Work

This article is adapted from a corporate newsletter article I wrote. I have only changed the parts that would leak corporate information. I speak often about my stance on traditional security teams at many companies. Often they are the Department of No, they act like they are the police, and they aren’t very technical. As a result, employees in other departments speak to them only as a last resort and ultimately the security team becomes balkanized and blind to what’s going on at the company. ...

An overweight man comes into the doctor’s office. He says to the doctor, “hey, I’m looking to get in shape, lose weight, and get healthy. But I don’t know what to do. What is your advice on what I should do?” The doctor replies, “that a great ideal. well we can certainly do a checkup and make sure there are no biological or genetic issues that will hinder your goals. But for starters, my advice is to get more exercise and eat right. So, what are you eating right now?” ...

I was helping out IT this week with an automation task they had: they want to sync the data in UKG (an HRIS platform) with the data in the IdP. The problem was, nobody’s documentation was very good and left out important details, and Google was almost no help either. Hopefully someone else can stumble their way onto this page and get going quickly. curl -H 'Accept: application/json' \ -H US-CUSTOMER-API-KEY: xxx' \ -H 'Authorization: Basic base64(username:password)' \ https://hostname/personnel/v1/employment-details Ref: https://developer.ukg.com/hcm/reference ...

As we kick off 2023, the technology industry is grappling with an unprecedented wave of layoffs, leading to a phenomenon that I am coining the “2022 Tech Bust.” This crisis has sparked comparisons to the Dotcom bubble burst of the early 2000s, reminding us of the importance of learning from the past to navigate a sustainable path forward. I want to examine the factors contributing to the current situation, reflect on lessons from the Dotcom era, and discuss potential solutions for a more stable and inclusive tech industry. ...

As I see it, there are 3 ways for a company to increase its profits. Get more customers. Reduce expenses. Squeeze more money from existing customers. The first is the most obvious, but some companies have either terrible marketing departments, ineffective sales departments, or unproductive engineering departments (these are the three major profit centres). The second is always useful to be doing, not just when a company wants growth. But there are limits to this endeavour because only so much “fat” can be trimmed before it hits muscle, and eventually bone. Companies must have some expenses in order to make revenue and, just like humans, a little fat helps to cushion–or protect from–adverse situations. ...

I love efficient meetings. I love meetings that were scheduled for 30 minutes but instead take 8 minutes. One of the tricks I use to hold efficient meetings is to put topic tags into each agenda. Oh, and the other trick I use is to always have a meeting agenda. Friends don’t let friends accept meeting invites without an agenda! An agenda topic tag consists of a bullet point about the topic, prefixed with who brought up the topic and a quick word on what can be expected. For instance, this is an agenda entry with a topic tag: ...

I am taking the wraps off of my first product ever: Security Awareness for Busy People. Those who know me know that I’m not the type of person to shout my accolades from the rooftops, so this is a bit out of my comfort zone right now. Regardless, I’m proud of my work and I want to share this with the world. Background As I mentioned, this is my first product ever. Throughout my career I have helped other companies build software, maintain secure systems, or train their employees to be better developers/operators/administrators. I have done this as both a full-time employee and as a consultant. I always have these ideas to create products and yet never deliver on them for a couple reasons: ...

Today’s article is going to be a bit different. I recently interviewed with a company and had such a bad experience that I really wanted to talk about it. But, I wanted to let some time pass so that my emotions do not cloud my writing. Fortunately, the company in question gave me the chance to provide some anonymous feedback on the interview process. Unfortunately, they don’t quite realize that anonymity is difficult to get right, and that nobody else in the world gets to read and learn from the feedback. So I’m posting it here. I’m not posting it on Glassdoor because I want to own my content, not relinquish it to a third-party or play the name-and-shame game. ...

Recently I was approached by an internal recruiter looking for someone who dabbles in Cloud, software development, infrastructure and security (so-called “Cloud DevSecOps”). The initial conversations went extremely well and I was moved onto the next stage where I was told my AWS skills would be “assessed.” The Setup To my surprise, the assessment meant that I would be given a take-home test, which is an odd way to test someone’s Cloud security skillset. After all, what could they do, grant me access to their AWS account and start racking up charges as I harden the system? All I was given in the preparatory materials was the idea that I would be integrating a third-party SSO provider into a Web application. Okay, this sounds oddly vague but, in a way, it may have a bit to do with Cloud Security. I set aside what limited free time I have these days and submitted a form that informs me that the test will begin and a timer will start. ...

I am often asked the question at networking events, “What do you do at Unbounce?” and I never have an engaging answer. I am working on why that is (future article?) but since I am much better at writing, this is what I will try to say. Q: “What do you do at Unbounce?” My position is Head of Security, but that’s when most people’s eyes glaze over or envision me as a security guard. So let me explain it with an example. Have you ever visited a website that was selling a cool new toy, book or idea? Let’s say they ask for your name and email address so you can be put on a notification list when the product is available for purchase. There is a good chance that website is hosted on our system, and your personal data you just submitted is now flowing through our servers and being stored there too. ...