Pros Are Lazy at Home

Our own worst enemy

Have you ever seen what a fine dining chef eats after a 12-hour shift? It’s bleak. A can of White Monster and a cigarette. Maybe some imported instant noodles* hunched over their kitchen sink if they’re feeling particularly fancy. “Oh you’re a chef, you must eat so well at home.” Everybody who has ever worked in a kitchen snorts at comments like that. Why? After 12 hours of sweat, blood, and managed chaos reaching for perfection at work the last thing they can muster is a gourmet effort at home. Besides, they’re snacking tasting all day. How do you have an appetite after that?

*shout-out to MAMA brand Creamy Tom Yum.

Knowing better != doing better

Why isn’t your home network segmented? What does your monitoring stack look like? Are those off-brand Hue bulbs dialing overseas overnight? Hey buddy how’s that network map and device inventory coming?

Sorry for the jumpscare.

I’m not a psychologist. I just know this rings true for many professionals: we actively try to leave work at work. Now I know there are exceptions; True Believers who live and breathe cybersecurity and cannot switch it off. The obsessed. Personally, I know I have a finite amount of brainpower each day and then I’m tapped. Anything beyond that and I’m risking burnout. This isn’t a race. Balance is healthy. Let’s seek middle ground. You’ve been tasting all day and you need to wake up and do it all again tomorrow.

Let’s shift the perspective

I’m not pontificating from some lofty position of superiority. I’m right there with you. Most of us have our blind spots. I want to document my process of getting my act together and to try to help you do it too. That’s a core motivation of creating this blog.

Not only do we all know we should be doing this kind of work, but there’s genuine professional development value in working through the process. It’s a broad field and nobody touches every technology. Working with different tools in different environments is good for us.

Why we get it wrong at home

Too busy? Nobody’s paying you to protect your home network? Fine. Think of it as an act of self care. You’re worth doing it the right way. Your family and guests are worth it too.

• You’re tired.
• This isn’t your job.
• You trust yourself and your stuff more than you should.
• Nobody’s watching. Nobody’s auditing.
• The stakes feel low… until they aren’t.

Start with priority (offender?) number one: the router.

The router is King

Show me a home network, and I’ll show you a router exposing a wide-open configuration page (probably at 192.168.0.1). I’m not overly concerned about where that page lives. What matters is who can reach it. The router is the most privileged device in most home networks, yet the admin interface is often left exposed to every device on the LAN.

Least Privilege is simple: users and devices should only be able to access what they need and nothing more. Steve from Marketing has no business reviewing his coworkers’s pay stub. Not because he’s malicious, but because people act unpredictably. Sometimes we must save users from their own poor decisions. Are you familiar with the saying, “Locks only keep honest people out”? Well. Add more locks. Honest people have bad days too.

If locks keep honest people out, add more locks.

In my home network, there are plenty of Steves. Hue bulbs. A mopping robot. HomePods. Smart plugs. At the time of writing, devices outnumber humans here 125 to 1.

Why should I allow any of them to reach my router’s configuration page?

Yes, the page is password protected. That’s a single control protecting the keys to the kingdom. If just one of those devices gets compromised–or your kid guesses the password–it is game over. Your network is no longer yours.

Let’s shift our security efforts earlier in the chain. Build more layers. Design with intention.

Some progress is good progress

I didn’t start with advanced segmentation or monitoring. Instead, let’s begin to secure the network from base principles. I asked myself:

“Who is taking administrative actions on the net and what devices do they use?”

The first part may or may not be trivial. In my home, I have a technically skilled, trusted roommate. As of now he’s not interested in access to management functions, but that might change in the future. That means my decisions here should be scalable to some extent.

Now, the second part of the question. I imagine most of us tread water in a sea of computing devices. I didn’t have a single machine designated as my true management workstation. But why not? Surely I have the hardware. The problem is mostly strategic and logical rather than practical.

So I made a few decisions.

1. I will designate a primary management workstation
2. I will not use this workstation for daily web browsing or video games
3. This workstation will be treated as if I am beholden to my own personal Acceptable Use policy
4. Only this workstation and a designated backup will be able to reach the router’s configuration page
5. Admin credentials will be stored in a password vault that is separate from my general purpose vault

Gaming: a concrete example

I have what I’d call a touch of vocational paranoia about video games. Gamers install complex, opaque software that isn’t scrutinized by open source developers or trusted third parties. Modern competitive games take it one step further by hooking into the kernel to detect cheating. That is more than enough to pique my interest.

Because of this, I have an insulated gaming persona. That persona only has access to password vaults that are relevant to video games. When I am logged into that system as that user, I can’t go check my personal email or pay my bills. Does that introduce friction? Yes. Is it overkill? Probably. But I find value in experiencing a little bit of friction there. It’s a gentle reminder. It’s Least Privilege in action.

Security at home is like security at work. I encourage you to walk the walk and embody some of the principles we know to be foundational to digital hygiene.