I find myself at a point where I'm encountering irreconcilable differences between my moral, ethical, and technical objections to the use of LLMs, and my employer's leadership's desire to force the use of LLMs into every aspect of day to day operations. As a result, I find myself #OpenToWork .

I have decades of experience in the #SysAdmin / #SRE / #DevOps / #CICD / #CloudComputing range of skills. Currently acting as a subject matter expert on #Kubernetes , #Terraform , and #Observability . Mostly supporting #GCP platforms these days, but I am comfortable pivoting to other #cloud platforms like #AWS or even #OnPrem . Can do #ProjectManagement and #TeamLeadership. Experienced in #DevSecOps and #FedRAMP processes.

I would strongly prefer to deal with no LLM tooling at all, but will settle for having to use it less than in the current environment.

Location: #Canada (remote), #WaterlooRegion (Ontario) (hybrid).

#FediHire #FediHired #GetFediHired

"For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security.

Such judgments would be damning for any company seeking to sell its wares to the U.S. government, but it should have been particularly devastating for Microsoft. The tech giant’s products had been at the heart of two major cybersecurity attacks against the U.S. in three years. In one, Russian hackers exploited a weakness to steal sensitive data from a number of federal agencies, including the National Nuclear Security Administration. In the other, Chinese hackers infiltrated the email accounts of a Cabinet member and other senior government officials.

The federal government could be further exposed if it couldn’t verify the cybersecurity of Microsoft’s Government Community Cloud High, a suite of cloud-based services intended to safeguard some of the nation’s most sensitive information.

Yet, in a highly unusual move that still reverberates across Washington, the Federal Risk and Authorization Management Program, or FedRAMP, authorized the product anyway, bestowing what amounts to the federal government’s cybersecurity seal of approval. FedRAMP’s ruling — which included a kind of “buyer beware” notice to any federal agency considering GCC High — helped Microsoft expand a government business empire worth billions of dollars."

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

#Microsoft #FedRAMP #USA #Trump #CyberSecurity #Cloud #CloudComputing

IT-Security-Leute der US-Regierung sollten die MS-Cloud auf Tauglichkeit für geheime Daten prüfen. Wertung:

"Pile of shit"
“lack of proper detailed security documentation”
“lack of confidence in assessing the system’s overall security posture”

Auch wird der Vergleich zu #AWS und #GCP gezogen - dort wäre das Design auf die Anforderungen angepasst, Microsoft hätte einfach bestehendes irgendwie zurechtgegaffat.

Wurde nach politischem Druck natürlich trotzdem für geheime Dokumente zugelassen.

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

#azure #microsoft #microslop #FedRAMP

Where's my "fry_shocked_face.gif" when I need it?

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/

#FedRAMP #Microsoft #Security

A rather technical deep dive into verification systems run by #Persona, followed by some interesting questions that deserve answers.

Persona seems to use the same code base for a #KYC system that verifies potential customers that want to sign up with #OpenAI to use GPT-5; as well as for another system that does #FedRAMP security assessments for #US government agencies (including automated notifications of agencies in special cases).

(Read "0x11 - the architecture" first)

https://vmfunc.re/blog/persona/

via @raptor

#security #privacy #ageverification

Today we're announcing Container Reachability, delivering full-stack reachability across application and base layers.

The results?
90% reduction in container vulnerability false positives
Evidence-based prioritization of vulnerabilities
A unified platform for SCA,SAST, and container scanning

www.endorlabs.com/learn/introducing-full-stack-reachability-container-scanning-that-actually-reduces-noise

#ContainerSecurity #DevSecOps #FedRAMP

📰 ColorTokens Xshield Platform Gains FedRAMP Moderate Authorization, Boosting Federal Zero Trust Adoption

ColorTokens' Xshield platform has achieved FedRAMP Moderate Authorization! 🇺🇸 This allows U.S. federal agencies to accelerate Zero Trust adoption with a validated microsegmentation solution to stop lateral movement. #FedRAMP #ZeroTrust #CyberSecur...

🔗 https://cyber.netsecops.io/articles/colortokens-xshield-platform-achieves-fedramp-moderate-authorization/?utm_s…

Why FedRAMP Authorization and CMMC Level 2 Are Now Table Stakes for GovCon AI

https://blog.procurementsciences.com/psci_blogs/why-fedramp-authorization-and-cmmc-level-2-are-now-table-stakes-for-govcon-ai

#HackerNews #FedRAMP #CMMC #GovCon #AI #Compliance #Cybersecurity