❄️

5/1 FAB Community Call

This is the deck presented

Group Structure Updates

  • Volunteer-based leadership structure has been established with a tentative 6-month rotation though a more formal voting/rotation mechanism is TBD.
    • Julie Davila on knowledge management
    • Chris Hughes on community evangelism
    • Nathan Case on engagement work with government agencies and public speaking efforts
    • Sara Mazer as chair

New Resources

  • Primary community chat has been situated on Discord (the invite link is in the embedded PDF above)
  • The website is now live on fedab.org, which is autogenerated from the content in Notion
    • It’s public read-only with fed-ab leadership having write access

Notable Conversation Points

  • We will explore establishing a charity non-profit to make it easier to fund and solicit support from corporate sponsors.
  • The are some genuine legal concerns concerning any critical content we produce that name and shame specific 3PAOs etc. Tim Anderson will help solicit proper legal advice from his network.
  • Nathan Case is looking for potential speakers (on FedRAMP or otherwise) to present at a conference in Columbus, OH, centered around security and compliance with heavy attendance from financial and insurance institutions.
  • Julie might be able to get Brian Conrad to join in on a group call
  • We all seem to go to similar conferences, and we briefly touched on how we might be able to have an in-person group session. AWS Reinvent/enforce seems to be the most popular, but others could be possible.
  • Mike Gavin noted that FedRAMP seems to be where PCI DSS was around 2010 in terms of growing pains and that perhaps we could borrow some lessons from that world.
  • Everyone loathes HiTrust

Next Steps

  • Rob Brown will start putting out feelers in his government network to try and get someone to speak to the group as a guest (possibly USCIS’ CISO). Nathan Case will coordinate with Rob.
  • Julie will compile a set of interview questions to then use for various personas (starting with CSPs but then for govvies and 3PAOs as well)
  • Julie to create a draft of the top 5 pain points based on our very first call in order for the group to produce something. This will be our first public/promoted artifact
  • Julie to help with some marketing collateral (eg QR code, etc)