Pragma · seed pitch · 2026

The spec
that ships.

Documentation engineering for the FedRAMP-grade SaaS that has to ship in 2026. Senior engineers, not writers, on the keyboard. OSCAL-native. Public methodology.

The problem

The Head of Federal at a $40M ARR SaaS spends Q3 in FedRAMP delivery hell.

“We rewrite the SSP narrative the night before the 3PAO call. Every. Single. Cycle.”

01

Documentation as afterthought

Generalist writers produce SSPs that don't survive 3PAO. The 387-page Word document does not match the production codebase. The diff is unknowable because there is no diff tool.

02

OSCAL adoption is a wave nobody is surfing

Federal agencies are starting to require OSCAL-format SSPs in procurement. Most vendors still ship Word documents. Most 3PAOs still convert by hand.

03

FedRAMP cycles compress, doc surface explodes

Annual ATO + ConMon doubles the documentation load. Two senior engineers pulled off the roadmap to write FedRAMP narratives full-time for six months.

Why now

The rules of the game changed. The market has not adapted.

FedRAMP 20x cycle compression

FedRAMP PMO mandate cuts authorization timelines. Multi-year ATO is over. Vendors who can't ship documentation on the new cadence lose deals.

source · FedRAMP PMO

NIST 800-53 r5 → r6 transition

Every authorized SaaS must re-baseline existing narratives. The first vendor to automate this transition gets a structural advantage.

source · NIST

OSCAL adoption mandate

Federal agencies are beginning to require OSCAL-format SSPs in procurement. Word-document SSPs are deprecated artifacts.

source · OSCAL working group

12-24 month window before incumbents ship a competing OSCAL-native authoring stack. Pragma exists to occupy that window.

Market

TAM · SAM · SOM. Order-of-magnitude. Honest.

TAMSAMSOM$42MARR · year 3

TAM

$4.2B

All US-domiciled SaaS vendors with active or planned federal go-to-market — ~8,400 firms × ~$500K average documentation-engineering spend.

estimated from FedRAMP Marketplace data + Cloud Security Alliance vendor census.

SAM

$850M

SaaS vendors $20-100M ARR, 40+ engineers, In Process or planning FedRAMP within 12 months. ~1,700 firms.

ICP qualifying filter applied to TAM denominator.

SOM (year 3)

$42M

5% of SAM. 84 customers across SSP Sprint × 50, ATO Acceleration × 20, Continuous ConMon × 14 at $20K/mo retainer.

blended SKU mix; founder-led + leaderboard funnel + 3PAO refs.

TBD: confirm hard TAM/SAM figures with founder-approved sourcing spreadsheet before the first investor meeting.

The product

Two halves of the same stack. Pragma writes. Specshift scores.

Pragma services

  • SSP Sprint

    ~$100K · 6-8 weeks. Convert a Word-document SSP to OSCAL-native, diff-able, CI-tested.

  • ATO Acceleration

    $300-500K · Milestone-based. End-to-end SSP rebuild + 3PAO coordination.

  • Continuous ConMon

    $20K/mo · Retainer. Continuous monitoring of control narratives against production code.

Specshift OSS

MIT-licensed evaluator. Runs in CI, prints a score: A through F. Public leaderboard. Public methodology. Anyone can re-run any score.

  • retrievaldoes the right page come back for a query?
  • agentcan an LLM agent complete a task using only the docs?
  • structureis the markup correct?
  • driftdoes the doc match the code?

Pragma writes; Specshift scores; Specshift Cloud productizes.

Why we win

Pick the one that matters most to you.

Click a wedge to surface the proof point. We log the click in localStorage to see which differentiator lands hardest with investors.

First click — be the first to weigh in.

Competitive landscape

Alternatives, not competitors. April Dunford framing.

tooling-onlyservices-ledengineer-staffedwriter-staffedPragmaDevDocsBig-4 federalIn-house TWBoutique 3PAOGeneralist consultancies

Pragma is the obvious choice when the buyer recognizes (a) the problem is engineering and (b) docs need to be machine-readable. Pre-anchor we lose to DevDocs on logo proof; that’s precisely why anchor-customer strategy is dated to month 4.

The ask · interactive

Move the slider. The deck moves with it.

Seed ask

$5.0MM

Target — the right ask

Speed-to-anchor + cyber-liability tier-up + Specshift Cloud beta.

$3MM
floor
$5MM
target
$20MM
cap

Team

  • Founders2
  • IC engineers3
  • Sales / marketing1
  • Ops0
  • Total headcount6

Speed

  • Anchor 1 SOW signedmonth 3
  • Specshift OSS publicmonth 4
  • Anchor 2 SOW signedmonth 8
  • ConMon pipeline openmonth 12
  • Runway36 months

Risk profile

  • De-riskedspeed-to-anchor + cyber-liability tier-up
  • Bet remaininganchor close + leaderboard funnel

Use of funds

Total · $5.0MM
Engineering$2.5MM
Go-to-market$1.0MM
Cyber-liability + counsel$0.5MM
Runway buffer$0.5MM
Specshift OSS$0.4MM
Contingency$0.1MM

Milestones · 12 / 24 months

  1. M03Anchor SOW signed
  2. M04Specshift OSS public release
  3. M08Anchor 2 SOW signed
  4. M12ConMon retainer pipeline open
  5. M18$2.5MM ARR run-rate

SWOT

Honest. Don’t sandbag. Don’t oversell.

Strengths

  • ·Two-founder credibility — engineering + GRC complementary stacks
  • ·Engineer-staffed defensibility (not generalist consultants)
  • ·Public methodology defensibility (Specshift OSS)
  • ·OSCAL-native technical lead — diff-able, CI-tested SSPs
  • ·No boutique competitor in services-led federal docs today

Weaknesses

  • ·Founder-led concentration risk — bus-factor 2
  • ·No anchor customer yet — pre-revenue is the honest state
  • ·Services revenue scales linearly with senior-engineer headcount
  • ·Brand-new entrant — no logo proof to anchor outbound conversations
  • ·Pragma is SOC 2 Aligned only at org level (not FedRAMP authorized)

Opportunities

  • ·FedRAMP authorization volume up year-over-year (PMO 20x)
  • ·CMMC 2.0 enforcement starting (backup wedge waiting)
  • ·StateRAMP momentum (backup wedge waiting)
  • ·OSCAL standardization wave (procurement mandate emerging)
  • ·Big-4 competitors slow to ship OSCAL-native authoring stack

Threats

  • ·Big-4 brand safety wins risk-averse buyers pre-anchor
  • ·HSM vendors / 3PAOs could pivot adjacent into the doc-engineering lane
  • ·FedRAMP cycle compression cuts both ways — good for urgency, bad for our window
  • ·OSCAL standard is still moving; methodology re-baselining required

Founders

Engineering + GRC. Two founders. Complementary stacks.

Ryan Wentzel

Founder · CEO

Engineering background. Fractional CAIO experience across regulated SaaS, AI governance, and federal-grade data platforms. Ships code and writes the deep-dive content. Runs founder-led sales until founding Account Executive #1 hires.

ryanwentzel.me

Nicole Ramsey

Co-founder · GRC + Regulatory

GRC and regulatory background. Compliance program design across SaaS in regulated verticals. Owns the 3PAO partnership formalization track and the methodology limitations.md governance per Specshift OSS release.

TBD: confirm bio specifics with Nicole before first investor meeting.

nicoleramsey.me

Why we’re the team

Engineering plus GRC, full-stack across the wedge. The founder writes the OSCAL. The co-founder owns the 3PAO conversation, the compliance posture, and the limitations governance. Named advisors: a former federal CISO, a former 3PAO assessor, and an ex-Big-4 FedRAMP partner (in conversations). The federal credibility comes from the advisor stack and the published methodology — not from Beltway access. Pragma’s edge is engineering. The advisors are the door-openers; the founders are the deliverers.

The ask

$5MM seed.
18 months of runway. First anchor in 90 days. Specshift OSS shipped by month 4. ConMon retainer pipeline by month 12.
We can do it with $3MM (slower) or absorb $20MM (different motion entirely), but $5MM is what fits the wedge.

Let’s talk.

Investor introductions welcome. Fastest way to reach the founders is an email with one line about your fund focus and the call slot that works for you.