You can’t win. You can only control how quickly you lose.

What’s your next move? Screenshots: Emulator Online

Like most people who’ve played it, I love Tetris. I still remember playing it for the first time on a friend’s Nintendo Game Boy. Not only is Tetris one of the best games of all time, it’s an excellent analogue for technical debt. The impacts of technical debt are something I’m deeply familiar with — I deal with them every day.

I’ll also share a personal story of how my team and I reduced technical debt in some billing code, fixing a $1 million-per-year bug.

A thin, transparent layer of air protects all life on Earth from the dangers of space.

Steps you can take today to improve your security posture

I’ve long said that security is inversely proportional to convenience. While I still believe that to be true, there are plenty of simple things you can do right now that will help to improve the overall security of your company without sacrificing productivity. Here are a few examples which I frequently share with my clients.

Keep a paper trail

Use an issue tracker and start the habit of filing a ticket for everything — this gives you the ability to look back at any point in time at what needed to be done, why it was done, and by whom.

  • Building a new feature?

Mount St. Helens, hiding in the clouds

That doesn’t mean they aren’t useful

I’ve written before about why I think security culture is important. In that article, I mentioned that some of my clients are surprised that I don’t audit their product code. Here are three reasons why:

  1. Attackers think bigger
    Potential flaws in your product software aren’t the only opportunity for threat actors. They’ll attack easier targets such as your developer tools or build servers. These provide incredible levels of access and are less likely to be secured and monitored. …

“…An ounce of prevention is worth a pound of cure…” — Benjamin Franklin

A healthy security culture is one where everyone along for the ride will habitually put on their seatbelt

Are you the type of person who always wears their seatbelt, I hope? If so, you will probably feel uncomfortable without it. The reason you get that feeling is because you’ve spent most of your life building safe habits which makes it weirder to not do it. Building a culture of security at your organization should create the same experience — it should feel uncomfortable for anyone to break their security practices.

These days, an employee can compromise an entire company with a single click. Too many organizations are learning this lesson the hard way. Whether you’re a two-person startup…

Updating session tokens on a high-traffic web service like we have at Optimizely presents several engineering challenges. With the current state of technology, the customer reasonably expects our service to be always-on, so taking it offline for “scheduled maintenance” is no longer an acceptable option. This requires us to perform a live migration of users, maintaining backward-compatibility, all while avoiding any customer-facing service interruptions.

At Optimizely, we’ve recently done this successfully and we’d like to share how we did it and what we learned for the benefit of the global engineering community.

Versions to the Rescue

The basic technique we used to do this…

Eric Higgins

Maker, inventor, engineer, nerd, & author of Security From Zero: Practical Security for Busy People

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store