In Committee Corner, we spotlight the dedicated individuals driving StateRAMP’s mission. This month, we’re featuring Josh Kadrmas, a Cyber Risk Analyst Team Lead for North Dakota Information Technology (NDIT) and a member of the StateRAMP Approvals Committee. With over 18 years of experience in the State of North Dakota, including roles as an Information Security Officer and now leading NDIT’s cyber risk management team, Josh brings a wealth of knowledge and expertise to the table. His work ensures that service providers meet stringent security and privacy controls, bolstering the integrity of the StateRAMP authorization process. In this interview, Josh shares what motivated him to join the Approvals Committee, the rewarding moments he’s experienced, and his passion for advancing cybersecurity in the public sector.
____________________________________________________________________________________________________________________
How long have you been involved with StateRAMP?
I have been a committee member for over a year and our state has been associated with StateRAMP for nearly two years.
Please provide a quote about your experience so far as a committee member.
As an Approvals committee member, the journey has been enlightening to experience the great responsibility we have to properly vet security and privacy controls before a service provider is granted authorization. I’m thrilled to see all of us working together to bolster our nation’s cyber defenses – after all, cybersecurity is a shared responsibility!
What motivated you to join your respective committee?
I was curious to see first-hand the process of approving service providers and knowing our committee’s work and review is the last stop in the process for the service organization before they are approved.
What has been the most memorable or rewarding moment you have experienced working with the committee so far?
It’s rewarding to know the service providers we approve are making technological advances for so many people and doing so in a secure way with privacy principles embedded within their products. For any providers we haven’t approved, they have been mostly minor items that needed clarification with quick remediation, which is a testament they are more than a service provider: they are a partner that government entities can trust to ensure data security and availability is paramount.