RMF Academy: https://www.rmfacademy.io/Please Rate the Podcast: https://ratethispodcast.com/techwokeTime stamps:00:00 "Prime Time, Giving, and Growth"04:06 Security Control Assessor Role07:27 System Validation and Risk Assessment11:07 "Understanding ATO Packages"14:57 "Navigating Stakeholder-Driven Decision Making"18:08 Cloud Service Models & FedRAMP Overview19:01 FedRAMP Cloud Service Process24:52 "Izzo Navy Certification Path"26:48 Staying Relevant in Tech Industry30:28 "Leadership and RMF Trends"33:09 “SBOM, DevSecOps, and Cloud”36:51 "AI: Amplifier, Not Replacer"39:42 "Zero Trust Overview Simplified"44:41 "Struggling to Give Back"45:06 Gratitude for Shared WisdomVideo Decription:Welcome back to the Tech Woke Podcast. In this episode, host Christopher Okpala sits down with Dominique Richardson, a Security Control Assessor Representative (SCA-R), to break down one of the most misunderstood roles in the Risk Management Framework (RMF) ecosystem.If you’ve ever worked with federal information systems, struggled through a security authorization package, or tried to understand what really happens during the validation phase, this conversation will give you clarity you won’t find in certification books.Dominique walks through what SCA-Rs actually do during control assessments, including:• Validating system security plans (SSPs), POA&Ms, and security assessment reports• Reviewing control families across NIST SP 800-53• Interpreting CCIs, STIG findings, and vulnerability scan outputs• Evaluating system boundaries and cloud inheritances• Identifying major changes that trigger reauthorization• Advising AOs and ISSOs during the authorization decisionWe also dig into the real politics behind RMF—how programs push for ATO with Conditions, why clean ATOs are rare, and why continuous monitoring is where the real work happens.Dominique breaks down why the future of cyber compliance is shifting quickly:• Cloud migrations often require full ATO reauthorization• SBOMs and software supply chain oversight are becoming essential• GRC analysts must understand architecture, not just documentation• AI is amplifying top performers• DevSecOps pipelines are redefining compliance evidenceWhether you're transitioning into cybersecurity, already supporting government systems, or preparing for roles like ISSO, Validator, Assessor, or System Owner, this episode provides real-world insights you won’t hear in certification training.This conversation also includes a segment from RMF Academy, where Christopher shares how his own journey inspired him to teach the practical execution side of compliance.If you want to understand RMF categorization, selection, implementation, assessment, authorization, and continuous monitoring this episode is a must-watch.Watch now and take notes. GRC is changing fast.#RMF #Cybersecurity #GRC

Ver todos los episodios