Fighting with Tribal knowledge

Tribal knowledge refers to a situation where knowledge is passed verbally from one person to another. In most projects. You come in. You get a mentor/college that helps you. You have endless knowledge transfer sessions. Documentation is there, but it's not clear. You ask questions ... it ends up with your mentor describing to you what documentation is really about. There is too much info at once. You take notes. Remember "if it's not clear, just ask" ...

After a few weeks/month it's better. Documentation is way clearer now, but you started noticing it's outdated. You're still not an expert, so you decide to create something new. You start getting what it is all about. The problem is gone.

"Hey, let's meet Tom. He's the new guy, do you have a minute to show him around?" - asks your boss.

"Sure, will do" - you cannot hold your excitement ...

Now it's your turn to be a mentor. You notice that the documentation seems awfully outdated. "No worries Tom, just ignore those pages from 2019". Then you proceed to explain every bit. Almost like you would be telling a story to someone. It's a bit easier though, the story is written down.

At that time you think - "I will be the change I seek - I will fix it". So you create more documentation … that someone needs to maintain ...

It's not all lost. There is a way out of it. It's not easy and the win is not guaranteed.

We will go through suggestions of what to do to not need documentation or how to organize your knowledge so the documentation is not a must. I will also show you that documentation has so many different forms and how to let new-joiners explore.

Social Engineering: Hacking Humans

We put so much effort into securing our systems. We enforce multi-factor authentication. We deploy WAFs. We mandate software updates. We constantly scan our code. We encrypt our communication and sensitive data. Researchers ensure that ciphers remain strong. Yet, we’re still getting hit. Facebook lost $99 million, Ubiquiti $39.1 million, Google $23 million, Toyota $37 million, the Government of Puerto Rico $2.6 million, and Belgian Bank Crelan $75.8 million.

What is the common denominator in all these attacks? Social engineering. It is one of the most subtle yet potent set of techniques, often used by individuals or groups to exploit human weaknesses and gain access to systems and sensitive data. No organization or group is immune to this form of attack.

Working in an IT company places us in the crossfire. On one hand, we have access to not only business data but also information that could be exploited to attack our organization. On the other hand, IT professionals themselves are well-positioned, making themselves potential targets of attacks.

While it’s almost impossible to be fully protected against social engineering, it is vital to understand the possible vectors of attack. Various methods and psychological tricks can be used to compromise our security or that of our organization.

So, let’s buckle up and take a small step toward becoming more secure.

Never say "Hi"

"We strive to relentlessly optimize both our software and our development process. We create automated pipelines, conduct static checks, perform security scans, and run performance tests. We set up High Availability, Autoscaling, backups, health checks, and alerts. Yet, we still heavily rely on the most insecure, slowest, non-scalable, dependent, and overall faulty system - the human being. How do we communicate with it? What's the handshake? "Hi, quick call?" No, no more. It's time to put an end to it now. And you will see why and how to do it. Let's dive in and leave the "Hi" behind."

Ignite Talk