I have over a decade of experience in engineering leadership roles, including as a functional lead, architect, manager, and director. Right now, I’m serving a term at 18F, where I’ve served as Engineering Security Lead, and now Engineering Supervisor. Prior to that, I was Director of Security at Heroku. I’m also the co-owner of Revolution Systems, and a core developer and co-creator of Django, an open-source Python-based web framework used by thousands of companies and developers across the Internet.

Employment History

Engineering Supervisor, 18F

August 2016 — Present

Supervisor for one quarter of the Engineering organization (12-15 engineers), including two assistant managers. Responsible for regular check-ins, feedback on performance, coaching staffing on improving technical and interpersonal skills, performance reviews, and promotions/raises. As part of the Engineering Leadership team, responsible for grading and promotion standards, organization- wide management practices like one-on-ones and feedback mechanisms, hiring, and project staffing.

  • Re-built Engineering’s hiring process, including creating and improving standard hiring criteria, interview guides, technical assignments for candidates, and training interviewers in interviewing techniques.
  • Published these hiring guides publicly to help improve the inclusivity of our hiring process, and spread hiring best practices throughout government and private industry.
  • Led hiring for the Engineering chapter, including leading interviews for multiple positions, selecting and training interview panels, and making final hire/no-hire decisions.
  • Led the creation and launch of the TTS Bug Bounty, the first security bug bounty run by a civilian government agency. Served as Project Manager post- launch. Published policies and procurement documentation to guide other agencies in adopting their own Bug Bounties.
  • Advocated for Bug Bounties and Vulnerability Disclosure Policies throughout government, including briefing the Federal CIO Council and the US Senate Homeland Security & Governmental Affairs Committee.

Security Lead, 18F

March 2016 - March 2017

Functional lead for Security on 18F’s Engineering team. Responsible for improving the security engineering practices at 18F, and providing expert assistance on secure engineering to teams and engineers.

  • Started and led 18F’s Security Working Group, responsible for tracking and coordinating Information Security-related work across 18F.
  • Led hiring for security engineers, a new role at 18F. Created role description, led hiring, and developed performance plans.
  • Provided security assistance to various 18F product teams, including cloud.gov, and login.gov.
  • Provided security and DevOps consulting to California Child Welfare Digital Services.
  • Developed incident response guides for 18F, and for the cloud.gov team. Conducted tabletop exercises to train teams in their use.
  • Trained project teams, most notably login.gov, on the use of STRIDE-based threat modeling techniques, and helped them integrate proactive security work into their workflow.

Director of Security, Heroku

May 2013 - January 2016

Led Heroku’s Security team. Accountable for information security at the company, as well as responsible for building a security product for millions of apps running on the world’s biggest PaaS. Managed a team of 8-10 security engineers, with major areas of responsibility in Product Security, Incident Response, and Risk/Compliance.

  • Built Heroku’s formal security programs from scratch, covering Product Security, Incident Response, and Risk/Compliance. Hired and and built a team to support these programs.
  • Led substantial gains in our security and compliance posture, which directly translated to increased Enterprise sales and ability to launch new security- focused products.
  • Led major engineering initiatives to increase our defensive security, such as adoption of 2FA across all services, increased visibility into production systems, and quicker and easier software updates. These improvements prevented a minor breach from getting worse, and vastly sped up our organizational response to critical security vulnerabilities like Heartbleed.
  • Served as Project Manager on many cross-organization projects, including substantial compliance and security projects (Safe Harbor, PCI, HIPAA, internal security benchmarks).
  • As part of the Engineering Leadership team, helped establish grading and promotion standards, built organization-wide management practices like one-on- ones and feedback mechanisms, and participated in designing and implementing our overall Product and Engineering structure and workflow.
  • Brought Heroku’s security practices into alignment with the standards established by our parent organization, Salesforce.com, an industry-leader in Trust and Security.

Partner, Revolution Systems

March 2009 — Present

Co-owner of Revolution Systems, a consultancy specializing in web application scalability. Responsible for consoling with clients on hardening and scaling existing systems, including training, technical team-building, consulting on systems design and high-level strategy. Clients include: LexisNexis, National Geographic, USA Today, DealerTrack, Threadless, Cox Media Group, Urban Airship, Wharton Business School.

  • Increased revenues 10-fold since joining as partner.
  • Hired and managed a team of 5 staff engineers, as well as occasional subcontractors.
  • Served as a “virtual CTO” for several clients, helping to recruit and build teams or engineering organizations as small as 5 and as large as 1,500 staff.
  • Trained organizations in Python, Django, PostgreSQL, and related technologies.
  • Wrote web applications to client specifications using Python, Django, PostgreSQL, JavaScript, and related technology.

Software Architect, Whiskey Media

March 2008 - February 2009

Served as the Django expert for the engineering team building a content management system backing GiantBomb.com, Tested.com, and others.

  • Led development and release of Django 1.0.
  • Advised the company on how best use Django to save time and money, and assisted other engineers in learning and improving their Python/Django skills.

Lead Developer, Lawrence Journal-World

August 2005 - August 2008

Lead developer on Ellington, a news publishing platform build in Python/Django.

  • Commercialized the platform, growing it from an internal project to a commercial product used by multiple news organizations
  • Responsible for the overall technical design and philosophy of Ellington and related tool.

Web Developer, Lawrence Journal-World

August 2004 - August 2005

Developer on Ellington, a news publishing platform build in Python/Django.

  • Developed news applications and content management systems for Journal-Worlds news properties (LJWorld.com, Lawrence.com, KUSports.com).
  • Released Django as open source in July 2005.

Lead Developer, ID Society

November 2003 - August 2004

Developed an in-house CMS framework in PHP for our design clients. Clients included Grand Marnier USA, Johnnie Walker Black Label, and USA Networks.

Software Developer, Radar/Digital Systems

January 2000 - July 2003

Led the design and development of a web-based wide-area video monitoring system marketed to harbors, airports and transportation companies. Clients include the Santa Cruz Harbor, the Port of Los Angeles, and CalTrans.

Volunteer / Open Source Experience

Core Team, Django

July 2005 — Present
  • Part of the original team that created Django in 2004-2005.
  • Led development until January 2014, continuing as part of the core team since.
  • Wrote the Django Code of Conduct, becoming one of the first major open source projects to adopt a Code of Conduct. Our version has since been forked and re- used by several other open source communities.

Founder and President, Django Software Foundation

2008 — 2010

Founded the Django Software Foundation in 2008. Served as President until 2010, and as a Board Member until 2012.

Education

BA, English, University of California, Santa Cruz, 2003.