Government Cloud-Vetting Program’s Chief Cheerleader Sounds Off

Driving change in government is notoriously hard — but not impossible. GovernmentCIO Media sat down with those who made things happen to hear their stories on how they successfully drove change and transformation in a bureaucracy. One important takeaway: You don’t have to be in the C suite to make change happen; in fact, sometimes a senior position will be more of a straight jacket, stifling movement in right direction.

In November 2015, Matt Goodrich brought Ashley Mahan on board to stand up the Federal Risk and Authorization Management Program agency evangelist role. The position would entail helping agencies understand FedRAMP and use the program.

In the past years as the government cloud-vetting program’s chief cheerleader and tireless troubleshooter, Mahan put together educational programming for agencies and participated in hundreds of discussions and presentations with some of the government’s top cloud experts — all to help agencies navigate the authorization process.

“Identify quick wins to show success that feed into long-term organizational change.”

“Over the past two years, we have transformed the way we work on FedRAMP to align with our customers’ needs, and it’s been amazing having the opportunity to influence and shape these disruptive strategic initiatives while ensuring the voice of the customer is heard,” Mahan says.

Mahan and her team have spearheaded several initiatives, including:

• FedRAMP Accelerated, which re-imagines and “disrupts” the traditional authorization, cutting the FedRAMP Joint Authorization Board Provisional Authorization timeline from a staggering two years to just 14 weeks, in part by focusing on actual risk instead of documentation and checklists.
• FedRAMP Tailored, a further effort to trim the FedRAMP timeline and increase flexibility when it comes to relatively low-risk applications.

Getting buy-in hasn’t been easy, Mahan says, and she’s the first to acknowledge she’s sometimes had to have tough conversations with agencies and cloud service providers. But if an agency decides to work with FedRAMP, Mahan says she’ll do whatever she can do help them with their journey.

“I am not afraid to roll up my sleeves and be an extension of their team to show my commitment and motivation to protect federal information in a modernized and efficient technology environment,” Mahan says.

Her prior experience in the private sector has also proven advantageous as it’s helped Mahan bring new ideas when bolstering partnerships between FedRAMP and industry. But in driving long-lasting change, Mahan suggests just simply listening, first.

“Take the time to get a true understanding and feel for how the organization has been operating and identify quick wins to show progress/success that feed into long-term organizational change,” she says.