In my line of work, we've had sim-swapping attacks happen to a few employees. To mitigate this everyone is issued a hardware based MFA. Everyone gets 2 YubiKeys so just in case they lose one they can restore access to their accounts.
Additionally we have 1Password and separate vaults for each team. When an employee leaves the company the support team goes and rotates all the passwords in each vault the person had access to.
Personally I've made the cursed mistake of pushing up AWS secrets to Github. It's recommended everyone add git-secrets to their pre-commit workflow to prevent pushing up anything resembling a secret.
In my line of work, we've had sim-swapping attacks happen to a few employees. To mitigate this everyone is issued a hardware based MFA. Everyone gets 2 YubiKeys so just in case they lose one they can restore access to their accounts.
Additionally we have 1Password and separate vaults for each team. When an employee leaves the company the support team goes and rotates all the passwords in each vault the person had access to.
Personally I've made the cursed mistake of pushing up AWS secrets to Github. It's recommended everyone add git-secrets to their pre-commit workflow to prevent pushing up anything resembling a secret.
This is fantastic.
Both the security processes you guys use and the pre-commit tools by AWS I did not know.
Thanks for sharing!