• 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle
  • The entire pandemic, our security operations team got constant commendations for how rapidly we scaled up, and they touted the increased productivity we had WFH. I was officially reclassified as a remote worker at the start of Covid.

    Then we got a new manager after 2 years who decided everyone needed to RTO “as needed”, then monthly, then weekly.

    My disabilities and medication prevents me from safely operating a vehicle to commute and my respiratory disability puts me at an extremely high risk of complications from Covid (was bedrested for 3 days from Covid, took almost a month to mostly recover, after multiple booster shots).

    Tried to get accommodation, which I had never had to formally get before. Was surprisingly easy to get from HR, but my manager on the other hand made my life hell.

    My manager, though, pulled out all the stops.

    • He submitted a “request for family leave” for every workday that I was working from home instead of the office while I was working through HR accommodation request process. which I only found out about after HR mailed me a letter formally denying the requests.
    • Then my manager straight up told me, “I think the only reason you put in a request for accommodation is to avoid coming into the office”
    • Manager would “Forget” to invite only me to meetings, when others that were WFH due to illnesses like Covid would get an invite.

    Jokes on them, though, I left with a very short notice, little to no documentation on key projects that I was the sole driver and maintainer on. Literally left 2-year project with 2 pages of documentation that weren’t even up to date.

    • Went from making $100K total comp to over $150K total comp.
    • Insurance is kickass, talking like $400/m medication only costing $15/m with no deductible.
    • Nice RSU package, 60k over 4 years
    • No after-hours or on-call, no SLAs




  • Personally I trust Bitwarden more than myself to keep all my passwords secure AND available. They’ve got a good track record as far as I’m aware.

    For general security hardening though…

    I use Shodan to help me identify if anything is misconfigured and what is visible from the web. You can pick up an account for usually $1 for life when they run a deal, then you can just monitor your DDNS, domain, and IP address and have it email you when any new services are detected.

    Cloudflare Tunnels, to remove the need for a nginx reverse proxy (with the added benefit of easy failover as well as simplifying your stack). Then I’m utilizing Cloudflare’s WAF to handle filtering out known malicious, foreign IP addresses, and other malicious traffic.

    Another route you can go is a Nginx/haproxy reverse proxy behind something like Suricata. Then you can utilize something like fail2ban or crowdsec.

    Authentik. Get everything behind a SSO experience and don’t expose your backend services to unauthenticated local traffic (utilize http basic auth with header passthrough in authentik). So many people setup auth wrong and then have something like auth.domain.com going through auth but then mistakenly have their external IP address setup to allow traffic in authenticated.