Ray Dunham started his career as an Air Force Officer in 1996 in the field of Communications and Computer Systems. Following his time in the Air Force, Ray worked in the defense industry in areas of system architecture, system engineering, and primarily information security. Ray leads L&C’s FedRAMP practice but also supports SOC examinations and HITRUST assessments. Ray enjoys working with clients to secure their environments and provide guidance on information security principles and practices.
Passwords have always been a hot topic of discussion both in and out of security circles. Users have always hated being forced to come up with schemes to meet the complexity rules or change their password at defined intervals. The multitude of password requirements of the past have frustrated users and have led to bad […]
A FedRAMP Readiness Assessment is an opportunity for Cloud Service Providers (CSP) targeting government clients to demonstrate that they are ready to begin the FedRAMP process in earnest. With the end goal being a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB) or an ATO granted by a Federal Agency, CSPs, through the […]
Have you ever thought about what you would do if someone obtained access to all the information you stored electronically?
We live in a complex world with seemingly continual headlines of breaches, hacks, and other nefarious online activity. Security programs must be robust enough to address the continual threats bombarding organizations today. Security practitioners have a lot on their plate — identification and authentication, access control, encryption of data in transit and at rest, data […]
If you were asked what every company or organization has in common; what would you say? Well, there are many potential answers, but one thing is for certain — all companies/organizations are at risk for insider threats in cyber security. There is a lot of attention in the media about companies being hacked by external […]
What is Enterprise Security? Enterprise security is the process by which an organization protects its information assets (data, servers, workstations, storage, networking, applications, etc.) from infringement of confidentiality, integrity, or availability. It includes policies and procedures which provide guidance on the who, what, why, and how to implement the protection mechanism for an organization’s information […]
The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an […]
A simple FedRAMP definition is that FedRAMP is a government program designed to bring consistent and repeatable processes to security evaluations of cloud service offerings (CSO) for the federal government. The FedRAMP authorization process is designed to leverage a single security assessment for multiple federal agencies that would like to use the CSO. FedRAMP is […]
With the rise of cloud computing, there has been an increased emphasis within the government to transition to commercial cloud services. In fact, it is actually mandated within the government to move to cloud-based services if they are available to meet the mission need of the federal agency. This is all in an effort to […]
As we discussed in our FedRAMP compliance article, there are two paths to obtain a FedRAMP Authorization to Operate (ATO). The first option is to obtain a FedRAMP ATO from a specific government agency, and the second option is to receive a FedRAMP Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB). The […]
