alt Hacker NewsEh, over time I've come to believe having systems that manage insider risk is more important than expecting to be perfect in hiring.
Like, any system will fail if too many of its members don't care about maintaining it, but you're going to hire the wrong person from time to time.
It's important to design your systems to minimize access, both in terms of not allowing everyone access to everything and to only allow people as much access as then need to do their jobs, to require multiple people to sign off on temporary access grants, to create audit trails and to actually audit them and have consequences for violating the rules.
(Which, in this case, DOGE purposefully dismantled.)
It doesn't just protect the data from nefarious villains, it also protects young idiots from themselves, who don't realize you can cause harm just by being curious.
Replies
Hum... The buck still has to end at some point. Somebody will have the power to override process or access things directly.
At DOGE, those somebodies were a bunch of red-piled barely adults that worshiped Musk.
Sure, I'm not proposing that we shouldn't have systems to mitigate insider risk.
I'm proposing that we both have systems to mitigate insider risk and we try to avoid hiring ideologically motivated and ethically compromised goobers to highly sensitive government jobs.
And I'm proposing that we don't write this off as, "welp he's a kid!"