Veteran-Owned · Cloud Infrastructure Engineering
Aegis Cloud Group builds the AWS GovCloud environments, Terraform codebases, and technical control artifacts that federal programs need to pass Authority to Operate. ACG is the infrastructure counterpart to your compliance team — we build the thing; they document it.
“Working infrastructure. Not strategy decks.”
Four opinions that shape every engagement. Not a methodology pyramid or a five-pillar framework — these are the reasons behind every architectural call ACG makes.
The platform you deploy today will be wrong in six months. Design so the next change is a refactor, not a rewrite.
Evolvable beats optimal. Cloud infrastructure has exactly one constant — it will change — and the architectural calls that matter are the ones that make the next change cheap. I pay for that flexibility up front instead of eating it later as a migration.
A good-enough system shipped in month one beats a perfect one in month twelve.
Ship the smallest thing that holds up under load. Refactor toward elegance using real operational data, not committee consensus. Iterate is a verb, not a milestone — and most of the time, the month-one version is where you find out what “great” actually needs to be.
Every platform gets run by fewer people than built it. Build for the pager, not the demo.
Actionable problems alert loudly; non-actionable noise belongs in logs, never the pager. Toil is a bug — if it's manual, repetitive, and automatable, it gets automated before it becomes a job description. Observability is a product, not a dashboard.
“Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” — John Lambert, Microsoft Threat Intelligence
Design federal infrastructure assuming attackers will find the edges the control inventory didn't map. Shrink the attack surface before it has to be catalogued. Prefer identity and network boundaries that fail closed. Treat the audit trail as a real product, not an afterthought. The control matrix is one view of the system; the threat graph is the one that matters.
Four engagement types, all built around the same model: ACG delivers the engineering artifacts your compliance team needs to carry through A&A and ATO.
Deadline-driven GovCloud migration or greenfield build for programs with an A&A review on the calendar. You buy a delivered environment, not a discovery phase. This is the tier you don't want to need — but if you need it, ACG has run it in 60 days and delivered on schedule.
Multi-account AWS GovCloud build from the ground up. Control Tower, organizational structure, IAM, network segmentation, KMS, logging and audit baselines, and the Terraform underneath. Designed to hand off to your compliance team as something they can document rather than something they have to interpret.
Azure, on-prem, or commercial-AWS workloads re-architected into AWS GovCloud. Descope-first: shrink the attack surface before it has to be certified. Serverless where it fits, managed services where they fit, containers where they fit, and nothing else.
Senior cloud infrastructure engineering capacity for VA primes and federal cloud ISVs that need engineering hands without an FTE hire. Typical engagement: 20 hours/week, monthly minimum. Direct engineering time, not “strategic advisory.”
ACG is a newly formed practice. The engagement below is key-personnel past performance — work delivered by ACG's founder in a prior role, before ACG existed. It's the reason the practice exists in its current form, and it's the engagement model ACG is built around.
Joel Comeaux, now the founder of Aegis Cloud Group, architected and delivered the 60-day migration of a commercial learning platform from Azure Kubernetes Service to a fully serverless AWS GovCloud architecture. The platform serves a DoD customer and needed to pass a provisional ATO milestone on a fixed deadline. One engineer, end-to-end: architecture, Terraform, CI/CD, technical control implementation, and handoff to the compliance team. This work was delivered as a W-2 employee of Enduvo in 2023 — not as an ACG engagement — and ACG cites it as principal past performance, not corporate past performance.
Read the full case study →Beyond the Enduvo engagement, ACG's founder brings 15+ years of platform and reliability engineering at scale: SRE leadership for the Remote Online Notary product line at DocuSign (formerly Liveoak Technologies), supporting Fortune 500 financial services clients; Lead Platform Engineer at Oak Ridge National Laboratory; ownership of annual SOC 2, HIPAA, and PCI DSS audit cycles for production fintech platforms; and principal-level Kubernetes and Terraform engineering across multiple production environments. The HIPAA audit ownership is directly relevant to VA work, where infrastructure engineers are expected to operate fluently under HIPAA as part of the standard compliance posture. All of this is prior W-2 experience, cited as key-personnel past performance — not as engagements delivered by ACG the LLC.
Negative-space positioning matters. It's how buyers separate engineering engagements from consulting engagements. Here's what ACG explicitly doesn't sell.
Whether you're a prime building a subcontract team, a program office preparing a system for A&A, or a federal cloud ISV racing an ATO milestone, ACG is available for engineering-side engagement. Tell me what you're working on and I'll follow up within one business day.