Government Cloud-Vetting Program’s Chief Cheerleader Sounds Off
Driving change in government is notoriously hard — but not impossible. GovernmentCIO Media sat down with those who made things happen to hear their stories on how they successfully drove change and transformation in a bureaucracy. One important takeaway: You don’t have to be in the C suite to make change happen; in fact, sometimes a senior position will be more of a straight jacket, stifling movement in right direction.
In November 2015, Matt Goodrich brought Ashley Mahan on board to stand up the Federal Risk and Authorization Management Program agency evangelist role. The position would entail helping agencies understand FedRAMP and use the program.
In the past years as the government cloud-vetting program’s chief cheerleader and tireless troubleshooter, Mahan put together educational programming for agencies and participated in hundreds of discussions and presentations with some of the government’s top cloud experts — all to help agencies navigate the authorization process.
“Identify quick wins to show success that feed into long-term organizational change.”
“Over the past two years, we have transformed the way we work on FedRAMP to align with our customers’ needs, and it’s been amazing having the opportunity to influence and shape these disruptive strategic initiatives while ensuring the voice of the customer is heard,” Mahan says.
Mahan and her team have spearheaded several initiatives, including:
- FedRAMP Accelerated, which re-imagines and “disrupts” the traditional authorization, cutting the FedRAMP Joint Authorization Board Provisional Authorization timeline from a staggering two years to just 14 weeks, in part by focusing on actual risk instead of documentation and checklists.
- FedRAMP Tailored, a further effort to trim the FedRAMP timeline and increase flexibility when it comes to relatively low-risk applications.
Getting buy-in hasn’t been easy, Mahan says, and she’s the first to acknowledge she’s sometimes had to have tough conversations with agencies and cloud service providers. But if an agency decides to work with FedRAMP, Mahan says she’ll do whatever she can do help them with their journey.
“I am not afraid to roll up my sleeves and be an extension of their team to show my commitment and motivation to protect federal information in a modernized and efficient technology environment,” Mahan says.
Her prior experience in the private sector has also proven advantageous as it’s helped Mahan bring new ideas when bolstering partnerships between FedRAMP and industry. But in driving long-lasting change, Mahan suggests just simply listening, first.
“Take the time to get a true understanding and feel for how the organization has been operating and identify quick wins to show progress/success that feed into long-term organizational change,” she says.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
White House Centralizes Cyber Oversight of Nat Sec Systems
A new memo directs agencies on modern cybersecurity architecture, continuous oversight and standardized reporting.
3m read -
HHS Identifies Three Priorities for Clinical AI Adoption
Officials outlined efforts for implementation support, coordination and evaluation standards with new AI regulatory proposals expected soon.
5m read -
TMF's Rapid Funding Model Helps Agencies Escape Budget Gridlock
With compressed timelines and an 80% project success rate, the TMF helps agencies modernize systems before risks and vulnerabilities escalate.
9m watch -
DOT Pushes Toward Passwordless Future as Zero-Trust Matures
Enterprise Security Architect Austin Clark says zero-trust adoption is accelerating as users embrace faster, more secure authentication experiences.
10m watch
