Background In 2023, I bought The Good Parts of AWS by Daniel Vassallo and started learning about the Small Bets community he’d founded, and subsequently joined (you can join here ). Daniel has posted extensively about his thoughts on a full-time 9-5 job and I won’t repeat them here (you can follow him or Louie Bacaj on Twitter for many well thought-out posts on taking small bets as an indie hacker/solopreneur). I’m not active in the Small Bets community, more of a lurker who reads the messages later and watches the videos as recordings (fyi, there’s excellent classes every month with people who are creating/publishing/hacking and having successes, see the public calendar here ). Having joined the community, it got me thinking about what creative things I could do in my personal time to give me some fun challenges outside of work. Having been constantly asked by fellow parents on things like: - How do you control screen time? - Can my kid play “Call of Duty”? Should they? ( hint : i...
After many years in Security @ Riot Games and eventually putting the "s' out there, I recently decided to jump out of my comfort circle for a new challenge and joined a start-up (yes, I left a comfortable, stable job in a pandemic, lunacy lol). Now that I've been here almost 6 months, I wanted to share some findings because security at a start-up is significantly different. When you join a start-up, there's going to be so much that you can do and it will be incredibly easy to "boil the ocean", and try to fix everything. At best, this guarantees failure for the Security team, at worst, alienation from the engineering and product teams. There are some obvious quick wins that a Security team can make without slowing down iteration and innovation speed, while also reducing risk: Auth Partner with Engineering/IT/CTO such that there's alignment on Security owning all things "auth(n|z)". As part of this ownership, you need to be prepared to resp...