Paradigms that make me tick are;
- Don’t create technology but solutions
- Clear separation of state[less|ful], e.g. through (docker) containers
- Diagrams or documentation, begin with the end in mind
- Infrastructure as Code (IaC)
- Security by design
- Data driven decisioning
Security
Your company’s IT security is important to me,
security is not optional.
Ever company has a different history/legacy and attack surface,
but the most import aspect is the company culture.
Employees should be thanked if they report an incident,
punishment leads to deleting logs/evidence and fear or reporting.
Security is not achieved through special measures alone,
but by creating awareness.
For me this results in creating tools such as a
password generator,
a docker based
firewall (not using iptables on host)
and
2FA backup tool,
not for the sole purpose of using it,
but to create awareness and show alternative possibilities
to existing challenges.