Jacob Kaplan-Moss

I’m a software developer, co-creator of Django, and engineering leader. I’m an owner and consultant at REVSYS, and am the Treasurer of the Django Software Foundation. Previous jobs: Latacora, Hangar, 18F, Heroku. If you’re looking to contact me, please see how to get in touch and the ways I’m available to help.

Writing

Changing Directions June 3rd, 2025

Two announcements: (1) I’m leaving the tech industry. Hopefully “for good”; if not, at least “for now”. (2) As such, the content on this blog is going to shift, perhaps dramatically. I’m going to be writing about a broader range of topics that interest me (projects around my hobby farm, wilderness trips, emergency medicine) – more writing for me, less writing for some imagined audience. (I’ll probably still end up writing about some of the same topics as I’ve been covering since 2020, just less often.) I’m writing this post mostly to give myself permission to make that change, and to give readers the opportunity to unsubscribe/unfollow if they’re not interested.

How to report a security issue in an open source project March 27th, 2025

So you’ve found a security issue in an open source project – or maybe just a weird problem that you think might be a security problem. What should you do next?

Beware tech career advice from old heads March 13th, 2025

If you’re new to tech – say, less than 5 years in the field – you should take career advice from people who’ve been in the industry more than 10-15 years with enormous skepticism.

Thinking About Risk: Sidebar #4: Quantitative Risk Revisited January 28th, 2025

In part 1 of this series, I briefly covered quantitative risk measuring – assigning a numeric value to risk, like “$3,500”, rather than a qualitative label like “medium” – only to quickly recommend against trying it. In this final sidebar, I want to come back to this topic. I’ll spend a bit more time explaining what I see as the pros and cons of quantitative risk measurement – why you might or might not want to use numeric values over more simple risk matrixes.

Thinking About Risk: Sidebar #3: Two Flavors of Medium Risk January 17th, 2025

When you look at a likelihood/impact risk matrix, you might notice that “medium” appears twice – once as high-likelihood/low-impact, and once as low-likelihood/high-impact. These two “mediums” aren’t at all the same!

Thinking About Risk: Sidebar #2: The Swiss Cheese Model January 16th, 2025

In the real world, accidents happen when a series of small missteps align to create severe consequences. This is something we call the “Swiss Cheese Model”: imagining a systems failure as a set of “holes” in our layers of defense that all line up to create a series accident.

Thinking About Risk: Sidebar #1: "Exposure" January 15th, 2025

Risk is usually defined as the product of two factors: Likelihood and Impact. However, some disciplines include a third factor: Exposure. What’s that about, and when is it useful?

Thinking About Risk: Mitigation December 10th, 2024

So you’ve identified a risk — now what do you do about it? Here’s a simple framework to help frame discussions about risk mitigation. It’s intentionally very simple, a basic starting point. I’ll present a more complex framework later in this series, but I want to lay more of a foundation before I get there, so we’ll start here.

Thinking About Risk: An introduction to thinking about risk December 4th, 2024

Welcome to a new series about how to think about risk. This series is a crash course, a high-level introduction to the most important concepts and risk frameworks. It’s intended for people who encounter risk from time to time and need some basic tools, but don’t want to make a deep study of it. My hope is that it’ll help you better analyze risk when it comes up for you, and also make it easier to navigate conversations with risk professionals.

Free digital security checkups for people/organizations concerned about the incoming US government November 11th, 2024

If you — as an individual or a group — are re-assessing your digital security posture in light of the US election results, I’m available to help. I’m offering free digital security check-ups to anyone who feels like they need it now.

Why you should run for the DSF Board, and my goals for the DSF in 2025 October 18th, 2024

Applications are open for the 2025 Django Software Foundation Board of Directors – you can apply until October 25th. So, in this post I’ll do two things: try to convince you to run for the board, and document my goals and priorities for 2025.

If we had $1,000,000… October 8th, 2024

What would the Django Software Foundation look like if we had 4x our current budget?

Ethical Applications of AI to Public Sector Problems October 1st, 2024

There have been massive developments in AI in the last decade, and they’re changing what’s possible with software. There’s also been a huge amount of misunderstanding, hype, and outright bullshit. I believe that the advances in AI are real, will continue, and have promising applications in the public sector. But I also believe that there are clear “right” and “wrong” ways to apply AI to public sector problems.

All I Need to Know About Engineering Leadership I Learned From Leave No Trace July 12th, 2024

Sumana challenged me to apply the principles of Leave No Trace to engineering leadership, so here we go.

Paying More for Media June 11th, 2024

A new principle I’m trying to follow: we should be paying more for independent media. How I got there, and a list of the media I’m paying for.

Why I'm Not Writing a Productivity Series April 4th, 2024

I planned and started to write a series about personal productivity systems, but I’m abandoning the series. Here’s why.

Mentorship, coaching, sponsorship: three different — and equally important — tools for developing talent April 1st, 2024

One of the main responsibilities of a leader/manager is helping their staff develop. Mentorship, coaching, and sponsorship are import tools in the staff development toolbox. Good leaders should be adept in all three, and know when (and when not) to use each. In my work with new managers, I sometimes see confusion about these three different tools, and I see people using them in the wrong circumstances. So here’s a glossary, a high-level explanation of what these three things are, how they differ, and where to use them.

Discussing Open Source funding and sustainability on the Sustain podcast March 29th, 2024

I was invited on the Sustain podcast to discuss my recent rant about open source sustainability. I talked about my reaction to the criticism that open source maintainers receive when they take funding, and how this is a personal issue for me – maintainers aren’t abstract ideas to me, they’re my friends. We discussed my call for a more expansive definition of open source, and got into some of the nuance about some of the problems this can cause.

Talking about Django's history and future on Django Chat March 20th, 2024

I was on the Django Chat podcast to about Django’s history, the creation of the DSF, my recent return to the DSF board and my goals there, and the things I’m excited about for Django going forward. Here are some highlights from the interview.

So you've been reorg'd... March 12th, 2024

I’ve been through close to a dozen reorgs. This article contains the advice I wish I’d been given earlier in my career when I didn’t yet have that experience. Reorgs are disruptive, and nobody really tells you what to do in the wake of one. It’s easy to feel adrift, scared for your future, and uncertain about how to behave. Some of that fear is warranted: your job security probably goes down in the months following a reorg. But confusion and chaos aren’t necessarily signs that the reorg will go poorly, and there are things you can do to help give you and your team a better chance of emerging successfully.

Full Archive →