Episode Player

n this episode of Behind the Shield, hosted by Mike Strohecker, the Cloud Operations team at InfusionPoints dives into the realities of vulnerability management in FedRAMP environments.

Mike is joined by Ryan Adcock and James Bolton from the Cloud Operations team, where they support customers operating in FedRAMP High and IL5 environments. Together, they break down what it really takes to maintain compliance through continuous monitoring and why strong vulnerability management practices are critical to keeping an authorization in place.

This conversation goes beyond high-level compliance talk and gets into the day-to-day execution. From running scans and managing vulnerabilities to maintaining accurate inventories and communicating with engineering teams, the group shares what actually happens behind the scenes to keep systems secure and compliant.

They also explore how vulnerability management is evolving. What used to be a monthly exercise is shifting into a continuous, always-on process. With the introduction of Vulnerability Detection and Response, organizations are expected to move faster, respond smarter, and understand their environments at a much deeper level.

If you are a Cloud Service Provider, security professional, or part of a team working toward or maintaining FedRAMP authorization, this episode provides practical insight into what works, what does not, and what is coming next.

Chapters:
0:00 Introduction and Guest Backgrounds
2:35 Vulnerability Management and Compliance
5:24 Continuous Monitoring and Best Practices
12:01 Understanding Customer Environments
17:34 VADR and Continuous Monitoring
23:03 Prevention and Security Improvements
27:15 Communication and Closing Remarks

What You’ll Learn

• What continuous monitoring requires in a FedRAMP environment and how it impacts your daily operations
• The different types of vulnerability scans including OS, database, container, and web application scans
• How Plans of Action and Milestones are used to track and report vulnerabilities
• Key remediation timelines and why meeting them is essential to maintaining authorization
• Why authenticated scans are necessary and where many organizations struggle
• Common challenges when scanning containers and web applications
• The importance of maintaining an accurate asset inventory and avoiding blind spots
• How communication between security and engineering teams improves remediation timelines
• What changes are coming with Vulnerability Detection and Response and continuous scanning expectations
• How automation and risk-based decision making are shaping the future of FedRAMP compliance

InfusionPoints Links:
Mike Strohecker, VP of Engineering and Operations: https://www.linkedin.com/in/michael-strohecker-238326172/
Ryan Adcock, Cloud Operations / Senior Consultant:
https://www.linkedin.com/in/ryanaadcock/
James Bolton,  Cloud Operations / Senior Consultant:
https://www.linkedin.com/in/james-bolton-cyber/
https://www.linkedin.com/company/infusionpoints/
https://www.InfusionPoints.com
https://infusionpoints.com/contact-us

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement.
Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.