Press Release

Coalfire #1 Leader in FedRAMP®, Compliance, Cloud Pen Testing in 2022

February 14, 2023

Cybersecurity Pioneer Extends Industry Leadership; Maintains Top-Workplace Recognition for Three Years Running

WESTMINSTER, CO – February 14, 2023 – Coalfire today announced another successful year extending its leadership in the cybersecurity industry. The 21-year veteran increased its cloud managed services (CMS) business by more than 300%, gaining market share in the industry’s key growth areas of compliance, cloud penetration testing, and FedRAMP advisory and authorization.

“Despite last year’s economic headwinds, Coalfire streamlined and scaled security programs for our more than 6,000 customers, including the world’s leading financial services, healthcare, and retail enterprises, that use our proprietary platforms,” said Coalfire CEO Tom McAndrew. “We are proud to deliver market-leading, platform-enabled cybersecurity services to the top five cloud providers and nine of the top 10 SaaS providers. This could only be possible with the talented group of experts we have at Coalfire.”

Number One in FedRAMP

Coalfire extended its #1 position in FedRAMP advisory and managed services, enabling clients to achieve FedRAMP authorization up to 80% faster with 40%+ savings in operational expenses. Engaged with 70% of all FedRAMP ATOs (Authority to Operate) nationwide, the company continued its track record of getting 100% of its FedRAMP builds approved and operational.

With the recent passage of the FedRAMP Authorization Act, CEO McAndrew offered guidance in a recent blog post for cloud service providers (CSPs), government agencies, and commercial businesses on how to interpret the landmark legislation that ushers in a new era of cyber maturity and a new paradigm for public and private sector partners. “The FedRAMP Authorization Act will stimulate innovation and drive government agencies to seek ‘cloud-first’ technology solutions, making for a safer, more security-conscious country,” said McAndrew. “Moving forward, commercial cloud and software providers will have easier access to multiple agencies across the Federal Marketplace.”

Compliance Transformation

Coalfire’s Compliance Essentials (CE) platform-enabled solution “has transformed the way compliance is done,” said McAndrew.

CE was introduced in 2022 and has recently been optimized for automated evidence collection. From PCI and HITRUST to ISO and CMMC, the CE solution helps companies tackle compliance within multi-framework environments and respond faster to go-to-market pressures. CE now pulls evidence automatically from 35+ plug-ins spanning all cloud service providers, including AWS, Azure, and Google Cloud, and maps with more than 40 regulatory frameworks. With these new capabilities, customers are already realizing as much as a 50% reduction in resource and cost burdens for evidence collection and a 40% reduction in overall internal compliance costs.

Pen Testing Powerhouse

Coalfire continued to execute its vision to bring a programmatic approach to building modern and scalable pen testing programs while maintaining its standing in the industry, conducting over 1,000 engagements annually.

The company expanded its position as the #1 cloud pen testing provider by achieving record growth of 30% collectively across the major cloud service providers. Coalfire continues to leverage its position in FedRAMP and PCI to lead the industry in compliance-based pen testing experience and insights, and meet specific pen testing requirements now mandated by the respective compliance organizations.

As Coalfire pen testers interfaced with DevSecOps teams, the demand for the company’s application security champions offering skyrocketed, witnessing significant growth. The team supported enterprise organizations to “shift left” in finding vulnerabilities earlier in the software development lifecycle (SDLC) via threat modeling and operationalizing remediation programs through Coalfire’s ThreadFix application security platform, driving a meaningful reduction in internal development costs.

Coalfire internally released a new automated reporting capability within its own offensive security platform, Neuralys, saving its pen testing team up to 15% of reporting time, giving them time back to spend on value-based testing for clients.

Building Team and Workplace Recognition

Coalfire added hundreds of new employees over the last two years, representing the strongest team in the industry dedicated exclusively to cyber and collectively holding nearly 1,000 industry licenses and certifications.

“Coalfire continues to invest in the skills, competencies, and diversity of our team,” said CHRO Leslie Jones. “As a result of our supportive and inclusive programs, employee resource groups, and community partnerships, Coalfire has earned Top Workplace USA recognition for three years running.”

In 2022 alone, Coalfire received 11 separate honors showcasing employees, culture, and performance, including:

  • Four Women’s World winners in categories tied to mentorship, DE&I, and women’s advocacy.
  • The Secretary of Defense Employer Support Freedom Award, the highest recognition given by the U.S. government to employers for outstanding support of National Guard and Reserve employees – veterans make up 10% of the Coalfire workforce, more than double the average enterprise.
  • The Globee CEO of the Year Award in the Cybersecurity Products and Services category.

“Security matured in 2022, where corporate executives, stakeholders, and customers now expect security leaders to both protect assets and build customer trust,” said McAndrew. “Working with the world’s leading CISOs, cyber teams, and cloud providers, we’re accelerating our clients’ big-picture business goals in 2023 through security and compliance transformation and turning “Fear, Uncertainty, and Doubt” into Return on Security Investment (ROSI).”

About Coalfire

The world’s leading organizations – including the top five cloud service providers and leaders in financial services, healthcare, and retail – trust Coalfire to elevate their cyber programs and secure the future of their business. Number one in compliance, FedRAMP®, and cloud penetration testing, Coalfire is the world’s largest firm dedicated to cybersecurity, providing unparalleled technology-enabled professional and managed services. To learn more, visit


For media inquiries:
Mike Gallo
(212) 239-8594