Security Engineer Working on FedRAMP Files Career Deviation Request

WASHINGTON, D.C. — After months of explaining the difference between "moderate" and "medium" risk to auditors who demanded "screenshots of the screenshots," security engineer Allison Greer has officially filed a Career Deviation Request, asking to transfer from cybersecurity to the finance department.

"I'm so used to putting creative interpretations in spreadsheets for FedRAMP," Greer told The Exploit. "Figured I'd try it with revenue projections instead."

Greer, a senior engineer at federal cloud contractor CloudSure Technologies, says she reached her breaking point during FedRAMP recertification when she was asked for "evidence" of a patching policy by providing a screenshot of the patching policy schedule, a screenshot of the policy itself, and "proof that both screenshots were taken by a human."

"I used to design access controls," Greer said. "Now I'm just a glorified PDF factory worker. At least in finance, when you fabricate a forecast, people call it 'aggressive growth modeling.'"

"Just One More Attachment"

Greer says her life slowly devolved into a maze of Excel sheets and SharePoint folders, each more cursed than the last.

"There's a folder on my desktop called Attachments_9b_FINAL2_RealThisTime, and I'm afraid to open it," she said. "If I look too closely, I might trigger another audit."

Her colleagues empathize.

"Allison's brave," said compliance analyst Darren Chu, currently on day 63 of revising a POA&M spreadsheet that "won't stop breeding." "I looked into treasury management. At least there, when you reconcile accounts, the numbers eventually match something real."

Lateral Movement

Greer submitted her Career Deviation Request through the official FedRAMP change management process, attaching risk assessments, rollback plans, and an impact analysis "on my sanity."

After a two-week review and one conditional waiver, the request was approved. She's now working in CloudSure's finance department, where she's already made an impact.

"It's the first spreadsheet work I've done in years where 'control families' isn't involved," she said. "And if the numbers don't add up, I just adjust the assumptions. I don't have to write a mitigation plan."

She's even brought some cybersecurity flair to her new role, naming budget line items after retired NIST controls, including AC-3: Access to Capital.

Back at CloudSure Security

Meanwhile, auditors have requested that CloudSure "prove continuity of security function" following Greer's departure. The team has opened a new Jira ticket:

REQ-9921: Document Process for Replacing People Who Achieved Escape Velocity.

Reached for comment, Greer said she wishes them well from two floors up.

"FedRAMP taught me discipline, attention to detail, and the importance of knowing when to pivot," she said. "Now, when I forecast Q4 earnings, I don't need three signatures and a risk register. I just... forecast it. It's wild."

She paused, reviewing her latest financial model.

"I think I'll call it Plan of Action and Margins."