Get to Know FedRAMP's Program Manager of Security Operations
As part of our spotlight series on the members of the FedRAMP PMO team, we wanted to introduce John Hamilton, our FedRAMP Program Manager of Security Operations. We sat down with John to learn about his background, his day-to-day operations, his priorities and goals, and his interests outside of work.
FedRAMP PMO: What is your background?
Prior to GSA, I worked for several consulting firms as a trusted cybersecurity advisor for the Federal Government. I provided leadership, strategy, and information assurance expertise to multiple Federal Agencies to obtain, maintain, and enhance compliance with mandated IT policies. I gained extensive experience in improving program efficiencies and understanding system engineering design approaches. This prepared me to successfully lead initiatives relating to Public Key Infrastructure (PKI) and mobility for numerous Federal Agencies.
What does your day to day look like?
In a typical workday, I split my time between overseeing our Third Party Assessment Organization (3PAO) program and managing FedRAMP Agency Authorization reviews.
In overseeing FedRAMP’s 3PAO program, I monitor our 3PAOs' performance and strategize about how to enhance the program. I work closely with FedRAMP’s 3PAO accreditation body, the American Association for Laboratory Accreditation (A2LA), and 3PAOs to ensure the quality of 3PAO assessments. I also look for ways to continuously improve the way we assess new organizations and their personnel.
Another critical workstream under my purview is managing the agency authorization reviews that are submitted to the FedRAMP PMO. FedRAMP has seen substantial growth in agency authorizations in the past year. Now over 75% of FedRAMP Authorized cloud services are authorized through the agency authorization path.
What are your overarching goals and priorities for the Security Operations Lane?
In 2018, FedRAMP authorized more cloud services than any prior year. One of my primary goals this year is to ensure that Federal Agencies continue to have a competitive variety of secure cloud services to choose from. This means making sure vendors are able to effectively use our agency authorization process to achieve FedRAMP Authorizations in a timely manner.
Additionally, last year FedRAMP partnered with A2LA to introduce FedRAMP-specific 3PAO testing at the Baltimore Cyber Range, the first-ever industry standard for certifying assessment teams.
Where can we find you when you’re not working?
I’m an avid car enthusiast! Everything about cars and how they function sparks my curiosity. While most people would panic when their car’s check engine light flashes on, I see it as a fun weekend project. If I can’t figure out how to fix something, I can almost always find a helpful DIY YouTube video or blog feed with all the info I need to get the job done. I also really enjoy searching out unique coffee shops and spending quality time with my fiance reading travel magazines and planning new vacation destinations. If I don’t have anywhere to go over the weekend, my favorite thing to do is unplug from technology and shoot hoops at the park.