About Ray Dunham (PARTNER | CISA, CISSP, GSEC, GWAPT)

Ray Dunham started his career as an Air Force Officer in 1996 in the field of Communications and Computer Systems. Following his time in the Air Force, Ray worked in the defense industry in areas of system architecture, system engineering, and primarily information security. Ray leads L&C’s FedRAMP practice but also supports SOC examinations. Ray enjoys working with clients to secure their environments and provide guidance on information security principles and practices.

ALL ARTICLES BY Ray Dunham (PARTNER | CISA, CISSP, GSEC, GWAPT):
FedRAMP authorizations

FedRAMP Authorizations – New Paths & Looking to the Future

On July 25, 2024, the White House Office of Management and Budget (OMB) released M-24-15, “Modernizing the Federal Risk and Authorization Management Program (FedRAMP)” which outlined four strategic goals, one of which related to FedRAMP authorizations: “Rapidly increase the size of the FedRAMP Marketplace by evolving and offering additional FedRAMP Authorization Paths.” As part of […]

FedRAMP Compliance

What is FedRAMP Compliance? Requirements, Process, & More

It’s nearly impossible to read tech news today without encountering discussions about the cloud—and for good reason. Cloud computing has become an essential part of the modern technology landscape, making it hard to imagine a world without it. The ability to provision and manage networks, storage, and servers with just a few keystrokes is not […]

What is StateRAMP

A Guide to StateRAMP: An Overview For Your Authorization Journey

In 2011, the Federal Risk and Authorization Management Program (FedRAMP) was introduced, establishing a standardized assessment methodology for federal agencies to manage risk within commercial cloud service provider environments. Acknowledging the “do once, use many” benefits of FedRAMP within the federal sector, the State Risk and Authorization Management Program (StateRAMP) was launched in 2021. StateRAMP […]

Enhancing enterprise security

Enterprise Security — 5 Steps to Enhance Your Organization’s Security

What is an Enterprise Environment? From a technology perspective, an enterprise environment is the total of all information assets that support the process, storing, or transmission of data that supports the business functions of an organization. Such assets include everything from user endpoints (e.g., laptops, phones, tablets), to servers (virtual or physical), data storage, network […]

Insider threats in cyber security

Insider Threats in Cyber Security: Risks They Pose & How to Mitigate Them

If you were asked what every company or organization has in common, what would you say? Well, there are many potential answers, but one thing is for certain — all companies/organizations are at risk for internal cyber security threats. There is a lot of attention in the media about companies being hacked by external parties […]

DFARS compliance: What to know

DFARS Compliance: What You Need to Know

Due to the multitude of breaches where defense information has been compromised, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit sensitive information in support of the DOD and its mission. It has taken specific measures to help shore up the defense industrial base […]

Information security policies

Information Security Policies: Why They Are Important To Your Organization

In a previous blog post, I outlined how security procedures fit in an organization’s overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security […]

FedRamp readiness assessment

An Expert Guide to a FedRAMP Readiness Assessment

  A FedRAMP Readiness Assessment is an opportunity for Cloud Service Providers (CSP) targeting government clients to demonstrate that they are ready to begin the FedRAMP process in earnest. With the end goal being a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB) or an ATO granted by a Federal Agency, CSPs, through the […]