In this special announcement episode of Behind the Shield, we’re sharing a major milestone for InfusionPoints and what it signals for the future of federal cloud security.

Chad Spears and Tanner Bailey break down our FedRAMP 20x Moderate (Class C) achievement, what it took to get here, and why this moment matters for cloud service providers, agencies, and the broader FedRAMP ecosystem. This isn’t just another certification, it’s proof that the shift from point-in-time compliance to continuous validation is already happening.

We unpack how FedRAMP 20x is transforming how security is demonstrated, moving away from static documentation and toward real-time, machine-readable evidence through Key Security Indicators (KSIs). We also touch on the journey behind this achievement, from early automation efforts to navigating evolving PMO expectations.

You’ll hear how this approach changes the experience for providers and assessors, creating a more collaborative and efficient path to authorization. We also explore the business impact, including faster time to market and a clearer path for organizations entering the federal space.

Whether you're pursuing FedRAMP, evaluating 20x, or trying to understand where the program is headed, this episode offers practical insights and a clear view into what comes next.

Chapters:
0:10 Introduction and Special Announcement
0:45 Certification Achievement
1:23 Significance of 20X Certification
2:45 Customer Impact and FedRAMP Framework
6:07 Understanding FedRAMP Designations
11:48 Journey to 20X Certification
18:30 Team Effort and Continuous Validation
18:47 Customer Benefits of 20X Certification
19:02 Platform as a Service and FedRAMP
19:29 Security Controls and KSI's
20:25 Speed to Market with XB40
21:53 Webinar and Education Initiatives
22:48 Upcoming Webinar Details
26:22 Team Recognitions and Shoutouts
30:57 Closing Remarks

What You’ll Learn:
• What achieving FedRAMP 20x Moderate (Class C) actually means
• Why this milestone is important for CSPs and federal agencies
• How FedRAMP 20x is shifting compliance to continuous validation
• The real business impact of faster authorization timelines
• How automation and KSIs replace traditional audit processes
• What makes this approach different from Rev. 5 assessments
• How InfusionPoints approached the 20x journey internally
• What this means for customers looking to enter the federal market
• Why this proves the transition from Rev. 5 to 20x is possible

Resource Links:
https://www.fedramp.gov/rfcs/
FedRAMP 20x Community Update- https://youtu.be/eU0i6c3Yk8o?si=_kbfmhax8BD154Q7

InfusionPoints Links:
https://xbu40.com/
20x Quick Look Assessment- https://xbu40.com/assessment
20x Webinar Series | Session 1- https://youtu.be/EoaXjGa-vl0?si=UmnDCXY4dhTKpC6L
20x Webinar Series | Session 2 Registration- https://riverside.com/webinar/registration/eyJldmVudElkIjoiNjlkZDUzZmNiNWI5MjQ2YTllY2E0YmUwIiwic2x1ZyI6Imphc29uLXNocm9wc2hpcmVzLXN0dWRpbyJ9
Chad Spears-https://www.linkedin.com/in/chad-spears007/
Tanner Bailey- https://www.linkedin.com/in/tanner-b-37a50a132/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/

About Us:
InfusionPoints is a cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure environments in highly regulated markets.

We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security, supporting customers from authorization through continuous monitoring.

With a security-first approach, we deliver scalable, compliant solutions that help organizations move faster without sacrificing security.

In this episode of Behind the Shield, Jason Shropshire sits down with cybersecurity founder, author, and industry veteran Andrew Plato for a candid, wide-ranging conversation on what it really takes to build and scale a cybersecurity company.

Andrew shares his journey from accidentally discovering one of the earliest SQL injection vulnerabilities in the 90s to founding and growing a cybersecurity company over 26 years and ultimately exiting after building a successful compliance automation platform. Along the way, he breaks down the hard-earned lessons that most founders learn the hard way, covering everything from business model pivots and scaling challenges to sales strategy and the evolution of compliance in cloud environments.

This episode goes beyond technical security talk and dives into the mindset shifts that separate successful companies from the rest. From why “compliance is miserable” and how automation changed the game, to why customers do not buy products but instead buy pain relief, Andrew offers unfiltered insights that apply to startups, established companies, and anyone navigating today’s cybersecurity landscape.

Whether you are a founder, operator, or part of a growing security team, this conversation will challenge how you think about building, selling, and delivering cybersecurity solutions in a rapidly evolving market.

Chapters:
0:09 Introduction and Welcome
0:59 Andrew's Early Career and SQL Injection Discovery
3:01 Starting a Security Company
5:44 Compliance Automation and AWS Collaboration
10:49 Managed Security and Automation Insights
33:15 The Founder's Dilemma and Business Growth
52:31 Sales Strategies and Credibility Selling
61:21 Closing Remarks

What You'll Learn:
• How one of the earliest SQL injection discoveries helped spark a cybersecurity career
• The reality of building and pivoting a company over decades
• Why compliance has historically been “miserable” and how automation is changing that
• The origin and evolution of compliance automation platforms
• Why moving customers into standardized environments accelerates security and scalability
• The shift from hourly consulting to scalable, subscription-based models
• Why customers do not buy products but instead buy pain relief
• How to position cybersecurity as removing business barriers, not adding them
• The concept of opportunity barriers and how compliance impacts revenue
• Why traditional sales approaches like cold calling and product pitching no longer work
• The importance of credibility over product features in modern cybersecurity sales
• How startups can compete against larger, established players
• The biggest mistakes founders make and how to avoid them
• Why understanding your customer’s pain is the foundation of growth
• How automation and AI are accelerating the future of security and compliance

Guest Links:
Andrew Plato- https://www.linkedin.com/in/andrewplato/
The Founder's User Manual (Book)- https://www.amazon.com/dp/B0CZXP7TNF/ref=tsm_1_fb_lk
Company- https://zenaciti.com/

InfusionPoints Links:
Jason Shropshire- https://www.linkedin.com/in/shrop/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every e

n this episode of Behind the Shield, hosted by Mike Strohecker, the Cloud Operations team at InfusionPoints dives into the realities of vulnerability management in FedRAMP environments.

Mike is joined by Ryan Adcock and James Bolton from the Cloud Operations team, where they support customers operating in FedRAMP High and IL5 environments. Together, they break down what it really takes to maintain compliance through continuous monitoring and why strong vulnerability management practices are critical to keeping an authorization in place.

This conversation goes beyond high-level compliance talk and gets into the day-to-day execution. From running scans and managing vulnerabilities to maintaining accurate inventories and communicating with engineering teams, the group shares what actually happens behind the scenes to keep systems secure and compliant.

They also explore how vulnerability management is evolving. What used to be a monthly exercise is shifting into a continuous, always-on process. With the introduction of Vulnerability Detection and Response, organizations are expected to move faster, respond smarter, and understand their environments at a much deeper level.

If you are a Cloud Service Provider, security professional, or part of a team working toward or maintaining FedRAMP authorization, this episode provides practical insight into what works, what does not, and what is coming next.

Chapters:
0:00 Introduction and Guest Backgrounds
2:35 Vulnerability Management and Compliance
5:24 Continuous Monitoring and Best Practices
12:01 Understanding Customer Environments
17:34 VADR and Continuous Monitoring
23:03 Prevention and Security Improvements
27:15 Communication and Closing Remarks

What You’ll Learn

• What continuous monitoring requires in a FedRAMP environment and how it impacts your daily operations
• The different types of vulnerability scans including OS, database, container, and web application scans
• How Plans of Action and Milestones are used to track and report vulnerabilities
• Key remediation timelines and why meeting them is essential to maintaining authorization
• Why authenticated scans are necessary and where many organizations struggle
• Common challenges when scanning containers and web applications
• The importance of maintaining an accurate asset inventory and avoiding blind spots
• How communication between security and engineering teams improves remediation timelines
• What changes are coming with Vulnerability Detection and Response and continuous scanning expectations
• How automation and risk-based decision making are shaping the future of FedRAMP compliance

InfusionPoints Links:
Mike Strohecker, VP of Engineering and Operations: https://www.linkedin.com/in/michael-strohecker-238326172/
Ryan Adcock, Cloud Operations / Senior Consultant:
https://www.linkedin.com/in/ryanaadcock/
James Bolton, Cloud Operations / Senior Consultant:
https://www.linkedin.com/in/james-bolton-cyber/
https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster with