That is, the arrowbox thingie for scalability, the lock for security, etc?
I had two phone interviews in which both interviewers asked almost the exact same questions (which struck me as odd). Then I had a third phone interview in which the interviewer - who had a law background, as I recall - seemed very disappointed that I had not worked on Google-sized teams before. Maybe he was having a bad day, but his tone made it sound like I was wasting his time. That was the last I heard from them.
Sorry, this probably isn't the right place to comment on this, but I just wanted to share my experience with you. I was somewhat disappointed in the process, even though I LOVE the mission of 18F. I was prepared to up and move to DC, and honestly take whatever salary you offered - I was in it for the mission, not the money.
There are a lot of cities that could use your help. I am in no way connected with them but am a huge fan of their mission.
I'm no rockstar, but I do have nearly a decade of experience, half of which is gov. contracting in the beltway. And my resume has no problems attracting recruiters from Amazon, MS, etc.
The whole process (admittedly only a few emails back and forth) felt very amateurish - as if their recruitment was run by some non-technical recent grads - similar to a lot of NGOs in the area.
The startup I worked on had 12 people at its height (before it was bought by a large tech company), and I was the first employee hire so I was in a position of some leadership.
He kept asking me strange questions that presupposed I knew how to negotiate with large entities like government agencies... as a developer.
That interview - plus the other two "groundhog day" interviews - were the strangest interview process I've ever experienced.
Perhaps that's part of the skills that are needed to succeed at 18F. It sounds like these folks are in a sort of consulting position where they help other government agencies with technical projects and policy efforts. Take a look at the 18F Innovation Specialist GS-14 and -15 roles: https://pages.18f.gov/joining-18f/pay-grades/ - based on your background, they might have expected you to fall somewhere around, I'm guessing, GS-14 (1). Some of the qualifications required are:
> Knowledge of and expertise in driving and implementing technology solutions that overcome significant challenges resulting from complex or bureaucratic environments, or technically difficult problems
> Skill in oral communication to present sensitive recommendations to higher authority, to obtain compliance with policies from activities nationwide, to articulate positions/policy of vast technical complexity, and to represent the agency on task forces
> Comprehensive knowledge of and expertise in all stages of product or business development, and ability to lead complex technology and policy initiatives from inception to implementation
Bureaucratic environment is right there in the job description :-) More seriously, this sounds like a reasonably senior technical role in which one would likely interface with other agencies in the way you're describing. GS-15 is even more demanding. While it's disappointing that the interview expressed condescension at your lack of expertise in this area (and expressed anything other than professionalism), I can understand given these qualifications why they'd probe into those skills. It appears they're looking for technical leaders, and not exclusively heads-down individual contributors -- this makes sense to me given their mission. These positions seem to be about influencing the government through policy and technology initiatives, and influencing other government agencies (which is harder than influencing one's local environment), not just delivering technical projects.
I am not trying to excuse the interview experience that you had, just to be clear. I'm just making an observation about the kind of challenges they appear to have, and the kind of qualifications they might be looking for in candidates to tackle them. Innovation Specialist GS-14 and GS-15 sounds like pretty interesting roles. I am personally glad that they expect such leadership from technical specialists; this kind of broader influence is key to career growth as a technical person past a certain point. Organizations that don't expect this and foster this in individual contributors are organizations where you need to move into management in order to keep moving up.
However, it sounds like they could have done a lot better job communicating with you respectfully and professionally, as well as conveying what they're looking for.
(1) I know nothing about 18F beyond what I've read on these sites, nor about government pay grades. I'm just taking a guess based on your industry experience, and by comparing the 18F job role levels to the qualifications expected of candidates with similar background in private industry.
My experience does include running front-end at the startup I worked at, and even being part of the three-person group that decided on the direction of the product (with the two founders). My communication skills are battle-tested from years of contracting (and a liberal arts university background), but I do lack experience dealing with huge bureaucracies and I lack experience with business development. So maybe that was it.
That said, if your theory is right that they were slotting me in as a GS-14, they could have communicated with me about that difficulty. I would have been totally fine with whatever role they wanted to give me - which I made clear in the "groundhog day" interviews - because I just wanted to help. :-D
it's possible to work in a small team and be effective even at large scale.
> We're pausing applications while we evolve how 18F plans for open roles. We estimate that we’ll post new open positions at the end of June.
I'll let @bmogilefsky describe the jobs. @18F as a whole hires engineers, designers, product managers, content writers, journalists, folks with non-traditional cross-functional backgrounds, etc.
Salary depends on job grade. See  for an explanation of the grades within 18F.
Then see the GS pay scale  to figure out the pay for your grade in your region.
Many people (self included) leave the private sector for this duration to support the mission of 18F. After the term is over many people will return to the private sector.
I'm OK with a pay cut to work on meaningful projects that benefit the American public. I'm not worried about returning to the private sector if/when I choose to do so.
Speaking personally, I think there's a lot of room for policy folks to dig into how gov't can better hire and retain skilled talent, but that's not 18F's function.
(It's probably better that they don't: http://www.joelonsoftware.com/items/2005/01/27.html)
When I applied, they had a table of salaries, adjusted for location, so at least they were transparent about it.
I'd love to get involved, I'm mainly focused in software engineering. It seems like a great cause to partake in.
In the shorter term, do check out https://micropurchase.18f.gov. It's where we post very short term contract opportunities ($3,500 or less, and tasks typically take up to a week). I also happen to be a dev on this project, so feel free to reach out here or at email@example.com if you have any questions.
Watchdog: 18F's Slack security exposed GSA data
It was enough of a problem that the reaction was to probably take it down and take a hard look at everything before being it back up. Maybe a hosted rocket.chat will be the replacement to allow them more granular control over security.
Seems like the Slack invite app is not deployed to cloud.gov right now.
I could easily see how the government's business process could be at conflict with the commercial sector's business process. Colluding the two in even a single Open Source project would seem to be illogical.
This is a major reason for cloud.gov going after the FedRAMP JAB P-ATO recognition. "JAB" is the Joint Authorization Board comprised of the CIOs of the Department of Defense, Department of Homeland Security, and the General Services Administration. Having a triple-sign-off from three CIOs under a consistently applied set of standards is the highest social proof you can get in government that will convince other agency CIOs that it is OK to use your stuff at their agency. Normally it's vendors that go through this program... We're among the few to do it for a government-developed-and-operated service, and the first to do it for something as generally useful as a PaaS.
The other aspect is making sure everything we do to deploy and document the platform's compliance is open source and subject to scrutiny, so they can check for themselves... and ideally contribute in areas they think it could be better, of course!
If you're pulling teeth in regards to FEDRAMP, you can join ##GRC on irc.freenode.org with fellow teeth grinders. Its a chat channel with 20+ Security Auditors and System Administrators dedicated to discussing enforcement, regulations, and systems administration for FEDRAMP and other compliance frameworks.
There's also the brand new subreddit called /r/FEDRAMP that started a few days ago.
Check the sidebar for other compliance frameworks too like /r/SOC2, /r/HIPAA, /r/ISO27001, and /r/PCICompliance.
A major argument in favor of PACER is its high-availability. Hopefully this makes it easier to build a better system with the same high-availability but a much better UX.
I worked on the Google Cloud Platform team around the time Compute Engine and Big Query were launched (but spent most of my time on App Engine).
A few weeks ago at the Cloud Foundry Summit the folks from cloud.gov.au gave a keynote. Cloud.gov got some nice shoutouts - the Australian counterparts reused a lot of the cloud.gov work, thanks to the transparent open-source approach.
Listing of cloud.gov related Github repos:
Could you elaborate? I'm an Australian but I haven't heard about anything 18F/Cloud.gov-like back home.
How were you able to get ATOs to operate most of your systems and work through these policies?
Edit: they ignore a lot of the rules that GSA (among others) mandate the rest of the government follow. One great example is cloud.gov, operating on the public Internet without finishing the fedramp approval process. It also doesn't comply with the TIC requirements GSA pushes on the rest of the .gov.
The hard problems in government IT are being able to pay enough to attract top talent and dealing with all the authorities and oversight that parent refers to. If you remove those two legally-required obstacles, you're cheating. That's not necessarily a bad thing, but comparing GSA's pet project to normal government is disingenuous at best.
I’m Noah Kunin, the Infrastructure Director at 18F/GSA.
While the Department of Homeland Security (DHS) owns the Trusted Internet Connections (TIC) policy and controls (https://www.dhs.gov/trusted-internet-connections) we’ve been working hard with DHS teams to clarify and improve implementation guidance.
We hear you - loud and clear - and understand there’s a lot of frustration.
Check out our updates with one of our pilot partners, Amazon Web Services:
Also please sign up for updates to our blog - hopefully you’ll see more news on this soon, but feel free to contact us directly as well.
And there's a GitHub repo with an issue tracker that would make for better conversation capturing than HN:
There is still a large gap between software that is on the approved list and the stuff you use, but as I am sure we both know, there are waivers and blind eyes for that. If someone really wants it, it will happen.
You guys are paving the way with your tools and process. But, please be careful, one serious security breach and it's kaput. For example; the incident with slack. I know it was trivial and people chose to blow it out of proportion, but regardless, it will now be harder for me to get slack approved for our team.
Any software used on government systems has to go through an accreditation process. This is to prevent you from pulling in some random code that may have security vulnerabilities or backdoors. Just because it is open source doesn't mean it is secure.
As an example, we've had to run security scans on jquery for god's sake and justify every occurence of random number generation to make sure it wasn't used for anything security related....
There are other things like warranty, support, size of the community, etc...
Overall, GSA is one of the best agencies when it comes to open source. It has definitely come a long way, but still a long way to go.
I think it's never been a better time to get approvals/clarifications/etc for open source at GSA. GSA's CIO posted a supportive comment on this issue here, w/r/t the White House's proposed source code policy (and 18F's comment on it), and reinforced that GSA has an "open source first" internal policy for the enterprise on the books:
Of course, policies only give people the space to spend energy making the policy really mean something -- which I encourage you to do. Find me on 18F's GitHub or GSA email any time if you have ideas you want to talk about.
I'm especially a fan of developing in the open - you can see our commits and issue discussions and keep track of how we're doing as your civil servants. The other thing I love is that all of our work is in the public domain or CC0.
The focus really needs to be on building a process to better integrate private cloud services and gov't applications. I mean they already are for the most part: https://aws.amazon.com/compliance/fedramp/
Seriously this is just another wasteful program. The Gov't and 18F will hype it up, but don't be fooled.
We also leverage the fact that AWS GovCloud already has FedRAMP status as an IaaS to accelerate our delivery of cloud.gov (which sits on top of it), so we're piggy-backing on the money and effort already spent and eliminating the millions we would otherwise spend by having the government run the IaaS layer.
In other words...
> The focus really needs to be on building a process to better integrate private cloud services and gov't applications.
...that's what we're doing!
Both built on Red Hat OpenShift
They're using open source Cloud Foundry, literally to avoid spending millions of dollars mimicking the private sector innovators.
Haven't read every comment but a quick ctrl+f didn't find any keywords on the topic;) thanks for the insight!
IBM BlueMix includes a CF instance. There's also AppFog and AnyNines.
Naturally, I think ours is the best. It's usually the most up-to-date, based on the internal monitoring I've seen. We upgrade PWS to the latest Cloud Foundry release usually within a week of one being tagged.
My favourite part about it is that thanks to BOSH, basically nobody ever notices that we upgraded the entire platform underneath them.
The general services administration is restricted to only assist federal government agencies, so you wouldn't be able to use the version being managed for the federal government.