Who We Are
Landers and Company is a small technology, management, and strategy consultancy with the primary focus of providing strategic guidance and tactical implementation support for information security and continuous monitoring programs for Cloud Service Providers (CSPs), Commercial Vendors, and the Federal Government.
Headquartered in Maryland with team members throughout the continental US, Landers and Company was founded by Ben Landers in 2011. Ben was one of the few practitioners working with federal government agencies in the early days after the inception of FISMA. With the inception of the FedRAMP program, Ben began partnering with industry leaders to innovate and scale the dynamic requirements of cloud security.
Since 2011, Landers and Company has expanded to include team members with experience as system architects within federal agencies, cloud security experts who have consulted with federal agencies, and 3PAO assessors, including multiple U.S. military veterans, and experts from several Fortune 500 companies.
Our Purpose
We love the nuanced details, the interconnected complexity, and the private-to-public partnership opportunities that come with working in the cloud security compliance space with commercial vendors and the federal government.
We’ve been doing this work since the early days of cloud computing, FISMA, and cybersecurity – which means we have the experience and relationships in this industry needed to help you achieve your goals.
We are confident in our ability to add value to your project – so confident we welcome you to contact us to request a free consultation!
Customer Testimonials
"Landers and Company has been instrumental in the success of our FedRAMP program. We engaged them midway through our authorization process due to early documentation challenges. They reviewed and applied their expertise to improve our FedRAMP package documentation ultimately helping us achieve our FedRAMP Moderate JAB ATO. Early in our engagement we quickly came to appreciate that they offered much more than documentation support. Their deep experience coupled with their ability to understand our system led us to re-engage them to advise on significant changes, architecture improvements, and to assist us with navigating our authorization with the FedRAMP JAB, PMO, and our 3PAO. We are excited to be working with them yet again as we continue on our path to FedRAMP High.”
- Geoff Kershner, former Chief Security Officer, Medallia
What to Expect
When you work with Landers and Company, you’re working with seasoned experts who have helped hundreds of Cloud Service Providers (CSPs) through a range of cloud security authorization and compliance processes in order to do business with federal, state, and local governments. We’ve been through each step of this process before – sometimes as assessors, architects, or CSPs.
Once we determine your needs and the scope of our work together, we will have the same experts you met during the initial consultation and scoping conversations then lead and support your project.
You will benefit from our proven, streamlined questionnaires, which allow us to gather key information for your team to help us with documentation development. We’ve been through many, many rounds of authorizations, assessments, continuous monitoring, and significant changes; our approach is based on our experience. We know what information to collect, and we have updated documentation templates that allow us to create the majority of the documentation needed for your Cloud Service Offering (CSO).
Our goal is to provide fully compliant authorization packages with minimal impact to our clients’ internal teams.
If you’re not sure where to start, we can also help you determine where you currently stand in relation to the controls required for your CSO and what level of effort will be necessary to achieve compliance – and we can help you establish a roadmap to meet your goals. Contact us to request a free consultation to get the process started.
Certifications
Certifications held by members of our team include:
- CIPP/E
- CS+
- CISSP
- CIPM
- CIPP/US
- CIPT
- GSNA
- AWS CP
- CGRC
- CCSP
- MCP
- S+CE
- CISM