https://www.seanross.us/Recent content on Sean RossHugoenWed, 06 May 2026 00:00:00 +0000https://www.seanross.us/about/Wed, 06 May 2026 00:00:00 +0000https://www.seanross.us/about/<p>I&rsquo;m a systems administrator at Marchex by day, an adjunct instructor at WSU Tech by evening, and someone who keeps reaching for the same tool to solve both: PowerShell.</p> <h2 id="day-to-day"> Day to day <a class="heading-link" href="#day-to-day"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>PowerShell is my main tool. Most of my time goes into building production automation services around the Microsoft stack — module design with proper public/private boundaries, dependency injection, structured logging with correlation IDs, Azure integrations through the Az SDK and Key Vault. I lean on PowerShell because it gives me both the shell ergonomics for ad-hoc work and a real language for shipping services that have to keep running unattended. Pester for tests, manifests with versioned deps, supply-chain-aware about what I pull in.</p>https://www.seanross.us/posts/janus-cmmc-wichita/Wed, 06 May 2026 00:00:00 +0000https://www.seanross.us/posts/janus-cmmc-wichita/<p>A local machine shop shouldn&rsquo;t need a six-figure compliance project just to keep doing business with Spirit or Textron. But that&rsquo;s where CMMC 2.0 is putting them.</p> <p>The DoD&rsquo;s final rule went into force at the end of 2024, and the phased rollout is now landing in real contracts. Any contractor or subcontractor that touches Controlled Unclassified Information has to demonstrate, on paper, that they meet the 110 controls in NIST 800-171. The big primes have been preparing for years. The 30-person shops in their supply chain, mostly, have not.</p>https://www.seanross.us/projects/Mon, 01 Jan 0001 00:00:00 +0000https://www.seanross.us/projects/<p>Things I&rsquo;m building in the open. Most of this work lives at the intersection of cloud security, identity, and the unglamorous parts of operational infrastructure that don&rsquo;t get enough attention.</p> <h2 id="janus--zero-trust-ot-gateway"> Janus — Zero Trust OT Gateway <a class="heading-link" href="#janus--zero-trust-ot-gateway"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>A stateless admission control service for accessing OT devices — CNC machines, welding robots, SCADA HMIs — from the IT side of a manufacturing network. Three gates: device registry, Entra group membership, Intune device compliance. Every decision lands in an append-only audit log designed as the <strong>CMMC 2.0 evidence artifact</strong>, not as an afterthought.</p>