Paradigms that make me tick are;
- Don’t create technology but solutions
- Clear separation of state[less|ful], e.g. through (docker) containers
- Diagrams or documentation, begin with the end in mind
- Infrastructure as Code (IaC)
- Security by design
Your company IT security is important to me,
security is not optional.
Ever company has a different history/legacy and attack surface,
but the most import aspect is the company culture.
Employees should be thanked if they report an incident,
punishment leads to deleting logs/evidence and fear or reporting.
Security is not achieved through special measures alone,
but by creating awareness.
For me this results in creating tools such as a
a docker based
firewall (not using iptables on host)
2FA backup tool,
not for the purpose of using it,
but to create awareness and show alternative possibilities
to existing challenges.