-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
82badd4
commit 3d996ba
Showing
2 changed files
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| title: "Going back to my roots" | ||
| date: 2025-02-24T05:30:00-07:00 | ||
| tags: ["Growth", "Development", "Adaptation"] | ||
| series: "Development" | ||
| draft: true | ||
| --- | ||
|
|
||
| Events occur, Priorities shift, adaptation is required. | ||
|
|
||
| The last year has been a consistent roller coaster. I've always been on the edge of what defines security controls and how we architect systems to meet and exceed the requirements. My knowledge of compliance was sufficient enough to collaborate with others on answering the required controls and moving on with development efforts. | ||
|
|
||
| The thing is we knew that better existed - or that it should. The processes were frustrating, time is expensive, and generally the fidelity of the data didn't meet the same fidelity of the other artifacts we were producing. | ||
|
|
||
| So we chased the problem space - learned incredible amounts about how common this problem is and what solutions people were standardizing on that would really provide a "Rising Tide" effect. | ||
|
|
||
| I have a new appreciation for the technology and people at the intersection of Security & Compliance. | ||
|
|
||
| ## Roots | ||
|
|
||
| So what is all this roots business? | ||
|
|
||
| I needed the above to set the stage - combined with events (see note below) that lead to another intersection. | ||
|
|
||
| I worked with and on teams in the past that had very real requirements for airgapped infrastructure support. It's a fascinating problem space that often gets passed over. A system that airgap-native doesn't inherently have to be deployed to an airgapped. Rather the architecture is built to be resilient to connectivity demands and has assurance for how it operates. | ||
|
|
||
| Technology is advancing - yet the inflection point for many capabilities to support an airgapped deployment is lagging behind. | ||
|
|
||
| So when a pivot came and I was requested to work on [Zarf](https://github.com/zarf-dev/zarf), I was actually excited to come back to my roots and focus on the ecosystem of Continuous Software Delivery that optimizes for the airgap. | ||
|
|
||
| ## Lula | ||
|
|
||
| Yes, this does mean that my attention is being pulled away from Lula. There is unfinished work here - some of which others have helped me realize has no incentive for better. That isn't a good enough reason for me to want to stop working on OSS tooling that automates assessments. | ||
|
|
||
| At the same time, I do firmly believe that the convergence of Security/Compliance and Financial, Defense, Healthcare and other Private sector domains is headed in a properly collaborative direction. Never have I seen groups of people - solving for their own specific problems - so engrained in sharing their perspectives and being open to collaborating on solutions that can be extensible enough for many domains. | ||
|
|
||
| So while this work is paused in its current state, I do expect to see a resurgence in some way when incentives and requirements begin to converge on Automated Governance. | ||
|
|
||
| This work was incredibly valuable to me. Seeing the concepts click with people who also have been looking for solutions but may not have funding available to purchase a solution. | ||
|
|
||
| ## Zarf | ||
|
|
||
| For now, I am shifting gears - staying with the area of software I am most passionate about (Open Source). | ||
|
|
||
| Zarf is what lead me to join Defense Unicorns - and now I intend to dive into what the ecosystem and operators truly need to deploy critical cloud native workloads to systems; cloud, edge, or otherwise. | ||
|
|
||
| If you have not yet looked at [Zarf](https://github.com/zarf-dev/zarf) - it is | ||
|
|
||
| ## Next steps |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| title: "Should all engineers understand security controls?" | ||
| date: 2024-02-24T05:30:00-07:00 | ||
| tags: ["Development", "Security"] | ||
| series: "Development" | ||
| draft: true | ||
| --- |