FedRAMP in 5 - Staffing and Training
FedRAMP in 5
Where we talk all things FedRAMP, in about 5 minutes or less.
Todays Topic: Staffing and Training.
What is InfusionPoints doing about staffing?
InfusionPoints does not have an easy pick of IT, CyberSecurity, or Federal Compliance Engineers here in the foothills of the Appalachian Mountains in North Carolina. Which means we must build our staff.
Initially, InfusionPoints had established a Rural Sourcing Model where they looked for staff in rural America, mostly Northwestern NC. This allowed us to find and build skilled staff without the urban premium to deliver cost savings onto our customers, while not sacrificing any skills.
This allows InfusionPoints to have skilled employees at a lower price.
How has COVID 19 impacted InfusionPoints' rural sourcing model?
It really made us look everywhere. We converted to a remote/rural sourcing model where now have staff across the US. But, we are still looking for at least one of three of the skill sets: IT, Cybersecurity, or Compliance
What is InfusionPoints looking for in new hires?
We look for a builder mindset. Someone who is scrappy, has a never say die attitude; with a lust for learning and the ability to work in high stress, controlled chaos environments. They must be a problem solver. They must be interested in CyberSecurity, Cloud, and Federal Compliance.
What is InfusionPoints doing to improve these skill sets?
We developed some pretty awesome training programs to help our staff grow.
Can you talk more about how the training programs lead to Career path?
InfusionPoints has several key career paths,
- FedRAMP Advisor
- Cloud Technology
- Cloud and Security Operations
We also have focused training programs for variety of security compliance standards:
- DFARS
- CMMC
- FedRAMP
We leverage AWS Resources, corporate online training programs and corporate labs built into AWS. We are heavily invested in AWS, so we have our staff focuses on gaining AWS Cloud knowledge by obtaining AWS Certifications and Accreditations.
How does that process work?
We start with AWS accreditations, move onto AWS Cloud Practitioner, and AWS Solutions Architect certification.
For our cloud and security operations staff we have them obtain AWS Security and networking Specialties and have them work towards the DevOps professional certifications.
We leverage AWS training labs and online training videos to gain the skills required. We combined the labs with a multitude of real-world use cases that we have developed. Our team can give the best advice and solution recommendations to our customers. Our goal is to set our employees on a solid career path.
Can you talk more about our Career paths?
For our FedRAMP Advisory Team We leverage our internal FedRAMP training program. We help our staff get a solid understanding of FedRAMP by teaching our staff how to:
- Manage FedRAMP Projects
- Perform Gap Assessments
- Deliver Security Control Workshops
- Run Technical Assessment Tools
- Develop FedRAMP Documentation Package
- Acquire Accredited FedRAMP 3PAO Status
So what are we doing with that?
We provide training for our FedRAMP assessment processes and you know we have to remain independent so our Advisory and our Assessment team are siloed.
What about the Cloud Technology career path?
Our team focuses on how we deliver the AWS well-architected framework to meet FedRAMP requirements.
- With a Hard Focus on Security
- Developing Compliance Automation
- And In-Boundary Tools
And what about Cloud and Security Operations?
We leverage the NIST/NICE Framework and our FedRAMP Continuous monitoring methodology to include AWS Services such as:
- AWS Security Hub
- AWS Inspector
- AWS Config
to help find and remediate vulnerabilities
For Log management we combine CloudTrail, CloudWatch, Kinesis and S3& to make logs useful.
Give an example of a Real-world use case.
We developed several Incident Response use cases for our multi-account FedRAMP compliant environment. The staff learn how to interpret logs to detect an intrusion and then to isolate, contain and eradicate the threat. We leverage AWS services and tools such as CloudWatch, CloudTrail, GuardDuty, flow logs, WAF, and Our SEIM tool to correlate the logs.
At the end of the day for this use case we want our staff to be able to respond to any incident that occurs in our AWS environments. We have developed a multitude of use cases for our staff to run through and learn from. Overall, this is a very solid program to share the knowledge with all our staff.
Does InfusionPoints offer Apprenticeship and Internship Programs?
Sure, we’re involved in a few different types. We are a founding member of the Wilkes County Apprenticeship Program. It is a state wide program that any high school student planning to attend community college can apply for. This allows them to attend for free while getting their hands dirty with on-the-job training.
We are a supporter of the Golden Leaf program that offers scholarships and on the job training for first-generation college students.
We also work closely with the local colleges to drive those career path through specialized internships.
We are investing heavily in training, apprenticeships and internships. The future workforce will look much different, so we are preparing our staff for the future today.
Bottom line, we need to enable our workforce to deliver the best possible solutions to our customer and we have developed an intentional program to develop our staff.