Writing
IQ isn’t enough to get hired 2 weeks, 5 days ago
I’ve interviewed hundreds of people for technical roles, and a pattern has emerged. In general, we reject many more candidates for social skills than for technical competence. In fact, most technical interview funnels are arranged so that technical screens are earlier. This means that if you reach an interview, you’ve …
Goals aren’t enough; you have to talk about performance, too 3 weeks ago
Craig recently wrote about his mixed opinions about OKRs. The crux of his argument, I think, is that communicating goals is the important thing, and that OKRs are a heavyweight tool (with limited success). I agree, somewhat; this post is a "yes, and": OKRs (when done well) do one other …
My interview kickoff script, annotated 4 months, 3 weeks ago
When I interview, I say nearly the same thing at the beginning of the interview. It’s a script I’ve practiced and honed over the years . It’s only eleven sentences, but each has a specific purposes. I’ve iterated on this for years, and it’s pretty tightly honed at this point. …
Hire me to help you hire 4 months, 3 weeks ago
Do you have a growing engineering organization that needs help hiring effectively? I can help! I have consulting availability over the next few months to help organizations hire better. I can design your hiring process, write interview questions, teach staff how to interview successfully, or even run your hiring rounds. …
A bit of smart security design from Tiller 5 months ago
I’m trying out Tiller (a service that pulls financial transaction data into Google Sheets), and there’s a nifty bit of security design. Instead of its own authentication, you login via Google. This means Tiller doesn’t need to do any account management, and my account’s as secure as my Google account. …
Speaking
How to Ace a Technical Interview 2 months ago
A keynote I gave at PyCon APAC 2019
Let's build a web framework! 1 year, 11 months ago
A tutorial I gave at PyCon US 2017
Implementing multi-factor authentication 3 years, 1 month ago
A talk I gave at dotSecurity 2016
Django's request/response cycle 3 years, 5 months ago
A talk I gave at Django Under The Hood 2015
Heroku Under The Hood 3 years, 5 months ago
A tutorial I gave at Django Under The Hood 2015
HTTP in Django 3 years, 5 months ago
A talk I gave at Django Under The Hood 2015
Minimum Viable Security 3 years, 7 months ago
A talk I gave at DjangoCon US 2015
Keynote 4 years ago
A keynote I gave at PyCon US 2015
Elsewhere
📌 If You Say Something Is “Likely,” How Likely Do People Think It Is?
Mapping vague words (“likely”, “probably”, “never”) to specific probabilities. Very useful for training and calibrating forecasters. #
📌 Bringing Okta to Massdrop – Zander – Medium
Details on how a fully-automated, SSO-and-2FA-everywhere account security system works. Zander now runs IT for HackerOne, and I’ve been blown away by how great the IT security is here. #
📌 Engineering dive into Slack Enterprise Key Management
Slack’s EKM is an incredibly promising model for B2B services. It gives customers much more control over how data is stored and retained, and seems to reduce risks of sensitive data on 3rd-party servers. I haven’t dug super-deep into the details, and I’m sure there are potential problems and downsides. But, I love the model, and hope it’s the start of a trend. #
📌 Starting Up Security
The collected security writings of Ryan McGeehan (@magoo). These used to be on Medium where there were really hard to find; here they are all in one place. These articles are a tremendous resource for anyone building a security team/organization/practice; highly recommended. #
📌 Jessie Frazelle's Blog: Defining a Distinguished Engineer
This is perhaps the single best description of what a senior technical IC looks like. It’s Engineering-oriented but could apply to nearly any technical role. #