New ask Hacker News story: Ask HN: How are you securely onboarding people remotely?
Ask HN: How are you securely onboarding people remotely?
5 by davezatch | 0 comments on Hacker News.
Hey HN, I'm the Engineering Director for a company in Beriln that currently has ~40 engineers. We're hiring right now, and between Corona and the fact that lots of big players like FB are pushing remote work, I want to embrace our brave new world head-on. As an engineering team, we're currently struggling with how to bring on people we may not meet in person for many months, in a safe and secure and trusting way. We are, at least for the forseeable future, going to be a hybrid on-site and remote team. I know that has drawbacks, but, well, everything has drawbacks :) We have smart people and can probably figure this out, but I would rather avoid easy mistakes if possible, so I'm reaching out to the hive mind. I'm curious about things like: - What kind of tooling/processes have companies implemented as they go more remote? What changes have had a big impact? - How restrictive are companies generally with new employees in terms of amount of codebase they can access, secrets (think API token for an important third party), customer data/logins that are necessary for fixing tricky bugs, etc? - How do you handle ramping up someone's access? (e.g. new devs can't see $IMPORTANT_SECRET until...X months? manager sign-off? some kind of security training?) - What legal/regulatory/cultural issues may pop up hiring developers on the other side of the world? (e.g., if a developer here steals a laptop or company data, we would just call the police. What do we do if a developer in $FARAWAY_COUNTRY_WITH_DIFFERENT_LAWS_AND_CULTURAL_NORMS does the same?) - Anything else I'm not even thinking about, because I'm new to this? Bonus points if anyone can point me to (or write!) a blog article that explains how their company does this. I can't find one, which is surprising!
5 by davezatch | 0 comments on Hacker News.
Hey HN, I'm the Engineering Director for a company in Beriln that currently has ~40 engineers. We're hiring right now, and between Corona and the fact that lots of big players like FB are pushing remote work, I want to embrace our brave new world head-on. As an engineering team, we're currently struggling with how to bring on people we may not meet in person for many months, in a safe and secure and trusting way. We are, at least for the forseeable future, going to be a hybrid on-site and remote team. I know that has drawbacks, but, well, everything has drawbacks :) We have smart people and can probably figure this out, but I would rather avoid easy mistakes if possible, so I'm reaching out to the hive mind. I'm curious about things like: - What kind of tooling/processes have companies implemented as they go more remote? What changes have had a big impact? - How restrictive are companies generally with new employees in terms of amount of codebase they can access, secrets (think API token for an important third party), customer data/logins that are necessary for fixing tricky bugs, etc? - How do you handle ramping up someone's access? (e.g. new devs can't see $IMPORTANT_SECRET until...X months? manager sign-off? some kind of security training?) - What legal/regulatory/cultural issues may pop up hiring developers on the other side of the world? (e.g., if a developer here steals a laptop or company data, we would just call the police. What do we do if a developer in $FARAWAY_COUNTRY_WITH_DIFFERENT_LAWS_AND_CULTURAL_NORMS does the same?) - Anything else I'm not even thinking about, because I'm new to this? Bonus points if anyone can point me to (or write!) a blog article that explains how their company does this. I can't find one, which is surprising!
Comments
Post a Comment