Justin Merhoff on FedRAMP 20x, Secure AI, Trust Centers, and Modern Cybersecurity

In this episode of The Paramify Podcast, Kenny sits down with Justin Merhoff to talk about what makes security actually work: usability, speed, adaptability, and real-world adoption. Justin shares lessons from nearly three decades in cybersecurity, from his time in the U.S. Army to leading security and compliance programs in the private sector. The conversation covers FedRAMP 20x, trust centers, secure AI, accessibility in cybersecurity, and why security should support the business instead of slowing it down. They also get into the real burden of FedRAMP and CMMC documentation, why better tooling can reduce burnout for lean security teams, and why “usable security” is often the difference between a control that works in practice and one that only looks good on paper. Note: At the time this episode was recorded, Justin was with Rhymetec. He is now Director of Compliance at DTEX.ai. Links: Justin Merhoff on LinkedIn: https://www.linkedin.com/in/justinmerhoff Kenny Scott on LinkedIn: https://www.linkedin.com/in/kenny-g-scott DTEX.ai: https://www.dtex.ai/ Paramify: https://www.paramify.com/ In this episode, you’ll hear: - Why usable security is better security - How secure AI can help small teams move faster - Why trust centers are becoming more important - How accessibility gaps can create real security risk - Why servant leadership matters in cybersecurity - Why FedRAMP 20x is shifting the focus back to risk Chapters: 0:00 Secure AI, lean teams, and why the right tools matter 1:12 Intro to Justin Merhoff 2:08 How Justin got started in cybersecurity 8:31 Army stories, leadership, and early security lessons 16:06 Moving from the military into corporate security 19:17 Why security should enable the business 20:45 The future of trust centers 25:20 Secure AI, small teams, and reducing compliance burnout 29:32 Why FedRAMP 20x is a needed change 36:31 Cyber leadership, adaptability, and how people break into security 44:13 Why accessibility is a cybersecurity issue 51:18 What Justin was doing at the time and how Rhymetec helps clients 54:35 Outro This episode is a great listen for anyone working in FedRAMP, CMMC, GRC, compliance, security leadership, or third-party trust.