Justin Merhoff on FedRAMP 20x, Secure AI, Trust Centers, and Modern Cybersecurity

Описание: In this episode of The Paramify Podcast, Kenny sits down with Justin Merhoff to talk about what makes security actually work: usability, speed, adaptability, and real-world adoption.

Justin shares lessons from nearly three decades in cybersecurity, from his time in the U.S. Army to leading security and compliance programs in the private sector. The conversation covers FedRAMP 20x, trust centers, secure AI, accessibility in cybersecurity, and why security should support the business instead of slowing it down.

They also get into the real burden of FedRAMP and CMMC documentation, why better tooling can reduce burnout for lean security teams, and why “usable security” is often the difference between a control that works in practice and one that only looks good on paper.

Note: At the time this episode was recorded, Justin was with Rhymetec. He is now Director of Compliance at DTEX.ai.

Links:
Justin Merhoff on LinkedIn:   / justinmerhoff  
Kenny Scott on LinkedIn:   / kenny-g-scott  
DTEX.ai: https://www.dtex.ai/
Paramify: https://www.paramify.com/

In this episode, you’ll hear:
Why usable security is better security
How secure AI can help small teams move faster
Why trust centers are becoming more important
How accessibility gaps can create real security risk
Why servant leadership matters in cybersecurity
Why FedRAMP 20x is shifting the focus back to risk

Chapters:
0:00 Secure AI, lean teams, and why the right tools matter
1:12 Intro to Justin Merhoff
2:08 How Justin got started in cybersecurity
8:31 Army stories, leadership, and early security lessons
16:06 Moving from the military into corporate security
19:17 Why security should enable the business
20:45 The future of trust centers
25:20 Secure AI, small teams, and reducing compliance burnout
29:32 Why FedRAMP 20x is a needed change
36:31 Cyber leadership, adaptability, and how people break into security
44:13 Why accessibility is a cybersecurity issue
51:18 What Justin was doing at the time and how Rhymetec helps clients
54:35 Outro

This episode is a great listen for anyone working in FedRAMP, CMMC, GRC, compliance, security leadership, or third-party trust.