FedRAMP 20x, GRC Engineering, and the Future of Compliance Automation with Eric Beasley

What happens when compliance, engineering, cloud operations, and auditing all converge? In this episode of Behind the Shield, Gary Daemer sits down with Eric Beasley, Director of Compliance and Engineering at Earthling Security, for an in-depth conversation on the evolution of FedRAMP, the emergence of GRC engineering, and why automation is becoming a foundational requirement for modern compliance programs. Drawing from nearly a decade of experience across FedRAMP, FISMA, auditing, engineering, and cloud operations, Eric shares practical lessons learned from helping Cloud Service Providers navigate authorization challenges while balancing security, compliance, and operational efficiency. The discussion explores how the FedRAMP ecosystem has evolved from manual evidence collection and screenshots to automation-driven approaches enabled by cloud-native services, particularly within AWS environments. Gary and Eric also dive into continuous monitoring, compliance telemetry, AI's role in security operations, and what the future may hold for FedRAMP 20x, cloud service providers, and government cybersecurity programs. What You'll Learn • Why manual screenshots became the standard in traditional FedRAMP assessments • How FedRAMP 20x is changing the way compliance evidence is collected and validated • What GRC engineering actually means and why it is becoming a critical discipline • How AWS-native services enable scalable compliance automation • The difference between collecting compliance data and proving security controls are actually working • Why continuous monitoring requires more than simply verifying that tools are running • The challenges of extending FedRAMP 20x concepts beyond SaaS into PaaS and IaaS environments • Where AI can help compliance teams—and where it can create new risks • Why the next generation of cybersecurity professionals still needs strong engineering fundamentals • How automation, cloud architecture, and security operations are converging to shape the future of compliance This episode is packed with real-world stories, practical insights, and honest opinions from two industry veterans who have spent years building, assessing, securing, and operating cloud environments in some of the most highly regulated sectors. Chapters: 0:10 - Introduction 0:35 - Eric's Background 1:32 - GRC Engineering and Automation 4:57 - Challenges and Efficiency 7:15 - Auditing and Compliance Themes 13:50 - Cloud Services and FedRAMP 22:09 - Data Center Transformation 32:16 - Future of Compliance and AI 48:49 - Training and Skills for the Future 54:14 - Personal Insights and Closing Guest Links: Linkedin:   / ericbeasley33w     / earthling-security   https://earthlingsecurity.com/ Learn more about InfusionPoints:   / infusionpoints   Gary Daemer:   / infusionpoints   Request a Demo: https://xbu40.com/ InfusionPoints & AWS: InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments. About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.