top | item 11838077

(no title)

I'm the product lead on cloud.gov... Thanks for noticing us! There are other Cloud Foundry deployments, but what makes cloud.gov special is the focus on ensuring federal agencies are actually able to use it. Federal compliance for a cloud service provider is a tough bar to clear, and without it most agencies are simply unable to take advantage of capabilities the rest of the world now takes for granted. That in turn impedes improvements in the many services the government has to offer. We've just reached the "FedRAMP Ready" status, which is a signifier of confidence that cloud.gov will make it through the exhaustive auditing process to come. Best of all, everything were doing is open source, including all the compliance work, so others will be able to follow in our footsteps. AMA!

discuss

chias|9 years ago

This is totally a minor thing, but I feel like the icons halfway down the page are off-by-one: http://i.imgur.com/bXTZqOZ.png

That is, the arrowbox thingie for scalability, the lock for security, etc?

bmogilefsky|9 years ago

Good eyes, will see if we can fix that.

empath75|9 years ago

What sorts of jobs are available there and what's the salary like? I currently do devops at a large Internet content company near Dulles and I've got federal government experience from many years ago.

bmogilefsky|9 years ago

We're recruiting actively across many disciplines. 18F employs a huge range of amazing people with diverse histories from both inside and outside of government. Everyone is an impact junkie. Salary is competitive with industry through a special hiring authority although capped at government levels without bonus, stock, etc. There are intangibles that come from actually being able to improve the way government approaches technology and adopts user-centered design, agile culture, and DevOps that are totally unique. https://18f.gsa.gov/join

verst|9 years ago

See: https://pages.18f.gov/joining-18f/

I'll let @bmogilefsky describe the jobs. @18F as a whole hires engineers, designers, product managers, content writers, journalists, folks with non-traditional cross-functional backgrounds, etc.

Salary depends on job grade. See [1] for an explanation of the grades within 18F. Then see the GS pay scale [2] to figure out the pay for your grade in your region.

[1]: https://pages.18f.gov/joining-18f/pay-grades/

[2]: https://www.opm.gov/policy-data-oversight/pay-leave/salaries...

allengeorge|9 years ago

VonGuard|9 years ago

You forgot to mention your slack: chat.cloud.gov, where people can come ask questions, right?

aidanfeldman|9 years ago

https://chat.18f.gov/?channel=devops-public, actually. EDIT: Gaaah, sorry, down right now for reasons. Will post here again when it's back up. Sorry!

kordless|9 years ago

How do you see innovations in software able to reconcile bureaucratic processes while not remaining susceptible to scalability and trust issues?

I could easily see how the government's business process could be at conflict with the commercial sector's business process. Colluding the two in even a single Open Source project would seem to be illogical.

mcritz|9 years ago

Any plans to standardize agencies tech stacks? Is that even a good idea?

bmogilefsky|9 years ago

We can't control the decisions they make, and wouldn't want to... Each agency has their own CIO, and needs to be able to make decisions about stacks based their needs. Compliance requirements for running a service in public are so huge that agencies have conservatively stuck to ancient options, or farmed it all out to vendors. Our goal is to make the operations, deployment, and compliance aspects of service delivery trivial so they can put more of their resources (and those of the vendors they pay) into the improvement of the services they provide rather than sinking a huge portion of their budgets into redundantly addressing compliance and deployment concerns. And of course, use modern tech.

BinaryIdiot|9 years ago

Good luck with that. I was only a government contractor and the amount of blue badges that argue how the other agency is doing it wrong / stupid and they would never use their stack is insane.

booop|9 years ago

Wouldn't deploying cloudfoundry to AWS GovCloud accomplish the same thing? (Sorry, if the question seems too ignorant)

aidanfeldman|9 years ago

We're in the process of moving to GovCloud, but that's a relatively small part of the overall compliance...fun...that goes into getting a service FedRAMP-approved.

fudged71|9 years ago

The "Contact us" section is actually a "Subscribe to our newsletter", I would look into changing the copy there and/or providing actual contact details.

jksmith|9 years ago

Yep, I just got Azure Gov FedRamped on my project and it was some serious gnashing and pulling of teeth. Writing all those CMS and IRS procedure docs was a great, but arduous experience. There's a larger story here though involving application outside the US, which is what I'd like to pursue after my current project. It definitely will not include Azure unless that becomes a more cost effective platform. Would love to chat with you guys about some ideas.

akshatpradhan|9 years ago

>I just got Azure Gov FedRamped on my project and it was some serious gnashing and pulling of teeth. Writing all those CMS and IRS procedure docs was a great, but arduous experience.

If you're pulling teeth in regards to FEDRAMP, you can join ##GRC on irc.freenode.org with fellow teeth grinders. Its a chat channel with 20+ Security Auditors and System Administrators dedicated to discussing enforcement, regulations, and systems administration for FEDRAMP and other compliance frameworks.

There's also the brand new subreddit called /r/FEDRAMP that started a few days ago.

https://www.reddit.com/r/FEDRAMP.

Check the sidebar for other compliance frameworks too like /r/SOC2, /r/HIPAA, /r/ISO27001, and /r/PCICompliance.

https://www.reddit.com/r/HIPAA

https://www.reddit.com/r/PCICompliance

https://www.reddit.com/r/ISO27001

https://www.reddit.com/r/SOC2

afarrell|9 years ago

> are simply unable to take advantage of capabilities the rest of the world takes for granted

A major argument in favor of PACER is its high-availability. Hopefully this makes it easier to build a better system with the same high-availability but a much better UX.

homero|9 years ago

Please let the public use it

kordless|9 years ago

For the love all that is holy, no.