Send us a text

Description:
In this episode of the Reckless Compliance podcast, Max is joined by the CTO of Valid Eval, who shares the journey of achieving FedRAMP Ready status and securing an IATO from NASA. From early career work on advanced defense systems to building a SaaS platform that streamlines proposal evaluation for government agencies, this episode dives deep into the realities of navigating federal compliance. The conversation highlights strategic investments in Kubernetes and open-source frameworks, lessons learned from choosing the right FedRAMP path, and why owning your own ATO can be a game-changer for growth in the federal space. You'll also hear insights into how and why Valid Eval chose Ignyte as their audit partner.

Discussion Topics:

• Career path from defense systems to SaaS for government proposal evaluation
• What the platform does and how it enables structured, auditable group decision-making
• Why FedRAMP became a growth imperative and how readiness was achieved
• Technical architecture decisions: Kubernetes, Big Bang, and open-source frameworks
• Open-source vs. proprietary compliance platforms — key trade-offs for small companies
• Step-by-step strategy: from raw architecture to IATO and beyond
• Selecting an auditor: what mattered most and how the decision supported speed and success
• Why owning your own ATO unlocks long-term flexibility and risk mitigation

Max Aulakh Bio:
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Connect with Max:
LinkedIn: Max Aulakh
Website: Ignyte Assurance Platform

Connect with the Guest:
LinkedIn: Jacob Ablowitz

Send us a text

In this episode of the Reckless Compliance podcast, Max is joined by Jack Rumsey, Head of GRC at Swimlane. Jack shares his journey of navigating the world of compliance as Swimlane grows its presence in the federal market. The discussion covers Swimlane’s move toward CMMC Level 1, the challenges of balancing federal compliance with commercial certifications like SOC 2 and ISO, and the complexities of managing government systems. Jack also explains Swimlane’s experience with GRC, strategies for scoping compliance efforts, and how their automation tools help drive compliance.

Discussion Topics:

• The role of Swimlane in security automation and compliance
• The process of navigating CMMC Level 1 and self-attestation
• The intersection of commercial compliance standards (SOC 2, ISO) and federal requirements (CMMC, FedRAMP)
• Managing expectations and aligning compliance efforts with business value
• Strategies for reducing the scope of assessments and managing government contracts
• The importance of technical and security controls in federal compliance

Max Aulakh Bio:

Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Connect with Max:

• LinkedIn: Max Aulakh
• Website: Ignyte Assurance Platform

Connect with Jack:

LinkedIn: Jack Rumsay

Send us a text

Welcome to this episode of the Reckless Compliance podcast, brought to you by Ignyte, where we share our expertise on cyber risk and help you navigate the complexities of federal compliance. I am your host, Max Aulakh.

Our guest today is Aaron Bray, co-founder of Phylum, a company specializing in securing software supply chains.

We discuss:

• What is an SBOM? Understanding the Software Bill of Materials and its role in risk management
• Open-source security risks: How third-party libraries expose organizations to vulnerabilities
• Executive Orders & Compliance: The evolving enforcement of SBOMs in federal regulations
• Automation & AI in SBOM Management: How organizations can use automation to stay compliant and secure
• Challenges of Software Supply Chains: Managing risks with thousands of dependencies and contributors

Max Aulakh Bio:

Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Max Aulakh on LinkedIn

Ignyte Assurance Platform Website

Welcome to this episode of the Reckless Compliance podcast, brought to you by Ignyte, where we explore cyber risk and compliance in the defense sector. I am your host, Max Aulakh. Today’s guest is Rose, an NSA liaison specializing in cybersecurity collaboration.

Topics we discuss:

• The NSA’s cybersecurity mission and its role in protecting the defense industrial base (DIB)
• NSA’s free cybersecurity services for small businesses, including threat intelligence collaboration, attack surface management, protective DNS, and continuous autonomous penetration testing
• How these services align with CMMC requirements and help small businesses improve their cybersecurity posture
• The importance of public-private partnerships in strengthening national cybersecurity

Tune in to hear Rose’s expert insights and find out how your business can benefit from these free NSA cybersecurity initiatives.

Max Aulakh Bio:

Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Connect with Max Aulakh on LinkedIn
Connect with Rose on Linkedin

Ignyte Assurance Platform Website

Long Description:

In this episode, Max is joined by Matt King, Chief Security and Data Officer at Belcan. Matt shares his story of transitioning from Anthem to Belcan, where he has been instrumental in building a security program to meet the stringent requirements of federal compliance. The conversation dives into the DIBCAC assessment process, the challenges of implementing NIST 800-171 controls, the importance of limiting scope, and strategies for pushing back on government requirements when appropriate.

Discussion Topics:

• The mission and operations of Belcan in the defense and aerospace sectors
• The DIBCAC assessment process and the importance of preparedness
• Challenges in complying with federal regulations like NIST 800-171 and CMMC
• The role of documentation and technical writing in successful compliance
• Strategies for managing and communicating with leadership during assessments
• Key takeaways from Matt's experience with government audits and assessments

Max Aulakh Bio:

Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Connect with Max:

• LinkedIn: Max Aulakh
• Website: Ignyte Assurance Platform

Connect with Matt:

• LinkedIn: Matt King

Max Aulakh and Michael Rasmussen, GRC analyst and CEO of GRC Report, discuss the recent FedRAMP Equivalency Memo released by the DoD in January 2024. They go into depth about the memo, what is involved, the requirements, as well as how this directly effects the CSP.

Topics we discuss:

• What is FedRAMP, and who is it for?
• How long has FedRAMP been around?
• Challenges with FedRAMP
• What is Equivalency, and why is it important?
• Is Equivalency a good or bad thing?
• What type of firms is the FedRAMP Equivalency Memo applicable to?

Max Aulakh Bio:

Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Max Aulakh on LinkedIn

Ignyte Assurance Platform Website

Resources:

FedRAMP Equivalency Memo

Max Aulakh and Uliya Sparks, an ISSM at SAF Mission Partners Environment, discuss the potential of AI in federal compliance. They explore ISSMs' challenges, including managing multiple systems and navigating complex policies like NIST and FedRAMP. Uliya highlights the slow adoption of AI due to concerns about data sensitivity and job displacement, stressing the need for human expertise in validating AI-generated responses.

Topics we discuss:

• Artificial Intelligence in context of Control Responses
• Tool limitations and how we as humans can address them
• Bringing awareness of our work to a younger generation

Max Aulakh Bio:

Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Max Aulakh on LinkedIn

Ignyte Assurance Platform Website

Send us a text

In this episode, Max discusses the fundamental concepts of Control Inheritance and System Reciprocity, highlighting their differences, applications, and importance in the realms of cybersecurity and organizational governance. This topic ties in closely with his recent LinkedIn post about the need for a credit system for security work being done within different parts of the DoD.

Topics Covered

• Control Inheritance:
  • Definition and significance in cybersecurity.
  • Examples of control inheritance, such as identity management systems.
  • Utilization of control catalogs, like NIST's 800-53, for formal control inheritance.
• System Reciprocity:
  • Explanation of reciprocity agreements between organizations.
  • Distinction between Authority to Connect (ATC) and Authority to Operate (ATO).
• Intersection of Inheritance and Reciprocity:
  • Clarification of the relationship between control inheritance and reciprocity processes.
  • Ensuring compliance with controls and agreements for establishing reciprocity.
  • Common misconceptions and reasons for conflating inheritance with reciprocity.

Resources

Control Inheritance Blog

RMF Process and Reciprocal Agreements

DISA Connection Approval Process for Authority to Connect

DISN Connect Process Guide

Max Aulakh Bio:

Max is the Managing DIrector of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Max Aulakh on LinkedIn

Ignyte Assurance Platform Website