You can’t win. You can only control how quickly you lose.
Like most people who’ve played it, I love Tetris. I still remember playing it for the first time on a friend’s Nintendo Game Boy. Not only is Tetris one of the best games of all time, it’s an excellent analogue for technical debt. The impacts of technical debt are something I’m deeply familiar with — I deal with them every day.
I’ll also share a personal story of how my team and I reduced technical debt in some billing code, fixing a $1 million-per-year bug.
Steps you can take today to improve your security posture
I’ve long said that security is inversely proportional to convenience. While I still believe that to be true, there are plenty of simple things you can do right now that will help to improve the overall security of your company without sacrificing productivity. Here are a few examples which I frequently share with my clients.
Keep a paper trail
Use an issue tracker and start the habit of filing a ticket for everything — this gives you the ability to look back at any point in time at what needed to be done, why it was done, and by whom.
- Building a new feature?
File…
That doesn’t mean they aren’t useful
I’ve written before about why I think security culture is important. In that article, I mentioned that some of my clients are surprised that I don’t audit their product code. Here are three reasons why:
- Attackers think bigger
Potential flaws in your product software aren’t the only opportunity for threat actors. They’ll attack easier targets such as your developer tools or build servers. These provide incredible levels of access and are less likely to be secured and monitored. …
A healthy security culture is one where everyone along for the ride will habitually put on their seatbelt
Are you the type of person who always wears their seatbelt, I hope? If so, you will probably feel uncomfortable without it. The reason you get that feeling is because you’ve spent most of your life building safe habits which makes it weirder to not do it. Building a culture of security at your organization should create the same experience — it should feel uncomfortable for anyone to break their security practices.
These days, an employee can compromise an entire company with a single click. Too many organizations are learning this lesson the hard way. Whether you’re a two-person startup…
Updating session tokens on a high-traffic web service like we have at Optimizely presents several engineering challenges. With the current state of technology, the customer reasonably expects our service to be always-on, so taking it offline for “scheduled maintenance” is no longer an acceptable option. This requires us to perform a live migration of users, maintaining backward-compatibility, all while avoiding any customer-facing service interruptions.
At Optimizely, we’ve recently done this successfully and we’d like to share how we did it and what we learned for the benefit of the global engineering community.
Versions to the Rescue
The basic technique we used to do this…
Eric Higgins
Maker, inventor, engineer, nerd, & author of Security From Zero: Practical Security for Busy People
