Introduction to The Dude Says, Episode 001

Introductory episode to The Dude Says, where I share my background and what I’m working on.   GIAC GCCC #242        

CSIP Looks Good

After reading through the CyberSecurity Strategy and Implementation Plan (CSIP) I was impressed with its scope and relatively clear terminology, acronyms notwithstanding, and how it outlined federal strategy.  I expect the timelines to be challenging, though.   Working in a multi-national, Fortune 500 company, I know that if you don’t already have some information collected and… Continue reading CSIP Looks Good

Cloud First & Federal Controls – discussion from Federal News Radio

Federal News Radio Alex Grohmann of Morgan Franklin and John Dyson of Deloitte for a discussion of the controls imposed on the federal Cloud First initiative by NIST 800-53 and FedRAMP.   No joke, it can be a grind to listen to even though the participants have fun.  I found some real meat around minute… Continue reading Cloud First & Federal Controls – discussion from Federal News Radio

Cloud First, US Gov Style (FedRAMP)

“Cloud first” is an approach I’ve heard articulated as a means to delivering on business objectives.  The policy I’ve heard has referenced if not been predicated on the fact that the US government is implementing this policy in their federal agencies. My first thought: how is the government accomplishing such a presumably agile, flexible and… Continue reading Cloud First, US Gov Style (FedRAMP)