Why did your organization become a StateRAMP member?
Our decision to join StateRAMP was a natural extension of our commitment to cybersecurity excellence. Already active in FedRAMP, we saw StateRAMP as an opportunity to expand our impact, particularly as we pivot to a 3PAO model focusing solely on advisory services. Our diverse client base ranges from Fortune 50 companies to small startups, making our StateRAMP membership a strategic move for us. Additionally, our ethos of community contribution aligns well with StateRAMP, offering us avenues for involvement in Leadership councils, committees, and educational webinars.
What advice do you have for other providers progressing through the StateRAMP process?
Our top advice for providers embarking on the StateRAMP journey is to carefully evaluate your target customer base. We’ve found that the best route—whether pursuing StateRAMP first or FedRAMP—varies depending on your strategic goals and customer needs. In some cases, it’s more cost-effective to gain FedRAMP authorization first and then fast-track to StateRAMP. In other instances, the opposite holds true. Regardless of the path you choose, it’s crucial to weigh the pros and cons of each approach to ensure you’re making the most informed and advantageous decision for your organization.
How do you stay up to date with the evolving cybersecurity landscape?
To stay current in the fast-paced world of cybersecurity, we believe in transforming security news into actionable intelligence. When a cyberattack makes headlines, we delve deep into the specifics—analyzing the threat actors, victim’s infrastructure, infiltration methods, and more—by consulting specialized cybersecurity sources like Krebs on Security or CISCO Talos Intelligence.
Additionally, we focus on the methodology behind attacks, often aligning them with frameworks like MITRE ATT&CK. This allows us to preemptively understand potential vulnerabilities and threat vectors, enhancing our defense strategy. We also stay engaged with the community by participating in industry events and listening to cybersecurity podcasts.
Moreover, teamwork is crucial. We acknowledge the varying strengths within our team and rely on each member’s expertise for a holistic cybersecurity approach. This enables us to quickly adapt and respond to evolving threats.
The key takeaway is to stay curious, continue learning, and be prepared to adapt your security measures based on real-world intelligence.
How has StateRAMP benefited your organization so far?
The most significant benefit of our StateRAMP membership has been the exceptional support from the StateRAMP PMO team. Unlike other Program Management Offices where responses can be generic, the StateRAMP team engages in nuanced discussions and provides precise guidance. This collaborative approach has directly impacted the quality of service we offer our clients, ultimately benefiting us as well. When our customers win, we know we’re on the right path.
How can other members or organizations collaborate with your company on cybersecurity projects?
Our doors are always open to collaboration. Specializing in advisory services, we offer engineering, implementation, consultation, and ATO acceleration through our latest offering, bladeRAMP. Whether you’re navigating the StateRAMP process or other cybersecurity initiatives, we’re here to guide you. Beyond project-specific collaborations, we’re also open to partnering on conferences, webinars, and whitepapers. If you have questions or are curious about our work, reach out to us at info@bladestack.io. We pride ourselves on hyper-communication, customer retention, and rapid responsiveness.
Is there anything else you would like to share with the StateRAMP community or the broader cybersecurity community?
Our philosophy at bladestack.io is simple yet powerful—stay curious and be kind. We encourage everyone to get involved, expand their knowledge base, and step out of their comfort zones, as that’s the breeding ground for growth and innovation. We believe that a fulfilling life, both personally and professionally, comes from a willingness to learn, understand, and experience. Let’s carry this mindset into every interaction, project, and challenge we face in the cybersecurity landscape.
About bladestack.io
bladestack.io brings cloud expertise, technology and innovative approaches which empower your organization to capitalize on the promise of digital transformation. There isn’t an engineering or development team anywhere on earth that gets excited about an outside compliance team telling them how to build. Neither do we. Instead, our cyber-samurai’s embed with your engineering and development teams. We understand why they work the way they do. And we help them appreciate the technical security reasons that underpin the more stringent compliance requirements. Eventually, even the most compliance-weary technical teams quickly learn to trust and respect our guidance as, working together, we chart a course towards a compliant, secure cyber-future.