From Rev4 to FedRAMP 20x: Faster ATOs & AI — with Said Syed (Snyk)

Show Notes

Behind the Shield – Episode 2: 
In our first episode featuring a guest, hosts Jason Shropshire and Jason Redding sit down with a public-sector security leader, Said Syed, CISO Snyk for Government, to unpack the real story behind FedRAMP—from the messy early days and the shared-responsibility model, to today’s accelerated authorizations and the 20x roadmap. We cover hard-won lessons, how process (not just tech) slows teams down, what RC-12 means for vulnerability reality checks, and where AI, KSIs, and agency expectations are heading next.

What you’ll learn:

How early cloud providers navigated FedRAMP before inheritable controls were common

Why the process—and acceptance criteria—trips up most teams more than technology

The shift from Rev4 → Rev5 and how to plan upgrades without derailing product roadmaps

20x Phase 1 outcomes, the move to Moderate (Phase 2), and what faster ATOs mean for SaaS

RC-12, “reachable ≠ accessible,” and pushing back on non-applicable vulns with evidence

Practical ways to use opinionated architectures, automation, and live evidence collection

Sensible guardrails for AI features in regulated environments

Mentioned:

Snyk Government: security in modern DevSecOps pipelines

InfusionPoints XBU40 + Command Center + AuditShield: “audit-ready, always-on” compliance

FedRAMP Day at GSA and growing marketplace velocity


Subscribe for new episodes on FedRAMP 20x, ATO strategy, and real-world build/manage/defend tactics coming out every Tuesday.

Have a FedRAMP question? Drop it in the comments or reach out to InfusionPoints. 

#fedramp #fedramp20x #govcloud #ATO #GRC #cybersecurity #devsecops #snyk #infusionpoints

Links:
• Learn more about InfusionPoints: https://infusionpoints.com/
• Learn more about Snyk: https://snyk.io/
• Connect with us on LinkedIn: https://www.linkedin.com/company/infusionpoints