About Ray Dunham (PARTNER | CISSP, GSEC, GWAPT)

Ray Dunham started his career as an Air Force Officer in 1996 in the field of Communications and Computer Systems. Following his time in the Air Force, Ray worked in the defense industry in areas of system architecture, system engineering, and primarily information security. Ray leads L&C’s FedRAMP practice but also supports SOC examinations and HITRUST assessments. Ray enjoys working with clients to secure their environments and provide guidance on information security principles and practices.

CONTACT AUDITOR
ALL ARTICLES BY Ray Dunham (PARTNER | CISSP, GSEC, GWAPT):

Enhancing Your Enterprise Security — Do These 5 Things Now

What is Enterprise Security? Enterprise security is the process by which an organization protects its information assets (data, servers, workstations, storage, networking, applications, etc.) from infringement of confidentiality, integrity, or availability. It includes policies and procedures which provide guidance on the who, what, why, and how to implement the protection mechanism for an organization’s information […]

FedRAMP 3PAOs

FedRAMP 3PAOs: What is Their Role in the FedRAMP Process?

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an […]

What is FedRAMP?

What is FedRAMP? 5 Considerations Before Taking the Leap

A simple FedRAMP definition is that FedRAMP is a government program designed to bring consistent and repeatable processes to security evaluations of cloud service offerings (CSO) for the federal government. The FedRAMP authorization process is designed to leverage a single security assessment for multiple federal agencies that would like to use the CSO. FedRAMP is […]

Cryptojacking: How to protect yourself

What is Cryptojacking and How to Protect Yourself

In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]

Information Security Policies and why they are important

Information Security Policies: Why They Are Important To Your Organization

In a previous blog post, I outlined how security procedures fit in your overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security policies […]