This handbook covers various aspects of work at Tight Line:
Welcome to Tight Line!
If you're reading this document, you've joined our team and we're happy to have you with us.
Our website is tightlinesoftware.com
The mission of Tight Line is simple:
Solve hard problems for our clients while working with people you enjoy.
Tight Line was created in 2025 as a merger between Rapid River Software and Cactus Code. The owners of Rapid River and Cactus Code, Nick and Filip, had collaborated on joint projects for several years before the merger. The merger was very natural from the point of view of cultural fit, operational resiliency, and business continuity.
Tight Line is named for a ski trail at Saddleback Mountain, a ski resort in the mountains of western Maine where Filip got his first taste of East Coast Powder in 2024. The headwall of Tight Line is rated as a double black diamond trail, lending Tight Line its distinctive logo.
A "tight line" is a fishing term referring to the moment where the fisherman is fighting a hooked fish. The eponymous ski trail is long, straight, and steep, giving the skier a similarly exhilirating feeling (if they survive).
- Filip Kapusta (Croatia): Co-owner
- Nick Marden (USA): Co-owner
- Tochi Okorie (Nigeria): Country Manager; Technical Project Manager
Since the founding of Rapid River in 2013 and Cactus Code in 2016, Tight Line and its antecedents have provided software development and/or DevOps consulting services to:
- Internet Brands
- The General Services Administration of the United States Government
- Salesforce
- VerticalResponse
Working at Tight Line often means working remotely.
Remote work is incredibly freeing and rewarding, but it carries additional responsibilities, too. Interacting with people all day through a screen and getting your work done when no one is there to watch over you requires professionalism, organization, and maturity. We trust our associates to exhibit all of these characteristics.
At the end of the day, the metric of success at Tight Line is: did you get the job done? And did you, your teammates, and our clients enjoy working with each other while we were getting the job done? If you can say yes to all of these things, your work at Tight Line is successful.
In general, the goal for full-time work at Tight Line is eight working hours per day, not counting breaks for meals, rest, etc. Some days it will be more than that; some days it will be less. If you find that you're consistently working a lot more than eight hours per day, you may be headed toward burn-out. Talk with your manager so that we can help you achieve a more balanced and sustainable schedule.
Tight Liners work worldwide, which means that your hours may need to start earlier or (in more cases) go later than a traditional office job. Accommodate this in your daily schedule as much as possible by taking time for yourself during slow periods to get up, stretch, go for a walk, get outside, etc. If you live with family or other loved ones, take time to be with them - they need you.
Vacation policy at Tight Line is handled by separate policies: one for full-time employees and one for contractors.
Full-time employees are granted a fixed amount of personal time off (PTO) each calendar year in addition to federal and local holidays. PTO may be taken by informing your manager, and receiving approval, in advance. You do not need to receive approval to take federal or local holidays approved by your local Employer of Record (EOR), but you are expected to inform your manager and your team ahead of time about your absence.
Contractors, on the other hand, are paid for the hours they work. They may take unpaid time off by informing their manager, and receiving approval, in advance. This includes federal and local holidays. In all cases, please inform your manager and your team ahead of time about your absence.
If you're sick, take time to get better. Simply let your manager know.
For employees, sick time will be handled under local labor regulations. For contractors, such time will count as unpaid time off.
Some positions at Tight Line may require carrying a software "pager" or generally being available to respond to emergent incidents. Your team is expected to carry this burden together, and accordingly, such on-call time will be partitioned between teammates on a known schedule.
When you are on-call, you will be expected to have a computer nearby, with reliable Internet access, in case you need to respond to an incident. Factor this into your planning for evenings and weekends if your on-call schedule includes either. If you are in an on-call rotation, we will assume these issues are sorted unless you raise your concern explicitly to your manager.
If you need to skip a previously-scheduled turn in an on-call rotation, talk with your manager and he or she will attempt to find an acceptable resolution to the issue. Please don't go offline when you're scheduled to be on-call without making sure that someone else has you covered.
If you have any questions about on-call, as with anything, talk to your manager.
Tight Line is largely remote, so polite and effective communication is paramount. Please try to remember the following guidelines at all times:
- For scheduled events like video conferences or calls, be on time. Always treat the other person's/people's time as valuably as you would treat your own.
- Take calls from a location with minimal background noise or distractions.
- Computer-generated backgrounds and images are fun and sometimes whimsical, but please don't make them a distraction. The same goes for your clothing and appearance.
- The above rule doesn't count if the call in question is a social event, but please wear some sort of clothing :-)
- Actually, on second thought, always wear clothing on calls. Please.
- Whenever appropriate, turn on your camera so that people can see you. Communication is a very visual thing, and intent is a lot harder to misconstrue when you can see the other person. One exception to this rule is larger meetings: keep your camera off in larger meetings unless it will benefit people for them to see you when you are talking or listening.
- People may read a different tone or voice or meaning into your writing from what you intended. When writing, try to phrase what you are saying to minimize the chance of being misunderstood.
- Be especially careful when making jokes, since they are often not taken the way they are intended. Jokes that demean people are never OK at all.
- And always, be kind. Software development and DevOps may be fun, but sometimes they can be exhausting or stressful. Think about the person behind the screen and treat them the way you would want to be treated.
Some Tight Line associates will receive an @tightlinesoftware.com Gmail address. Its use is subject to the rules described in the Security section below.
If you have an @tightlinesoftware.com address, please use it wisely. It carries the name of our company and as such, it is more than just "your email address"; it is you speaking as a representative of Tight Line. Never forward sensitive information received at an @tightlinesoftware.com address to anyone other than those who need to see it.
All @tightlinesoftware.com email is considered the company's property, and the company reserves the right to examine any such email at any time. That said, we never want to feel the need to exercise that right, so please keep your communications on company email appropriate, professional, legal, and secure at all times.
If you have any questions, please ask your manager for clarification.
Everyone at Tight Line is invited to join the Tight Line Mattermost. Here are some tips to make life on Mattermost more enjoyable:
- Put messages in the correct channels
Town Square: Things that everyone at the company needs to know aboutOff-Topic: Random, fun, and goofy stuff. Cat videos, bizarre news headlines, happenings from your town that might be of interest to other Tight LinersFar Side: The best comic strip ever.
- Use threading to stay on topic. This is a major thing! It's a lot easier to read a channel when discussions get moved into threads for a follow-up conversation.
- Emojis can be an effective way to express approval, surprise, joy, etc. instead of messages. Like threads, they reduce clutter in the channel and keep communication flowing.
- If you want to create a new channel, do it! But first check to make sure that it's not a duplicate of one of the existing channels, please.
Tight Line is in the business of building and maintaining systems that typically contain sensitive data. That sensitive data often belongs either to our clients or to their customers. As such, it is absolutely critical that all Tight Liners understand and follow proper security procedures when performing their work or when in possession of devices that can be used to access sensitive software, data, networks, or systems.
Tight Liners should always do their work in a secure physical space.
If you are working at home, you must be able to lock the space where you work when you are not there so that no unauthorized person has access to your computer or network devices.
If you work in an office, any space where you will leave behind computer or network devices must similarly be lockable and locked when you are not present.
For many associates, Tight Line will provide a laptop or desktop computer appropriate for their working needs.
Such devices may be configured with Mobile Device Management software that assists in achieving compliance with the policies in this handbook.
In all cases it is the associate's responsibility to comply with the policies listed in this handbook. If you have any questions about whether your device and its policies are compliant, reach out to a member of the Tight Line management team and we will help you.
The section pertains to associates who want to use their own devices. This situation is often referred to as "Bring Your Own Device" or "BYOD".
To ensure up-to-date security patch availability, BYOD devices must run one of the following operating systems:
- Windows 11 or later
- Apple macOS 15 (Sequoia) or later
- Ubuntu LTS 24.x or later
- Fedora Core 42 or later
You must configure your computer to apply critical patches from your operating system vendor within 30 days of their release.
Your computing devices should include software to automatically scan for viruses and malware using up-to-date virus and malware signatures. Your computing devices should also employ a software firewall in addition to any local hardware or enterprise firewalls you may have configured.
Your computer must also be configured to lock its screen when you stop working, close the laptop lid, or otherwise disengage from the computer. The screen lock should require a password set following the Passwords policies described below.
Tight Line reserves the right to audit your computing device(s) from time to time to ensure that these security requirements are being enforced. If your computer is not up-to-date, you will be asked to take unpaid time off until the issues in question are remedied.
All passwords used for your computing devices, Tight Line resources (such as email or Slack), as well as for any client systems to which you have been granted access, must meet the following requirements:
- be protected at all times
- be at least fourteen (14) characters in length
- be changed at least annually and not reuse any previous passwords
- may not contain the user’s account name or any part of their full name
We strongly suggest using a password locker such as LastPass or 1Password to simplify the management and rotation of passwords to comply with the requirements listed above.
Whether you work from home or in an office, we need the network on which you work to be secure. For that reason:
- WiFi shall be configured with a minimum of WPA2-PSK or WPA-2 Personal encryption standard.
- All default vendor passwords must be changed before connecting any devices for use at Tight Line.
- Router software shall be kept up to date and patched with vendor’s software.
- Routers shall have external access (remote administration) disabled.
- Default SSIDs must be changed from vendor default to something unique.
- We prefer you to configure guest WiFi features on your router if it supports it.
In addition, work with our client(s) will likely occur over VPN connections to our clients' networks. Only devices meeting the criteria in this handbook, and used for approved Tight Line work, should be connected to such VPN connections. VPN connections should not be shared or routable on your network.
Any other devices (phones, tablets, etc.) that you use to connect to Tight Line or client networks or resources should substantially follow the same guidelines as those given above regarding physical security, updates, passwords, and network security. We want your use of technology to be convenient and portable, but never at the expense of security.
All data or source code belonging to Tight Line or its clients must be encrypted at rest. Users of the following operating systems should activate the appropriate encryption mechanism for their computers' hard drives:
- Windows 11: BitLocker
- OS X: File Vault
- Ubuntu Linux: Full disk encryption (FDE) or LUKS
- Fedora Linux: LUKS
Make sure to store your decryption keys somewhere safe!
A lot of the data that you will interact with during your time at Tight Line will belong to Tight Line and/or its clients. That includes but is not limited to:
- Source code
- Documents, including word processing, spreadsheets, presentations and other file formats
- Credentials such as passwords, keys, and passphrases
- Database dumps or copies used for development or other purposes
- Configuration files and other metadata
You should never access, copy, or share such data unless required by your job function. Before sharing outside of Tight Line or the relevant client organization(s), make sure to mark the document as confidential and property of Tight Line and/or the relevant client organization as appropriate.
If you have any questions, please ask your manager and they will be happy to guide you so that you can feel confident.
To help you understand the importance of different types of data and how to access such data appropriately, Tight Line and/or its clients will provide you with appropriate training on the following subjects:
- HIPAA Compliance
- PCI
- CCPA and GDPR, where appropriate
Please let your manager know if you have not received training in any of these areas and we will work with you to get you trained. Once you've completed appropriate training modules, please let the Human Resources Director know so that we can annotate your personal records appropriately.
It is nearly impossible to overstate the importance of reporting security incidents or data breaches. Under a variety of laws: GDPR, CCPA, HIPAA, and others, it is can be either a crime, a serious civil infraction, or both not to report a known or suspected security incident or data breach. So it is not only Tight Line's reputation, but even its actual existence as a company, that is on the line when it comes to properly handling data privacy and protection.
If you feel that any of the following has happened:
- A physical device containing sensitive Tight Line or client data was stolen or compromised
- An unauthorized person gained access to your device, Tight Line's network resources, or any client network resources
- Data or source code belonging to Tight Line or one of our clients was compromised or exfiltrated by an unauthorized user
- Any other sort of security or privacy breach that could put Tight Line's or our clients' data, intellectual property, physical property, personal property, or other assets at risk
then immediately report the incident to your manager. We will work with you and with local authorities to correctly and thoroughly report the incident, and we will handle any reporting that may be required within our client organizations as well.
Not reporting a security incident or data breach because of embarrassment or because you think it is "no big deal" is NOT acceptable. Everyone makes mistakes; the only unforgivable one is not coming forward and admitting it so that we can handle the situation appropriately.
If you feel there are items overlooked in this handbook, please provide us with feedback through your manager or the Human Resources Director.
This document is stored in Github at README.md