Engineering Supervisor, 18F
Supervisor for one quarter of the Engineering organization (12-15 engineers), including two assistant managers. Responsible for regular check-ins, feedback on performance, coaching staffing on improving technical and interpersonal skills, performance reviews, and promotions/raises. As part of the Engineering Leadership team, responsible for grading and promotion standards, organization- wide management practices like one-on-ones and feedback mechanisms, hiring, and project staffing.
- Re-built Engineering’s hiring process, including creating and improving standard hiring criteria, interview guides, technical assignments for candidates, and training interviewers in interviewing techniques.
- Published these hiring guides publicly to help improve the inclusivity of our hiring process, and spread hiring best practices throughout government and private industry.
- Led hiring for the Engineering chapter, including leading interviews for multiple positions, selecting and training interview panels, and making final hire/no-hire decisions.
- Led the creation and launch of the TTS Bug Bounty, the first security bug bounty run by a civilian government agency. Served as Project Manager post- launch. Published policies and procurement documentation to guide other agencies in adopting their own Bug Bounties.
- Advocated for Bug Bounties and Vulnerability Disclosure Policies throughout government, including briefing the Federal CIO Council and the US Senate Homeland Security & Governmental Affairs Committee.
Security Lead, 18F
Functional lead for Security on 18F’s Engineering team. Responsible for improving the security engineering practices at 18F, and providing expert assistance on secure engineering to teams and engineers.
- Started and led 18F’s Security Working Group, responsible for tracking and coordinating Information Security-related work across 18F.
- Led hiring for security engineers, a new role at 18F. Created role description, led hiring, and developed performance plans.
- Provided security assistance to various 18F product teams, including cloud.gov, and login.gov.
- Provided security and DevOps consulting to California Child Welfare Digital Services.
- Developed incident response guides for 18F, and for the cloud.gov team. Conducted tabletop exercises to train teams in their use.
- Trained project teams, most notably login.gov, on the use of STRIDE-based threat modeling techniques, and helped them integrate proactive security work into their workflow.
Director of Security, Heroku
Led Heroku’s Security team. Accountable for information security at the company, as well as responsible for building a security product for millions of apps running on the world’s biggest PaaS. Managed a team of 8-10 security engineers, with major areas of responsibility in Product Security, Incident Response, and Risk/Compliance.
- Built Heroku’s formal security programs from scratch, covering Product Security, Incident Response, and Risk/Compliance. Hired and and built a team to support these programs.
- Led substantial gains in our security and compliance posture, which directly translated to increased Enterprise sales and ability to launch new security- focused products.
- Led major engineering initiatives to increase our defensive security, such as adoption of 2FA across all services, increased visibility into production systems, and quicker and easier software updates. These improvements prevented a minor breach from getting worse, and vastly sped up our organizational response to critical security vulnerabilities like Heartbleed.
- Served as Project Manager on many cross-organization projects, including substantial compliance and security projects (Safe Harbor, PCI, HIPAA, internal security benchmarks).
- As part of the Engineering Leadership team, helped establish grading and promotion standards, built organization-wide management practices like one-on- ones and feedback mechanisms, and participated in designing and implementing our overall Product and Engineering structure and workflow.
- Brought Heroku’s security practices into alignment with the standards established by our parent organization, Salesforce.com, an industry-leader in Trust and Security.
Partner, Revolution Systems
Co-owner of Revolution Systems, a consultancy specializing in web application scalability. Responsible for consoling with clients on hardening and scaling existing systems, including training, technical team-building, consulting on systems design and high-level strategy. Clients include: LexisNexis, National Geographic, USA Today, DealerTrack, Threadless, Cox Media Group, Urban Airship, Wharton Business School.
- Increased revenues 10-fold since joining as partner.
- Hired and managed a team of 5 staff engineers, as well as occasional subcontractors.
- Served as a “virtual CTO” for several clients, helping to recruit and build teams or engineering organizations as small as 5 and as large as 1,500 staff.
- Trained organizations in Python, Django, PostgreSQL, and related technologies.
Software Architect, Whiskey Media
Served as the Django expert for the engineering team building a content management system backing GiantBomb.com, Tested.com, and others.
- Led development and release of Django 1.0.
- Advised the company on how best use Django to save time and money, and assisted other engineers in learning and improving their Python/Django skills.
Lead Developer, Lawrence Journal-World
Lead developer on Ellington, a news publishing platform build in Python/Django.
- Commercialized the platform, growing it from an internal project to a commercial product used by multiple news organizations
- Responsible for the overall technical design and philosophy of Ellington and related tool.
Web Developer, Lawrence Journal-World
Developer on Ellington, a news publishing platform build in Python/Django.
- Developed news applications and content management systems for Journal-Worlds news properties (LJWorld.com, Lawrence.com, KUSports.com).
- Released Django as open source in July 2005.
Lead Developer, ID Society
Developed an in-house CMS framework in PHP for our design clients. Clients included Grand Marnier USA, Johnnie Walker Black Label, and USA Networks.
Software Developer, Radar/Digital Systems
Led the design and development of a web-based wide-area video monitoring system marketed to harbors, airports and transportation companies. Clients include the Santa Cruz Harbor, the Port of Los Angeles, and CalTrans.
Volunteer / Open Source Experience
Core Team, Django
- Part of the original team that created Django in 2004-2005.
- Led development until January 2014, continuing as part of the core team since.
- Wrote the Django Code of Conduct, becoming one of the first major open source projects to adopt a Code of Conduct. Our version has since been forked and re- used by several other open source communities.
Founder and President, Django Software Foundation
Founded the Django Software Foundation in 2008. Served as President until 2010, and as a Board Member until 2012.
BA, English, University of California, Santa Cruz, 2003.