Views FedRAMP 20x, VADER, and the shift from traditional control documentation to Key Security Indicators (KSIs) and real security outcomes

Advises aspiring cybersecurity professionals on the value of cloud expertise, certifications, and embracing AI

This episode also offers a personal look at Mike, including:

Life as a father of three

His passion for tinkering and hands-on projects

A recent family trip to Dollywood

Why Abraham Lincoln would be his ideal historical dinner guest

For those interested in career transitions into cybersecurity, cloud operations, or the evolution of FedRAMP 20x and vulnerability management, this conversation provides meaningful insight and perspective.

Behind the Shield- Episode 9

Getting a government Authority to Operate (ATO) can feel impossible for small businesses- but it doesn’t have to be.

In this episode of Behind the Shield, CoachMePlus CEO Teo Balbach shares how a five-person sports technology startup turned its athlete-management platform into a DoD-authorized SaaS used by Army and Air Force programs. Joined by InfusionPoints’ Jackson Gorman and Gary Daemer, Teo explains what it really takes to move from “commercial-ready” to cyber-compliant in government environments.

What you’ll learn:

How CoachMePlus built trust and sponsorship inside DoD programs

The value of early gap assessments and knowing your system boundary

Surviving documentation and continuous monitoring without derailing your roadmap

Translating strong cybersecurity into audit-ready evidence

How partnerships accelerate ATOs for small SaaS teams

Real lessons on cost, timing, and scaling across Army, Navy, and Air Force

Who should watch:
Founders, CTOs, engineers, and compliance leaders at small SaaS or tech companies hoping to serve the federal or defense market—without losing focus on innovation and delivery.

Keywords: small business cybersecurity, DoD ATO, Authority to Operate, DISA provisional authorization, FedRAMP 20x, SBIR grants, SaaS compliance, AWS GovCloud, continuous monitoring, audit readiness, government software, CoachMePlus, InfusionPoints

Featuring:
🎙️ Teo Balbach, CEO of CoachMePlus
🎙️ Jackson Gorman, Advisory Consultant, InfusionPoints
🎙️ Gary Daemer, CEO, InfusionPoints

Behind the Shield- Episode 9

In this episode of Behind the Shield, host Gary Daemer, CEO of InfusionPoints, sits down with Felisha Daemer, VP of Public Sector and one of the driving forces behind the company’s culture and growth.

Felisha shares her personal journey from college intern to executive leadership — and how being “humble, hungry, and smart” became the foundation of InfusionPoints’ hiring philosophy and team success. Together, Gary and Felisha reflect on what it means to stay scrappy and authentic in the cybersecurity world, how InfusionPoints built its culture of grit and continuous learning, and what makes their internship program a true pipeline for future leaders.

They also discuss current trends in federal cybersecurity and FedRAMP 20x, from “doing it live” compliance to solving agencies’ “hair-on-fire” problems through automation and trust-center visibility.

🎧 Topics Covered:

Felisha’s journey from intern to VP of Public Sector

The father–daughter dynamic in leadership

The “Ideal Team Player” philosophy: humble, hungry, and smart

InfusionPoints’ internship pipeline and culture of growth

What “scrappy” means in cybersecurity and compliance

How FedRAMP 20x and automation are reshaping public sector security

➡️ Subscribe for more Behind the Shield episodes featuring stories, strategies, and insights from the people building, managing, and defending secure cloud environments.

Behind the Shield- Episode 7

In this episode of Behind the Shield, we’re joined by Tim Sandage, Head of AWS Global Security & Compliance Acceleration, to explore how automation, AI, and platform-driven design are reshaping the future of cloud compliance.

Tim sits down with Gary Daemer and Jason Shropshire of InfusionPoints to discuss the evolution from static audits to continuous validation—and what it really takes to build trust in an automated world.

🔹 How FedRAMP 20x is changing the path to authorization
🔹 Why “Security by Design” remains essential in the AI era
🔹 Continuous audit vs. annual audit panic
🔹 Platform-driven compliance and opinionated architectures
🔹 Balancing automation with human oversight and trust

If you’re navigating FedRAMP, CMMC, or enterprise-grade security frameworks, this episode highlights the real-world strategies AWS and InfusionPoints use to accelerate compliance without compromising assurance.

🎧 Listen now to see how automation and AI are transforming the next era of security and compliance.

#BehindTheShield #FedRAMP20x #AWS #CloudSecurity #ContinuousCompliance #Automation #AI #Cybersecurity #InfusionPoints #SecurityByDesign

Behind the Shield- Episode 6

In this episode of Behind the Shield, Jason Shropshire and Gary Daemer connect history, innovation, and compliance. What can the fall of Constantinople teach us about modern cybersecurity and FedRAMP 20x?

They explore why traditional “walls and moats” thinking no longer works in today’s cloud world, how compliance pipelines are changing the game, and why automation—not screenshots—is the future of assurance.

You’ll hear how InfusionPoints’ platforms like XBU40, XccelerATOr, and AuditShield are helping customers move from static audits to continuous validation—and how FedRAMP 20x is leading that transformation.

Topics include:

What “walls and moats” have to do with compliance

Why continuous validation beats point-in-time audits

The rise of compliance pipelines under FedRAMP 20x

Platform vs. GRC approaches in federal cybersecurity

Hosted by: Jason Shropshire & Gary Daemer
🎧 Subscribe for more Behind the Shield episodes on FedRAMP 20x, cloud security, and compliance innovation.

Click here to read the blogs: 
https://infusionpoints.com/blogs/rethinking-walls-and-moats-cybersecurity-and-compliance
https://infusionpoints.com/blogs/opinionated-design-why-platform-plus-grc-wins-fedramp20x

#fedramp20x #compliance #grc

Behind the Shield- Episode 5 

Meet our new VP of Customer Success, Jeff Bivens. Jeff shares his path from late-90s client-server to SaaS, through a Dell acquisition and multiple ATOs, to why he joined InfusionPoints now. We dig into how strong program management turns compliance into momentum, how FedRAMP 20x can lower barriers without lowering security, and why “customer success” in public sector means repeatable outcomes, faster audits, and durable trust. We also touch on AI’s role in detection and operations, evergreen company values, and what changes when a services firm becomes a true cloud service provider.

What you’ll learn:

How SaaS delivery, faster releases, and customer feedback loops shaped Jeff’s approach

Lessons from taking platforms through Low and Moderate ATOs with speed and cost control

Why FedRAMP 20x matters for automation, machine-readable controls, and audit reuse

The program management skills that keep complex portfolios on track

How Customer Success aligns security outcomes, business value, and long-term relationships

Highlights

From support queues to SaaS startup life in Austin

Dell and the pivot to cloud offerings

Two ATOs in two years and what changed

Using compliance to improve engineering hygiene and costs

Evergreen culture, coaching, and building teams that last

Subscribe for more Behind the Shield conversations on building, managing, and defending in the federal cloud.

Behind the Shield- Episode 4:
FedRAMP 20x, KSIs, and the End of Screenshots (with Fortreum’s Ethan Troy & InfusionPoints’ Tanner Bailey)

In this episode we explore how FedRAMP 20x is changing audits. Instead of relying on screenshots, auditors now focus on scripts, APIs, and code logic. Host Gary Daemer sits down with InfusionPoints’ Tanner Bailey and Fortreum’s Ethan Troy to talk about KSIs, Trust Centers, and the skills auditors need for the future.

What you’ll learn:

Why screenshots are being replaced with automated, repeatable checks

How KSIs and themes make audits clearer and faster

Trust Centers built on JSON and Markdown instead of PDFs

Why auditors must understand Python, Linux, networking, and infrastructure as code

How InfusionPoints is building AuditShield and Command Center to support FedRAMP 20x

Host: 
Gary Daemer – CEO and Founder of InfusionPoints
Guests:
Ethan Troy – Assessor at Fortreum, focused on technical audits and code review
Tanner Bailey – Advisory team lead at InfusionPoints and coordinator for the 20x project

Subscribe for more conversations on FedRAMP, audit automation, and the future of cloud security.

#FedRAMP #FedRAMP20x #AuditAutomation #CloudSecurity #InfusionPoints #Fortreum