After many years in Security @ Riot Games and eventually putting the "s' out there, I recently decided to jump out of my comfort circle for a new challenge and joined a start-up (yes, I left a comfortable, stable job in a pandemic, lunacy lol). Now that I've been here almost 6 months, I wanted to share some findings because security at a start-up is significantly different. When you join a start-up, there's going to be so much that you can do and it will be incredibly easy to "boil the ocean", and try to fix everything. At best, this guarantees failure for the Security team, at worst, alienation from the engineering and product teams. There are some obvious quick wins that a Security team can make without slowing down iteration and innovation speed, while also reducing risk: Auth Partner with Engineering/IT/CTO such that there's alignment on Security owning all things "auth(n|z)". As part of this ownership, you need to be prepared to resp
When we (Rookie and Mark) sit down and go into one of those self-reflective modes, we often talk about things we wish we knew and so we figured it’d be a good idea to share some of those things. Hopefully maybe one person learns from our failings :) So, without further ado, this is the first post in the series of “Things I wish I Knew”. One thing, I (Mark) personally wish I knew about was imposter syndrome, which according to Wikipedia is: a psychological pattern in which one doubts one's accomplishments and has a persistent internalized fear of being exposed as a "fraud" From exams in school to sports competitions, each house move, big “stretch” projects, every new role and becoming a parent, I’ve always had the feeling that I’m not good enough. This typically results in me striving to prove myself constantly, which typically works out well but when it doesn’t, it causes: me to burnout colleagues or friends to become frustrated as I may not be giving them enough space