The AI Headcount Panic, Bad Bets, and Lost Knowledge
Companies across the globe—and Israeli high-tech especially—are mass-laying off in the name of AI. But is AI really the reason, or just the best available excuse?
DevOps, Platforms, and AI-driven delivery
Practitioner notes on SRE, Platform Engineering, Kubernetes, and how AI changes the way we ship. DevOps, SRE, Platform Engineering, and AI-driven delivery — by Haggai Philip Zagury.
Featured
SOC 2 for ISVs — A 2026 Refresh of the Series Series Recap
A short note on why I refreshed the 5-part SOC 2 for ISVs series in 2026 — modernized imagery, and a reset of my own field knowledge from +-5-7 years of customer engagements.
FedRAMP, From the Platform Side — Part 1: Why You Probably Need a Partner Part 1
A platform engineer's take on starting the FedRAMP journey from outside the US — why a third-party partner matters, and what the '90 days' promise really means in 2026.
Latest
Anthroipcs announcement, a Brake Pedal, or a Press Release?
Anthropic wants the option to pause frontier AI development. A platform engineer reads the data behind the 'recursive self-improvement' warning — and the timing.
The Knowledge Bill Comes Due Part 2
A follow-up to The AI Headcount Panic. The numbers crossed 150,000, and the first codebases gutted of senior engineers are starting to break. The bill arrives on a lag.
Cilium in Practice — A Three-Part Series on eBPF Networking, EKS, and FedRAMP 0 Series Recap
Three forces pushed Cilium onto my roadmap: a VPC-CNI silent-drop bug, a FedRAMP project, and a pattern in every recent breach I've reviewed. Here's the series.
FedRAMP, From the Platform Side — Glossary: NIST SP 800-53 Control Families
A quick-reference glossary of NIST SP 800-53 control families referenced throughout the FedRAMP series — RA, CM, SA, AC, AU, SI — and what each one means for platform engineers.
FedRAMP, From the Platform Side — Part 4: Drawing the Boundary Part 4
Drawing the FedRAMP authorization boundary is the most consequential platform decision in the program — what's in, what's leveraged, what's external, and how 20x turns the boundary from a Visio diagram into a data structure.
The Infrastructure Wall: Why Your Agent Demo Died in Production
Everyone prototypes an AI agent in a weekend. Almost nobody ships it cleanly. Here's the wall you're about to hit — and how the platform is evolving to remove it.
FedRAMP, From the Platform Side — Part 3: Where FIPS Lives Inside FedRAMP Part 3
FIPS-validated crypto is a hard requirement inside a FedRAMP boundary — not a best practice. A practitioner's walkthrough of where FIPS lands across 800-53 control families, and how the Building for Compliance supply-chain work maps onto it.
FedRAMP, From the Platform Side — Part 2: The Basics Part 2
A platform engineer's plain-English walkthrough of what FedRAMP actually is — impact levels, the document set (SSP, SAR, POA&M), the ATO process, and how Rev5 and 20x change the picture in 2026.
Stop Storing Secrets in GitHub and GitLab: OIDC + External Secrets Managers for CI/CD
Why masked CI variables and GitHub encrypted secrets are not enough — and how to replace them with OIDC-based access to HashiCorp Vault, AWS Secrets Manager, or GCP Secret Manager.
My Personal Blog Stack: Astro + GitHub Pages = Zero Excuses Not to Write
How I set up my personal blog and portfolio using Astro and GitHub Pages — zero cost, full control, and a git push away from publishing.
Zero Trust Network Access in CI/CD: Cloudflare WARP for Private Endpoint Connectivity in GitHub Actions 0
How to connect GitHub Actions runners to private infrastructure using Cloudflare Zero Trust WARP and a service account — enabling Terragrunt to reach private endpoints without IP allowlisting.
Rebuilding for Compliance, Part 4: From Signed Image to Verified Pipeline Part 4
Wiring a signed Wolfi toolchain image into a real consumer pipeline, verifying it at deploy time with Sigstore policy-controller, and digest-pinning with Renovate — the series finale.