GovRAMP is a nonprofit organization that, among other things, offers vendors risk management assessments for state and local government. Pittman-Leeper’s hire comes this month as the organization continues to expand, having added North Carolina to the states it works with, a list that now includes more than half the country.
Pittman-Leeper is a veteran of Arizona IT and most recently served there as enterprise cybersecurity program manager from 2018 through 2021, before jumping to the private sector. She said that because she has walked in the shoes of public-sector cyber leaders, she can better translate public-sector needs to cloud providers working through certification.
“I’ve had a unique role. Arizona was one of the states that helped bring [the organization] into being. I was at the state when that was happening, so I’ve seen it from that perspective,” she said. “When I went into private sector, I helped the company I was with onboard and understand the value of GovRAMP.”
The nonprofit was founded in 2020 as StateRAMP and began providing cloud vendors with risk management assessments in August 2021. Five years later, more than half of U.S. states now participate, along with local governments and higher education institutions, among others.
As an intermediary for cloud vendors and public-sector partners, Pittman-Leeper said the organization aims to reduce duplication and better align certification processes. Stakeholders approach certification in different ways, but duplicative processes and practices can cause “starts and stops.” Vendors and clients often respond to separate requests from procurement, security, legal and other personnel that touch technology purchases.
Less duplication means moving faster, she said. A streamlined process that allows everyone to use the same information — from the vendor, from the state — will be more efficient for everyone. With clarity and consistency, she said, “the sky’s the limit.”
