Oooo for once, my time to shine! Or maybe, my time to shine???
> Is it typically expected of entry-level engineers, senior engineers, principals, tech leads, and/or project managers?
Working at a company that provides FedRAMP-approved services, the knowledge of FIPS within the company is a bit sparse. InfoSec definitely needed to understand it in order to explain to developers that they have to use BouncyCastle over the default java crypto provider, etc, but it took someone else to _really_ understand it and tell InfoSec that they were initially asking for the wrong thing.
Entry-level? No.
Senior? At least minimal understanding of how cryptography works in their language of choice and the impact of FIPS.
Principal? Same
Tech leads? Not a well-defined role. Probably.
Project managers? No.
> Have you ever needed to immerse yourself in a FIPS or ISO standard?
Yes. Multiple times. I argue with third-party auditors and the FedRAMP Joint Advisory Board about interpretation of these standards.
> Was it out of necessity for a project (just-in-time learning), or do some of you explore these standards in your spare time?
Necessity. See FedRAMP. However I can say ISO8601 was just for fun. ISO8601 gang represent!
> These standards are complex and mastering them is no small feat. It's interesting that people don't often brag about this expertise on their resumes.
I've seen a couple people who listed those standards or similar (FedRAMP again). Given the choice between two identical candidates while one has FedRAMP/FIPS/ISO experience I'll pick the one listing the standards.
> Have you ever listed such standards as part of your skill set? Why or why not?
I've not updated my resume since acquiring skills in the relevant standards but will probably include them when I do update my resume. They're a specialization that commands a premium when it comes to salary, if you're willing to work in the industries / companies that play in that space. Some people wouldn't include it because they truly hate working with rigorous standards.
> How has your understanding of these standards impacted your career or projects?
Understanding them has certainly proved to be a benefit to my career given how closely I work with them.
Would you market yourself as an expert on these in a job search or as a developer etc, with additional expertise? Is this an area where companies typically need people full-time, or is it better suited to short term contracts?
As someone with experience in this myself: It depends on where you want to be in the foodchain.
This comes up with companies that need to meet these standards to sell to someone in the Federal space (or someone who is selling to someone in the Federal space). They need to certify their products and maintain some level of certification.
You can be a consultant who helps companies get their products through an initial certification. You can be a full time employee who executes on designs and makes sure that no invariants get violated (which, after certification, would be a small amount of normal maintenance duties). Or you can work for a certification lab, since all of this is outsourced to a cottage industry of private companies!
None of them suffer from this problem. Almost all of the charts aren't even density maps, and of the two that are, they are charting family income vs. soil lead level, which wouldn't suffer from the problem mentioned in the comic.
Yes, we know we need to fix the website and app store. This is the pain of depending on grants to get work done :/ Getting the app back up on Play Store is our current priority.
Bitwarden because it has the "Teams" feature and can hsare passwords with multiple people. No sync issues like passing around a keypass file and worrying about having the latest version of it.
Apptio | Infrastructure Engineer II | Full-time | Bellevue WA or Remote | US Citizen | $130k DOE
Apptio is the business management system of record for hybrid IT. We transform the way IT runs its business and makes decisions. With our cloud-based applications, IT leaders manage, plan, and optimize their technology investments across on-premises and cloud.
You will be a member of our globally distributed public sector operations team splitting your time between unplanned incident or internal support work and planned projects from our the current sprint. Typical work involves troubleshooting application instances, resizing containers, improving automation for deployments, patching, security compliance, and much more. We work with technologies like Puppet, AWS, and terraform. Our environment consists of cloud deployments.
Contact me: gwalters [at] [thecompany].com if interested or apply via the link[1].
I use it to take up space in my drawer of useless electronic stuff because I can never find a combination of power supply and SD card that doesn't eventually end up corrupt and unbootable.
Yep. It was kind of funny watching a couple graybeards trying to figure out how keepalived was assigning addresses and how to view them. It’s a rare treat when you can help someone like that with something they might normally help you with.
Would you mind backing up the assertion about convection being the mechanism of sodium transport? e.g. on earth are you saying the sterling part wouldn't work if the hot fluid had to traverse say down (a gravity gradient) instead of up?
The wiki page you linked specifically mentions deep space applications as a design goal.
I'm not sure about the sodium heat pipes but the alcohol vapor heat pipes you see in electronics typically use an internal wick to return the working fluid.
> Is it typically expected of entry-level engineers, senior engineers, principals, tech leads, and/or project managers?
Working at a company that provides FedRAMP-approved services, the knowledge of FIPS within the company is a bit sparse. InfoSec definitely needed to understand it in order to explain to developers that they have to use BouncyCastle over the default java crypto provider, etc, but it took someone else to _really_ understand it and tell InfoSec that they were initially asking for the wrong thing.
Entry-level? No. Senior? At least minimal understanding of how cryptography works in their language of choice and the impact of FIPS. Principal? Same Tech leads? Not a well-defined role. Probably. Project managers? No.
> Have you ever needed to immerse yourself in a FIPS or ISO standard?
Yes. Multiple times. I argue with third-party auditors and the FedRAMP Joint Advisory Board about interpretation of these standards.
> Was it out of necessity for a project (just-in-time learning), or do some of you explore these standards in your spare time?
Necessity. See FedRAMP. However I can say ISO8601 was just for fun. ISO8601 gang represent!
> These standards are complex and mastering them is no small feat. It's interesting that people don't often brag about this expertise on their resumes.
I've seen a couple people who listed those standards or similar (FedRAMP again). Given the choice between two identical candidates while one has FedRAMP/FIPS/ISO experience I'll pick the one listing the standards.
> Have you ever listed such standards as part of your skill set? Why or why not?
I've not updated my resume since acquiring skills in the relevant standards but will probably include them when I do update my resume. They're a specialization that commands a premium when it comes to salary, if you're willing to work in the industries / companies that play in that space. Some people wouldn't include it because they truly hate working with rigorous standards.
> How has your understanding of these standards impacted your career or projects?
Understanding them has certainly proved to be a benefit to my career given how closely I work with them.