Sign up to save your podcasts
Or
Share GRC Is Changing | What You MUST Learn to Stay Competitive (SCA-R Explains)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
GRC Is Changing | What You MUST Learn to Stay Competitive (SCA-R Explains)
RMF Academy: https://www.rmfacademy.io/
Please Rate the Podcast: https://ratethispodcast.com/techwoke
Time stamps:
00:00 "Prime Time, Giving, and Growth"
04:06 Security Control Assessor Role
07:27 System Validation and Risk Assessment
11:07 "Understanding ATO Packages"
14:57 "Navigating Stakeholder-Driven Decision Making"
18:08 Cloud Service Models & FedRAMP Overview
19:01 FedRAMP Cloud Service Process
24:52 "Izzo Navy Certification Path"
26:48 Staying Relevant in Tech Industry
30:28 "Leadership and RMF Trends"
33:09 “SBOM, DevSecOps, and Cloud”
36:51 "AI: Amplifier, Not Replacer"
39:42 "Zero Trust Overview Simplified"
44:41 "Struggling to Give Back"
45:06 Gratitude for Shared Wisdom
Video Decription:
Welcome back to the Tech Woke Podcast. In this episode, host Christopher Okpala sits down with Dominique Richardson, a Security Control Assessor Representative (SCA-R), to break down one of the most misunderstood roles in the Risk Management Framework (RMF) ecosystem.
If you’ve ever worked with federal information systems, struggled through a security authorization package, or tried to understand what really happens during the validation phase, this conversation will give you clarity you won’t find in certification books.
Dominique walks through what SCA-Rs actually do during control assessments, including:
• Validating system security plans (SSPs), POA&Ms, and security assessment reports
• Reviewing control families across NIST SP 800-53
• Interpreting CCIs, STIG findings, and vulnerability scan outputs
• Evaluating system boundaries and cloud inheritances
• Identifying major changes that trigger reauthorization
• Advising AOs and ISSOs during the authorization decision
We also dig into the real politics behind RMF—how programs push for ATO with Conditions, why clean ATOs are rare, and why continuous monitoring is where the real work happens.
Dominique breaks down why the future of cyber compliance is shifting quickly:
• Cloud migrations often require full ATO reauthorization
• SBOMs and software supply chain oversight are becoming essential
• GRC analysts must understand architecture, not just documentation
• AI is amplifying top performers
• DevSecOps pipelines are redefining compliance evidence
Whether you're transitioning into cybersecurity, already supporting government systems, or preparing for roles like ISSO, Validator, Assessor, or System Owner, this episode provides real-world insights you won’t hear in certification training.
This conversation also includes a segment from RMF Academy, where Christopher shares how his own journey inspired him to teach the practical execution side of compliance.
If you want to understand RMF categorization, selection, implementation, assessment, authorization, and continuous monitoring this episode is a must-watch.
Watch now and take notes. GRC is changing fast.
#RMF #Cybersecurity #GRC
View all episodes
By Christopher OkpalaRMF Academy: https://www.rmfacademy.io/
Please Rate the Podcast: https://ratethispodcast.com/techwoke
Time stamps:
00:00 "Prime Time, Giving, and Growth"
04:06 Security Control Assessor Role
07:27 System Validation and Risk Assessment
11:07 "Understanding ATO Packages"
14:57 "Navigating Stakeholder-Driven Decision Making"
18:08 Cloud Service Models & FedRAMP Overview
19:01 FedRAMP Cloud Service Process
24:52 "Izzo Navy Certification Path"
26:48 Staying Relevant in Tech Industry
30:28 "Leadership and RMF Trends"
33:09 “SBOM, DevSecOps, and Cloud”
36:51 "AI: Amplifier, Not Replacer"
39:42 "Zero Trust Overview Simplified"
44:41 "Struggling to Give Back"
45:06 Gratitude for Shared Wisdom
Video Decription:
Welcome back to the Tech Woke Podcast. In this episode, host Christopher Okpala sits down with Dominique Richardson, a Security Control Assessor Representative (SCA-R), to break down one of the most misunderstood roles in the Risk Management Framework (RMF) ecosystem.
If you’ve ever worked with federal information systems, struggled through a security authorization package, or tried to understand what really happens during the validation phase, this conversation will give you clarity you won’t find in certification books.
Dominique walks through what SCA-Rs actually do during control assessments, including:
• Validating system security plans (SSPs), POA&Ms, and security assessment reports
• Reviewing control families across NIST SP 800-53
• Interpreting CCIs, STIG findings, and vulnerability scan outputs
• Evaluating system boundaries and cloud inheritances
• Identifying major changes that trigger reauthorization
• Advising AOs and ISSOs during the authorization decision
We also dig into the real politics behind RMF—how programs push for ATO with Conditions, why clean ATOs are rare, and why continuous monitoring is where the real work happens.
Dominique breaks down why the future of cyber compliance is shifting quickly:
• Cloud migrations often require full ATO reauthorization
• SBOMs and software supply chain oversight are becoming essential
• GRC analysts must understand architecture, not just documentation
• AI is amplifying top performers
• DevSecOps pipelines are redefining compliance evidence
Whether you're transitioning into cybersecurity, already supporting government systems, or preparing for roles like ISSO, Validator, Assessor, or System Owner, this episode provides real-world insights you won’t hear in certification training.
This conversation also includes a segment from RMF Academy, where Christopher shares how his own journey inspired him to teach the practical execution side of compliance.
If you want to understand RMF categorization, selection, implementation, assessment, authorization, and continuous monitoring this episode is a must-watch.
Watch now and take notes. GRC is changing fast.
#RMF #Cybersecurity #GRC