The 38North Security Podcast Transistor (https://transistor.fm) https://feeds.transistor.fm/the-38north-security-podcast Join us as we discuss news and current events, trends, and controversies in the world of cybersecurity. We have strong feelings and they're not limited to FedRAMP, CMMC, FISMA, IRAP, security engineering, or documentation. Anything goes -- some of the things we say are probably even helpful! Interested in having words? Email us at info@38northsecurity.com. © 2025 38North Security 35780ee0-5dcb-5e91-8c62-7cd1cc67742c no en Mon, 28 Jul 2025 15:59:31 -0400 Tue, 02 Dec 2025 22:29:48 -0500 https://img.transistor.fm/xVz3Q6vRIO8afrcbMOPq8ijm00ss1DzPwR0ipGrJyvo/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9zaG93/LzQ5MjM0LzE3MDY2/MzQ4NDEtYXJ0d29y/ay5qcGc.jpg The 38North Security Podcast serial 38North Security Join us as we discuss news and current events, trends, and controversies in the world of cybersecurity. We have strong feelings and they're not limited to FedRAMP, CMMC, FISMA, IRAP, security engineering, or documentation. Anything goes -- some of the things we say are probably even helpful! Interested in having words? Email us at info@38northsecurity.com. Join us as we discuss news and current events, trends, and controversies in the world of cybersecurity. cybersecurity, FedRAMP, IRAP, CMMC Ingrid Woodley No No Refresher: What's in The FedRAMP Modernization Memo? 1 1 1 1 Refresher: What's in The FedRAMP Modernization Memo? full f064207f-6aa8-49aa-b7a2-3a0a7fe1432b https://share.transistor.fm/s/e4c41730 We're about to see significant changes in the way FedRAMP is managed: automation, more pathways to authorization, and no more JAB. It's all in the name of modernization, baby! Well, that and the undeniable fact that the process to get more offerings in the FedRAMP marketplace needs to be much, much faster. But what does it all mean? How will it affect CSPs' efforts to get ATO? Matt Strasburg answers.

]]> We're about to see significant changes in the way FedRAMP is managed: automation, more pathways to authorization, and no more JAB. It's all in the name of modernization, baby! Well, that and the undeniable fact that the process to get more offerings in the FedRAMP marketplace needs to be much, much faster. But what does it all mean? How will it affect CSPs' efforts to get ATO? Matt Strasburg answers.

]]> Tue, 30 Jan 2024 15:51:03 -0500 38North Security 38North Security 1498 We're about to see significant changes in the way FedRAMP is managed: automation, more pathways to authorization, and no more JAB. It's all in the name of modernization, baby! Well, that and the undeniable fact that the process to get more offerings in the FedRAMP marketplace needs to be much, much faster. But what does it all mean? How will it affect CSPs' efforts to get ATO? Matt Strasburg answers.

]]> FedRAMP, cybersecurity No FedRAMP: Goodbye FedRAMP JAB! Hello TAG, Board, and FSCAC! 1 1 2 2 FedRAMP: Goodbye FedRAMP JAB! Hello TAG, Board, and FSCAC! full a8ab64ee-170b-4ff7-aa26-18c73068b88a https://share.transistor.fm/s/c6208312 FedRAMP just came out with *three* new bodies governing the program going forward: the TAG, the Board, and the FSCAC. There's a lot of uncertainty right now, not to mention confusion and misinformation. Why are these changes happening? What does it mean for CSPs, 3PAOs, and agencies? Is the JAB gone?!! Matt Strasburg and Jeremiah Thompson shed light on these massive changes and discuss their wide-reaching impact.

]]> FedRAMP just came out with *three* new bodies governing the program going forward: the TAG, the Board, and the FSCAC. There's a lot of uncertainty right now, not to mention confusion and misinformation. Why are these changes happening? What does it mean for CSPs, 3PAOs, and agencies? Is the JAB gone?!! Matt Strasburg and Jeremiah Thompson shed light on these massive changes and discuss their wide-reaching impact.

]]> Mon, 10 Jun 2024 06:00:00 -0400 38North Security 38North Security 1926 FedRAMP just came out with *three* new bodies governing the program going forward: the TAG, the Board, and the FSCAC. There's a lot of uncertainty right now, not to mention confusion and misinformation. Why are these changes happening? What does it mean for CSPs, 3PAOs, and agencies? Is the JAB gone?!! Matt Strasburg and Jeremiah Thompson shed light on these massive changes and discuss their wide-reaching impact.

]]> FedRAMP, cybersecurity, compliance No GovRAMP: What Is It, Anyway? 2 2 1 1 GovRAMP: What Is It, Anyway? full f2a568f1-4a8b-43f7-b3f6-0a2ebf9b8b6a https://share.transistor.fm/s/5ee31eeb Welcome to Part 1 of our GovRAMP Mini-Series—a quick, focused look at what GovRAMP is, why it matters, and how cloud service providers can use it to unlock the public sector. 


In this episode, we tackle the basics: What exactly is GovRAMP? Why the rebrand from StateRAMP? And is this more than just a name change? 


Elizabeth Lopez helps us break it down. Liz, one of our cloud security technical writers here at 38North Security, has been deep in the weeds of policy, frameworks, and language—so she’s the perfect person to walk us through what GovRAMP is really all about. 

]]> Welcome to Part 1 of our GovRAMP Mini-Series—a quick, focused look at what GovRAMP is, why it matters, and how cloud service providers can use it to unlock the public sector. 


In this episode, we tackle the basics: What exactly is GovRAMP? Why the rebrand from StateRAMP? And is this more than just a name change? 


Elizabeth Lopez helps us break it down. Liz, one of our cloud security technical writers here at 38North Security, has been deep in the weeds of policy, frameworks, and language—so she’s the perfect person to walk us through what GovRAMP is really all about. 

]]> Wed, 14 May 2025 17:42:40 -0400 38North Security 38North Security 369 Welcome to Part 1 of our GovRAMP Mini-Series—a quick, focused look at what GovRAMP is, why it matters, and how cloud service providers can use it to unlock the public sector. 


In this episode, we tackle the basics: What exactly is GovRAMP? Why the rebrand from StateRAMP? And is this more than just a name change? 


Elizabeth Lopez helps us break it down. Liz, one of our cloud security technical writers here at 38North Security, has been deep in the weeds of policy, frameworks, and language—so she’s the perfect person to walk us through what GovRAMP is really all about. 

]]> cybersecurity, compliance, FedRAMP, GovRAMP, 38North Security No GovRAMP: Why It’s a Smart Growth Move for Cloud Providers 2 2 2 2 GovRAMP: Why It’s a Smart Growth Move for Cloud Providers full 447f6311-0450-4177-bd77-b30259ef42ed https://share.transistor.fm/s/b3dad91b This is Part 2 of the GovRAMP Mini-Series. In this episode, we’re digging into the big question: Why would a cloud provider pursue GovRAMP in the first place? 


We’re joined by Jeremiah Thompson, 38North Security's VP of IT and Cloud Solutions. We also have Matt Strasburg, Manager of our Cloud Security Advisory practice. Jeremiah’s been in the compliance world for years and brings a pragmatic, strategic lens to why GovRAMP is gaining traction—not just for security reasons, but for smart market growth. Matt, on the other hand, has been pivotal in standing up similar federal programs in past years.

]]> This is Part 2 of the GovRAMP Mini-Series. In this episode, we’re digging into the big question: Why would a cloud provider pursue GovRAMP in the first place? 


We’re joined by Jeremiah Thompson, 38North Security's VP of IT and Cloud Solutions. We also have Matt Strasburg, Manager of our Cloud Security Advisory practice. Jeremiah’s been in the compliance world for years and brings a pragmatic, strategic lens to why GovRAMP is gaining traction—not just for security reasons, but for smart market growth. Matt, on the other hand, has been pivotal in standing up similar federal programs in past years.

]]> Fri, 16 May 2025 16:41:01 -0400 38North Security 38North Security 457 This is Part 2 of the GovRAMP Mini-Series. In this episode, we’re digging into the big question: Why would a cloud provider pursue GovRAMP in the first place? 


We’re joined by Jeremiah Thompson, 38North Security's VP of IT and Cloud Solutions. We also have Matt Strasburg, Manager of our Cloud Security Advisory practice. Jeremiah’s been in the compliance world for years and brings a pragmatic, strategic lens to why GovRAMP is gaining traction—not just for security reasons, but for smart market growth. Matt, on the other hand, has been pivotal in standing up similar federal programs in past years.

]]> cybersecurity, compliance, FedRAMP, GovRAMP, 38North Security No GovRAMP: Navigating the Path to Authorization 2 2 3 3 GovRAMP: Navigating the Path to Authorization full d6b991a6-cfce-4136-a364-93a035d19733 https://share.transistor.fm/s/1e776bb2 Welcome to Part 3, the final episode of our GovRAMP Mini-Series. Over the last two episodes, we’ve covered what GovRAMP is and why companies are pursuing it.

Today, we’re closing things out by getting tactical—what does the GovRAMP process actually look like from start to finish?

To walk us through it, we’re joined by Matt Strasburg, manager of our Cloud Security Advisory practice. Matt has guided dozens of companies through complex public sector frameworks, and he’s here to break down the steps, timelines, and fast-track options that cloud providers should know about.

]]> Welcome to Part 3, the final episode of our GovRAMP Mini-Series. Over the last two episodes, we’ve covered what GovRAMP is and why companies are pursuing it.

Today, we’re closing things out by getting tactical—what does the GovRAMP process actually look like from start to finish?

To walk us through it, we’re joined by Matt Strasburg, manager of our Cloud Security Advisory practice. Matt has guided dozens of companies through complex public sector frameworks, and he’s here to break down the steps, timelines, and fast-track options that cloud providers should know about.

]]> Wed, 28 May 2025 16:29:19 -0400 38North Security 38North Security 652 Welcome to Part 3, the final episode of our GovRAMP Mini-Series. Over the last two episodes, we’ve covered what GovRAMP is and why companies are pursuing it.

Today, we’re closing things out by getting tactical—what does the GovRAMP process actually look like from start to finish?

To walk us through it, we’re joined by Matt Strasburg, manager of our Cloud Security Advisory practice. Matt has guided dozens of companies through complex public sector frameworks, and he’s here to break down the steps, timelines, and fast-track options that cloud providers should know about.

]]> cybersecurity, FedRAMP, IRAP, CMMC No Why Engineers Hate Compliance—And Why They’re Not Wrong 3 3 1 1 Why Engineers Hate Compliance—And Why They’re Not Wrong full 3e4d3dc6-36b0-40ea-b943-07288b5a3ef5 https://share.transistor.fm/s/d41885ed Welcome to Part 1 of our Compliance Engineering Mini-Series, a focused look at what it means to build secure, auditable systems by design.


In this kickoff episode, 38North Director of Engineering Larry Spector joins Chris Davis to talk about a familiar tension: engineers want to move fast, and compliance gets in the way. But what if the engineers are right? Or at least, right to feel the way they do?

Together, they explore:

  • Why compliance often fails when it’s treated as a bolt-on
  • How audit fatigue and rework are symptoms of deeper engineering gaps
  • The difference between “checking boxes” and proving operational excellence
  • What it actually means to build systems that generate their own evidence

Larry and Chris reframe the problem and set the stage for a new way of thinking about compliance, engineering, and trust.

]]> Welcome to Part 1 of our Compliance Engineering Mini-Series, a focused look at what it means to build secure, auditable systems by design.


In this kickoff episode, 38North Director of Engineering Larry Spector joins Chris Davis to talk about a familiar tension: engineers want to move fast, and compliance gets in the way. But what if the engineers are right? Or at least, right to feel the way they do?

Together, they explore:

  • Why compliance often fails when it’s treated as a bolt-on
  • How audit fatigue and rework are symptoms of deeper engineering gaps
  • The difference between “checking boxes” and proving operational excellence
  • What it actually means to build systems that generate their own evidence

Larry and Chris reframe the problem and set the stage for a new way of thinking about compliance, engineering, and trust.

]]> Mon, 28 Jul 2025 15:59:01 -0400 38North Security 38North Security 986 Welcome to Part 1 of our Compliance Engineering Mini-Series, a focused look at what it means to build secure, auditable systems by design.


In this kickoff episode, 38North Director of Engineering Larry Spector joins Chris Davis to talk about a familiar tension: engineers want to move fast, and compliance gets in the way. But what if the engineers are right? Or at least, right to feel the way they do?

Together, they explore:

  • Why compliance often fails when it’s treated as a bolt-on
  • How audit fatigue and rework are symptoms of deeper engineering gaps
  • The difference between “checking boxes” and proving operational excellence
  • What it actually means to build systems that generate their own evidence

Larry and Chris reframe the problem and set the stage for a new way of thinking about compliance, engineering, and trust.

]]> cybersecurity, compliance engineering, FedRAMP No