FedRAMP 20X Roundtable with FedRAMP Director Pete Waterman

It’s not only about faster authorizations—it’s about unlocking the full potential of modern cloud for government. FedRAMP 20X is how we get there. In this exclusive roundtable, Pete Waterman (FedRAMP Director), Karen Laughton (EVP of Advisory, CoalFire), Rob Otten (Sr. Director, Risk & Compliance, Flock Safety), Kenny Scott (Founder & CEO, Paramify), and Mike Schreiner (COO, Paramify) break down: - The mission, process & real impact of the 20X pilot - How Key Security Indicators (KSIs) make compliance faster & smarter - What Continuous ATO looks like in practice - Why agencies are holding the line—and what they actually want - The bold vision to transform FedRAMP from 50 authorizations a year… to 50 a week Timestamps: 0:00 – The Big Question Pete Waterman shares the spark: “What if we did 50 FedRAMP authorizations a week?” 1:56 – Welcome & Introductions Meet the panel: Pete Waterman, Karen Laughton, Rob Upton, Kenny Scott. 2:53 – Pilot Progress Update Pete dives into pilot metrics, early submissions, and success stories. 5:17 – Industry Perspective: CoalFire Karen Laughton shares lessons learned from advising CSPs and 3PAOs. 8:40 – CSP Perspective: Flock Safety + Paramify Rob & Kenny reveal how they rapidly pivoted into the pilot and delivered results in 2 weeks. 12:03 – Why It Worked Why KSIs resonated and how automation made it achievable. 14:22 – The Risk-Based Shift Security is about risk, not checklists. Kenny, Rob, and Pete riff on the deeper mindset change. 17:06 – ATO vs Authorization Pete clarifies the difference and why 20X is fixing the current barriers. 19:02 – The Good, The Bad, and the Fast Karen details what’s working well—and what’s still a mess (agency sponsorship, complex systems, DoD holdouts). 24:04 – Rob's Advice to CSPs Rob advocates a risk-first approach and common sense improvements. 25:48 – Breaking Outdated Rules Kenny rants about FIPS encryption requirements and why 20X could fix it. 27:07 – Agency Buy-In: Will They Accept 20X? Pete confirms: Yes. OMB and formal policy will mandate adoption. 36:40 – Continuous ATO in Practice What’s working, what’s confusing, and what the FedRAMP team is learning. 42:00 – The Integration Trap Kenny explains why black-box integrations don’t cut it—and what CSPs must do instead. 44:55 – End User Risk Responsibilities A critical callout: security breaches are often misconfigurations by users—not tech failures. 47:00 – Monitoring What Actually Matters Forget CVEs. Pete & Karen emphasize real-time config validation (e.g., MFA being disabled). 50:00 – Change Processes & CI/CD How continuous snapshots and CICD can coexist with security—without slowing innovation. 56:00 – Driving Innovation Through Standards Why 20X exists: to force the ecosystem to build what’s long been talked about but never delivered. 1:00:00 – Final Advice to CSPs Should you jump into 20X? Panelists give concrete guidance for startups, hyperscalers, and advisors. 1:06:04 – Reframing the Goal Pete closes with a powerful vision: delivering equal access to secure cloud tech for federal workers—faster, better, and at scale. Learn more about our guests:  Pete Waterman: https://www.linkedin.com/in/petewaterman/ FedRAMP: https://www.fedramp.gov/ Karen Laughton: https://www.linkedin.com/in/karen-laughton-6484115/ Coalfire: https://coalfire.com/ Rob Otten: https://www.linkedin.com/in/robertotten/  Flock Safety: https://www.flocksafety.com/ Learn more about Paramify:  Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/ Mike Schreiner: https://www.linkedin.com/in/mikecschreiner/ Paramify: www.paramify.com Looking into FedRAMP or FedRAMP 20X? Lets' talk:  https://www.paramify.com/frameworks/fedramp