About Ray Dunham (PARTNER | CISA, CISSP, GSEC, GWAPT)

Ray Dunham started his career as an Air Force Officer in 1996 in the field of Communications and Computer Systems. Following his time in the Air Force, Ray worked in the defense industry in areas of system architecture, system engineering, and primarily information security. Ray leads L&C’s FedRAMP practice but also supports SOC examinations. Ray enjoys working with clients to secure their environments and provide guidance on information security principles and practices.

ALL ARTICLES BY Ray Dunham (PARTNER | CISA, CISSP, GSEC, GWAPT):
Logging and monitoring

Logging and Monitoring – An Essential Part of Every Security Program

We live in a complex world with seemingly continual headlines of breaches, hacks, and other nefarious online activity. Security programs must be robust enough to address the continual threats bombarding organizations today. Security practitioners have a lot on their plate — identification and authentication, access control, encryption of data in transit and at rest, data […]

FedRAMP 3PAOs

FedRAMP 3PAOs: What is Their Role in the FedRAMP Process?

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an […]

What is FedRAMP?

What is FedRAMP? 5 Considerations Before Taking the Leap

A simple FedRAMP definition is that FedRAMP is a government program designed to bring consistent and repeatable processes to security evaluations of cloud service offerings (CSO) for the federal government. The FedRAMP authorization process is designed to leverage a single security assessment for multiple federal agencies that would like to use the CSO. FedRAMP is […]

FedRAMP vs FISMA

FedRAMP vs. FISMA: What You Need To Know

With the rise of cloud computing, there has been an increased emphasis within the government to transition to commercial cloud services. In fact, it is actually mandated within the government to move to cloud-based services if they are available to meet the mission need of the federal agency. This is all in an effort to […]

Cryptojacking: How to protect yourself

What is Cryptojacking and How to Protect Yourself

In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]

The FedRAMP SSP (System Security Plan) Tips for Successful Outcome

The FedRAMP SSP: Important Tips for a Successful Outcome

Whether for an agency assessment or a Joint Authorization Board (JAB) assessment, the FedRAMP System Security Plan (SSP) is the foundational document that supports a FedRAMP assessment. From it, the government agency representatives and the Third Party Assessment Organization (3PAO) are able to get an understanding of how the FedRAMP baseline security controls are implemented […]

FedRamp monitoring

FedRAMP Continuous Monitoring – What Are the Responsibilities of CSPs and 3PAOs?

Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]