About Ray Dunham (PARTNER | CISSP, GSEC, GWAPT)

Ray Dunham started his career as an Air Force Officer in 1996 in the field of Communications and Computer Systems. Following his time in the Air Force, Ray worked in the defense industry in areas of system architecture, system engineering, and primarily information security. Ray leads L&C’s FedRAMP practice but also supports SOC examinations and HITRUST assessments. Ray enjoys working with clients to secure their environments and provide guidance on information security principles and practices.

CONTACT AUDITOR
ALL ARTICLES BY Ray Dunham (PARTNER | CISSP, GSEC, GWAPT):
The DOD CMMC: What you need to know

The DoD CMMC: What You Need to Know

On December 31, 2017, compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (Revised Oct 21, 2016), Safeguarding Covered Defense Information and Cyber Incident Reporting became mandatory for all contractors (and subcontractors). Since then, the Department of Defense (DoD) has been striving to improve the security within the defense industrial base, or DIB. […]

DFARS compliance: What to know

DFARS Compliance: What You Need to Know

Due to the multitude of breaches where defense information has been compromised, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit sensitive information in support of the DOD and its mission. It has taken specific measures to help shore up the defense industrial base […]

Information security policies

Information Security Policies: Why They Are Important To Your Organization

In a previous blog post, I outlined how security procedures fit in an organization’s overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security […]

NIST password guidelines

NIST Password Guidelines – What You Need to Know

Passwords have always been a hot topic of discussion both in and out of security circles. Users have always hated being forced to come up with schemes to meet the complexity rules or change their password at defined intervals. The multitude of password requirements of the past have frustrated users and have led to bad […]

FedRamp readiness assessment

An Expert Guide to a FedRAMP Readiness Assessment

  A FedRAMP Readiness Assessment is an opportunity for Cloud Service Providers (CSP) targeting government clients to demonstrate that they are ready to begin the FedRAMP process in earnest. With the end goal being a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB) or an ATO granted by a Federal Agency, CSPs, through the […]

Logging and monitoring

Logging and Monitoring – An Essential Part of Every Security Program

We live in a complex world with seemingly continual headlines of breaches, hacks, and other nefarious online activity. Security programs must be robust enough to address the continual threats bombarding organizations today. Security practitioners have a lot on their plate — identification and authentication, access control, encryption of data in transit and at rest, data […]

Enhancing Your Enterprise Security — Do These 5 Things Now

What is Enterprise Security? Enterprise security is the process by which an organization protects its information assets (data, servers, workstations, storage, networking, applications, etc.) from infringement of confidentiality, integrity, or availability. It includes policies and procedures which provide guidance on the who, what, why, and how to implement the protection mechanism for an organization’s information […]

FedRAMP 3PAOs

FedRAMP 3PAOs: What is Their Role in the FedRAMP Process?

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an […]