Best agentless cloud security tool for multi cloud in 2026

Hey r/devops,

Devs and SREs are starting to push back hard on installing any more agents on our cloud workloads especially with containers spinning up/down constantly and a bunch of serverless bits in the mix. We're already dealing with agent fatigue from EDR and monitoring tools, and adding security agents everywhere is becoming a non-starter for performance, deployment speed, and just general "don't touch my ephemeral stuff" drama.

We're spread across AWS (main), Azure (growing), and dipping toes in GCP for some AI/ML experiments about 800 to 1200 running workloads total. Need proper visibility into misconfigs, vulnerabilities, IAM risks, and some basic attack path context, but without agents that require constant chasing or break CI/CD flows.

Anyone running a truly agentless setup like Orca Security, Wiz, Prisma Cloud, Lacework, Aqua, or similar in multi-cloud

Straight talk appreciated!

Thanks.

https://redd.it/1q1wd90
@r_devops

How do you stay up-to-date with tech and actually learn deeply without reading a ton of shallow content?

Hi all,
I work in a Platform/DevOps team and know Python, cloud, Terraform, and DevOps tools. I want to learn Go and dive into AI and LLMs.

But everything feels so ready-made now—AI does half the work, and cloud services exist for almost everything, even AI (like Bedrock). It feels like you can learn almost any topic in a week or two.

I feel the real edge comes from understanding things deeply in your own head. That makes debugging, learning, and using AI much easier.

So my questions are:

1. How do you decide what’s worth learning to really grow professionally?
2. Where do you actually learn it—courses, books, tutorials, hands-on projects?

https://redd.it/1q1y51h
@r_devops

JS heap out of memory error

At work, we have a Create React App and we use Github Actions to deploy the app. The actions file was working fine for a while, even with a large JavaScript bundle size (15MB before gzip). Recently, the actions workflow has been failing with a JS heap out of memory error, even when increasing the ```export NODE_OPTIONS=`--max-old-space-size```` value. I also worked on decreasing the JS bundle size (shaved off \~1MB), tried again, still same error. What perplexes is me is that actions file used to work when my JS bundle size was larger, now it is smaller, and it doesn't work.

https://redd.it/1q21fqz
@r_devops

Automation Trust Protocol (ATP)

 spent the final hours of 2025 and the first hours of 2026 deeply and rationally examining a hard truth:

Agentic AI did not break automation; we did.

While most treat agentic AI as the solution, I approached it as the problem. That shift led to something interesting:

A missing trust layer in modern automation.

Quick Overview :

Automation Trust Protocol ( ATP ): is a standard for automation systems to communicate risk, ensure accountability, and enable safe execution of automated actions across any platform. Think of it as how OAuth as protocol brought trust to authorization. Same for ATP, Automation Trust Protocol aims to restore the trust in automation.

The aim is to make automation pipelines :

1. Predictability: Known outcomes for given inputs.
2. Observability: Full visibility into each step.
3. Controllability: The ability to pause or modify execution.
4. Accountability: Clear attribution for failures.
5. Recoverability: Mechanisms to undo errors.

ATP Aims to do this by introducing 9 layers which are

1. Identiy and Authorization.
2. Action Declaration ( Event-Driven automation ).
3. Risk Assessment of Automated Actions.
4. Approval Flow.
5. Pre-Execution Verification.
6. Execution With Proof.
7. Post-Execution Verification.
8. Rollback capability.
9. Learning and Feedback.

The goal of sharing this on here is to attract people to the concept and possibly take it from a draft into a production version.

In the first comment I will share the GitHub repository where you find the draft specification, demo based on that draft specification, demo video link, and blog post link

GitHub Repo

https://redd.it/1q1zjoj
@r_devops

Starting in DevOps

Hi there, I recently graduated from Software Engineering Bachelor’s studies and I am considering further studies/training. The two realms that interest me the most are DevOps and Cyber Security.

I had a question for those who have experience in DevOps or are learning it. What channels do you use in order to learn DevOps concepts and practice them? When I spoke to other DevOps engineers in real life they just said that they learned from someone else and through practice. I am just wondering if nowadays there are other ways to get started.


thanks in advance :)

https://redd.it/1q20x3q
@r_devops

I have 25 years experience, but still Need help preparing for a technical interview.

I've been an engineer (unix administrator, devops, infrastructure engineer, & SRE) for the last 25 years so I have a LOT of experience and no lack of confidence in my ability to learn anything new I may not have experience with, BUT when it comes to interviews.... I fail.

I am terrible with interviews because of nerves, because I know the interviewer doesn't want to wait an hour while I look something up, etc. Also, while I have experience with a lot of different tools, it might have been a couple years since I touched said tool. So that, coupled with nerves, might make me choke on the spot when asked.

I'm thinking there's got to be a refresher devops course that touches a little on everything.

I have an technical interview next week. The last 2 technical interviews I had, I was just winging it. Winging it does not work for me.

I'm signed up to udemy but haven't seen a quick 2 or 3 day course that just touches on everything. AWS, python, azure, terraform, jenkins, etc, etc, etc.


help?
thanks!

https://redd.it/1q265ry
@r_devops

DevOps/SRE coding assessment

Looking for some recommendations on how to improve on the coding assessment phase of interviews.

For context, I am self taught but have 10+ years experience as a devops/software engineer focusing on kubernetes, building/maintaining ci/cd piplines, python noscripting for automation, etc. About 4-5 years ago i was considering moving to san francisco and had a ton of interviews. Feel like i did really well technical/infrastructure discussion until we got to the coding assessment. As i said im self taught so im sure it was just spaghetti code (though i hope ive made some improvements in the last 4-5 years). My fiance and I are thinking about moving and I want to be better prepared for interviews.

Ive done some research into things like leetcode, bootcamps, mentorships, etc but everything seems to be scams or mixed reviews.

https://redd.it/1q280sr
@r_devops

Released envcheck-cli v1.0.0 — a CI-first tool to validate .env files with schema enforcement

I just released envcheck-cli v1.0.0 — a small, CI-first Python tool to validate

.env files using schemas, deterministic exit codes, and explicit secret flags.

The goal is simple: fail fast on misconfigured environment variables before

runtime or deployment.

Features:

\- Schema-based validation (required keys, enums, patterns, ranges)

\- CI-safe exit codes

\- Optional JSON output for pipelines

\- Explicit secret flag enforcement (not pattern guessing)

\- Designed to prevent environment drift across setups



PyPI: https://pypi.org/project/envcheck-cli/

GitHub: https://github.com/BinaryBard27/env-check



I’m specifically looking for feedback from people who’ve dealt with broken

.env files or config drift in CI/CD pipelines.



https://redd.it/1q29kpr
@r_devops

Looking For a DevOps Fellowship opportunity

I am a DevOps Engineer with almost 3 yoe, self taught but i feel like there is always more to learn and through a well organised program, i could gain lots of experience.

Open to any opportunities

https://redd.it/1q2c4qu
@r_devops

Cloud or web

I have a great passion for the web and some
project ideas ⸜( •⌄• )⸝, But I hear a lot about the diminishing job opportunities for junior lately😖
In contrast, the cloud appears to be a more stable and in-demand field of work
Should I make web development just a hobby and focus on the cloud?
Or I can do both together 😅
I'm really confused and I have to choose my academic path this year, so any advice would be a great help ( ⊃🌹⊂ )


https://redd.it/1q27ywl
@r_devops

CI/IaC is basically a control plane now… what guardrail helped the most?

Feels like everything is a control plane now. GitHub Actions, IaC pipelines, internal platforms, agents, all of it.

And the failure mode I keep seeing is “one small change lands everywhere” because the blast radius is huge and rollout/rollback isn’t really a thing.

Curious... What’s one guardrail you added that actually helped?
Canaries, progressive delivery, env isolation, policy checks, drift detection, JIT admin, whatever… doesn’t have to be fancy.

I did a short Ship It Weekly ep on this (Cloudflare “fail small”, Pulumi’s IaC control plane push, Meta’s automated RCA thing). If you wanna listen it’s here:
https://www.tellerstech.com/ship-it-weekly/fail-small-iac-control-planes-and-automated-rca/

https://redd.it/1q2l2dy
@r_devops

Need Advice Choosing Between Two Final Year Project Topics

Hi everyone,

I’m a final-year student and I need advice choosing between two project topics for my final year project. I’d appreciate opinions from people working in cloud, DevOps, or cybersecurity.

Option 1: Secure AWS Infrastructure & Web Security
• Design and deploy a secure AWS infrastructure
• Work with EC2, S3, IAM, VPC, Security Groups
• Apply security best practices (least privilege, encryption, network isolation, logging, monitoring)
• Perform web application vulnerability assessments

Option 2: Cloud PaaS Platform with OpenShift & CI/CD
• Build a Cloud PaaS platform using OpenShift
• Automate deployments with CI/CD pipelines
• Use open-source tools
• Focus on containers, automation, and DevOps practices

Note: Both topics are flexible and modular, meaning I can add extra components or features if needed.
Which topic is more valuable for the job market?

https://redd.it/1q2ed56
@r_devops

I have a DevOps opportunity, but I have no experience. Is it too risky?

Hi everyone,

I hope I'm not breaking any forum rules (I'm new, so I apologize in advance and will remove the post if necessary).

M35, I'm considering a job opportunity that would require me to leave a large multinational company for a smaller company looking for a middle developer in a DevOps role. I'm preparing for the interview by taking courses on Docker and Kubernetes and brushing up on Spring Boot.

In my current job, after six years, I'm still involved in legacy support and mainly manage tickets (about €1,800 net per month in a small town in central-northern Italy). I haven't written code for a few years, and even before that, I've never been involved in full-fledged projects (all started and finished). In my role, every day is active and busy, but I'm not really a developer: I read logs, solve some problems, and respond to tickets, but I've never really acquired any particular technical skills.

I studied computer engineering, but I didn't finish, and this was my first and so far only job. I've often been told I should have been more proactive, but I didn't really know how to do more beyond writing a few PowerShell noscripts to consult logs and respond to tickets. I feel like I've wasted the little I've studied.

The work environment, however, is fantastic, and my colleagues are exceptional. Even on a human level, they supported me when I went through a difficult period, and they didn't fire me even though I wasn't at my best. That's why I feel guilty about wanting to change, but I realize that, after all these years, I haven't learned anything about real programming.
I'm wondering if I should stay out of gratitude, or if it would be a mistake not to take advantage of the opportunity to learn new technologies at another company. In particular, I wonder if the DevOps role might be too challenging for me. So far, I've only seen it in courses, but I know the reality could be very different.

I wanted to hear from those in the industry.

Thanks so much in advance!

https://redd.it/1q2o742
@r_devops

How do you realistically start freelancing as a DevOps engineer?

Hi everyone,

I’m a DevOps engineer with \~3 years of experience, and I’m trying to break into DevOps freelancing / contract work, but I’m struggling to get my first clients.

My background includes:

* Linux and system troubleshooting
* Kubernetes (production experience; Kubestronaut)
* Cloud providers (mainly AWS)
* CI/CD pipelines
* Infrastructure automation
* Some coding (Golang / noscripting)

I’ve been actively trying for around 4 months (Upwork / cold outreach / networking), but haven’t landed any freelance work yet. This made me realize I might be missing something beyond just listing tools and skills.

I’d really appreciate advice on:

* How people actually got their first DevOps freelance clients
* What kind of projects clients trust freelancers with at the beginning
* How to position yourself (tools vs outcomes vs niches)
* Whether freelancing is realistic at \~3 YOE, or if contract roles are a better entry point
* Common mistakes DevOps engineers make when starting freelancing

For those already freelancing:

* What would you do differently if you were starting today?
* What helped you win trust without a long freelance history?

Thanks in advance any real-world experience or guidance would be very helpful.

https://redd.it/1q2pw6l
@r_devops

What level of expertise and depth of study is needed for a good DevOps job?

Hi everyone,

I’m trying to understand what level of expertise and depth is expected for well-paid DevOps / Platform / SRE roles that also have a healthy work culture.

By good roles, I mean:

* Good compensation
* Interesting work (building/designing systems, not just alerts)
* Reasonable on-call and low firefighting

I’d appreciate insights on how deep one is expected to be in the following areas for such roles:

* Linux & OS fundamentals
* Kubernetes
* AWS / cloud infrastructure
* CI/CD
* Golang & noscripting

Also:

* How do expectations differ between startups and mature companies?
* Does years of experience really matter, or is skill depth more important?
* How do experienced engineers identify teams with good engineering culture and manageable on-call?

Thanks for any insights!

https://redd.it/1q2q9xx
@r_devops

Where do people get the idea from that DevOps is the way to go career wise?

If you wanna get into IT / remote / lotta money(im sure thats what they get told haha) I would suggest following some development courses where its easier to have a junior role.
What i did see float around without calling their names are people that sell courses with the promise that if you know a ci cd tool and some docker/kubernetes you can get into the business which in my personal experience is not realistic.


https://redd.it/1q2qkpr
@r_devops

Open source observability - what is your take?

Hey there 👋

I currently use victoriametrics/grafana for metrics and Loki for logs (I also use ELK, but not every project has the budget to keep an ES cluster running, so S3 is a nice alternative).

What I'm missing from this stack is APM. Today I stumbled upon a link (which I lost) for a new s3-backed open source apm tool and got me thinking about this.

Since I'm already on the Grafana stack, I'm considering Tempo, but there are other alternatives like https://signoz.io/ https://openobserve.ai/ and Elastic APM. All three of those are pretty resource-hungry and I'd prefer something lighter with S3 storage.

Do you have any suggestions for other tools to evaluate? On the app side we're mostly hosting php and python apps.

Happy new years and thanks in advance for any tips!

https://redd.it/1q2u17c
@r_devops

How do you realistically start freelancing as a DevOps engineer?

Hi everyone,

I’m a DevOps engineer with \~3 years of experience, and I’m trying to break into DevOps freelancing / contract work, but I’m struggling to get my first clients.

My background includes:

* Linux and system troubleshooting
* Kubernetes (production experience; Kubestronaut)
* Cloud providers (mainly AWS)
* CI/CD pipelines
* Infrastructure automation
* Some coding (Golang / noscripting)

I’ve been actively trying for around 4 months (Upwork / cold outreach / networking), but haven’t landed any freelance work yet. This made me realize I might be missing something beyond just listing tools and skills.

I’d really appreciate advice on:

* How people actually got their first DevOps freelance clients
* What kind of projects clients trust freelancers with at the beginning
* How to position yourself (tools vs outcomes vs niches)
* Whether freelancing is realistic at \~3 YOE, or if contract roles are a better entry point
* Common mistakes DevOps engineers make when starting freelancing

For those already freelancing:

* What would you do differently if you were starting today?
* What helped you win trust without a long freelance history?

Thanks in advance any real-world experience or guidance would be very helpful.

https://redd.it/1q2pw6l
@r_devops

Where do people get the idea from that DevOps is the way to go career wise?

If you wanna get into IT / remote / lotta money(im sure thats what they get told haha) I would suggest following some development courses where its easier to have a junior role.
What i did see float around without calling their names are people that sell courses with the promise that if you know a ci cd tool and some docker/kubernetes you can get into the business which in my personal experience is not realistic.


https://redd.it/1q2qkpr
@r_devops

Open source observability - what is your take?

Hey there 👋

I currently use victoriametrics/grafana for metrics and Loki for logs (I also use ELK, but not every project has the budget to keep an ES cluster running, so S3 is a nice alternative).

What I'm missing from this stack is APM. Today I stumbled upon a link (which I lost) for a new s3-backed open source apm tool and got me thinking about this.

Since I'm already on the Grafana stack, I'm considering Tempo, but there are other alternatives like https://signoz.io/ https://openobserve.ai/ and Elastic APM. All three of those are pretty resource-hungry and I'd prefer something lighter with S3 storage.

Do you have any suggestions for other tools to evaluate? On the app side we're mostly hosting php and python apps.

Happy new years and thanks in advance for any tips!

https://redd.it/1q2u17c
@r_devops

What actually happens to postmortem action items after the incident is “over”?

Hi folks,

I’m trying to sanity-check something and would appreciate some honest answers from people doing on-call / incident work.

In places I’ve worked (small to mid-size teams, no dedicated SREs), we write postmortems after incidents, capture action items, sometimes assign owners, set dates… and then real life happens.

A few patterns I keep seeing:

action items slip quietly when other work takes priority
once prod is “stable”, the incident is mentally considered done
weeks later, it’s hard to tell what actually changed (especially for mid-sev incidents)
sometimes the same incident happens again in a slightly different form

Tooling-wise, it’s usually:

incidents/alerts arrive in Slack
postmortems written in Confluence
action items tracked in Jira (if they make it there at all)

My question isn’t how this should work, but how it actually works for you/your team:

What happens when a postmortem action item misses its due date?
Is there any real consequence, or does it just roll over?
Who notices, if anyone? Do you send a notification?
Do you explicitly track whether an incident led to completed changes, or does it fade once things are stable?
If incidents consistently resulted in completed follow-up work — and didn’t quietly fade after recovery — would that materially change your team’s on-call life?

Not looking for best practices. I’m just trying to understand whether this pain exists outside my bubble.


I appreciate any comments / opinions in this area :)

Cheers!

https://redd.it/1q30bt7
@r_devops