Featured Post

Notes and takeaways from Software Engineering at Google

    I really enjoyed and learned a lot from this book.  I noted that, as is the case with many O'Reilly books about best practices at Google, different people will find various chapters more/less interesting and pertinent to them. Below are the excerpts that I found most pertinent.   Leadership Contrary to some people’s instincts, leaders who admit mistakes are more respected, not less.
 If you perform a root-cause analysis on almost any social conflict, you can ultimately trace it back to a lack of humility, respect, and/or trust.
 Your organization needs a culture of learning, which requires creating psychological safety that permits people to admit to a lack of knowledge.
 If you try to achieve an impossible goal, there’s a good chance you’ll fail, but if you fail to try to achieve the impossible, you’ll most likely accomplish far more than you would have accomplished had you merely attempted something you knew you could complete.
 “Sometimes you get to be the tooth fairy, other

Talk on engineering productivity, metrics, and morale

You will find below my talk (sponsored by non-profit in Singapore) on engineering productivity, metrics, and morale.  The questions were awesome. 😎 Recording   Slides      

Security Shouldn't be a Secret. Why Transparency Matters

 Security Shouldn't be a Secret. Why Transparency Matters   Two discussions on this topic are below.   Interview with Security Weekly podcast Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.  In this interview, we will be talking about how transparency practices can lead to improved security. With transparency being one of our core values at GitLab, we will talk about the processes we have implemented to maintain our security stance while operating with the highest possible public transparency and how you can apply them to your enterprise to achieve increased security and transparency.  Recording:  ISSA webinar Security can

Nice to see this patent application I worked on with a peer published by the USPTO

Systems and Methods for Distributed Extended Common Vulnerabilities and Exposures Data Management Abstract In one aspect, the present disclosure is directed to systems and methods for validating and securely storing security entry updates. The security entry update is received from a contributor, and broadcast to a plurality of computing nodes. It then is determined whether to validate the received security update at each computing node of the plurality of computing nodes. If the received security entry update is validated, information relating to the received security update is added as transaction information in a current block, the current block is included in a blockchain that is stored in a datastore of each computing

Kali Linux moves to GitLab

I am thrilled to see the article on Kali moving to GitLab finally published.  It was great to collaborate with the folks from Kali as I have been a fan of it for years! How GitLab helped Kali Linux attract a growing number of community contributions Since moving to GitLab in 2019, Kali Linux has gone from company-only contributions to a growing number of community contributions. Kali Linux is a well-loved Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. We sat down with Ben Wilson ( @g0tmi1k ), senior developer at Kali, to hear more about why Kali Linux moved to GitLab and see if they've noticed any changes to their project since adopting GitLab as their DevOps solution. ... Full blog here:

The psychology of influence and hacking growth

 I finished two books recently on the related topics of hacking growth and the psychology of influence.   My notes and excerpts are below.  They surely do not do the books justice as the books include essential details and great stories about these concepts in action. They also discuss how to influence others (with good intentions or bad intentions).  The influence book also includes recognizing when someone is attempting to influence you and how to react accordingly. Influence: The Psychology of Persuasion I highly recommend this book for everyone who wants to influence others or detect when someone is attempting to manipulate them. Influence patterns The primary influencing patterns are:     •    Reciprocation
     •    Commitment & consistency
     •    Social proof
     •    Liking
     •    Authority
     •    Scarcity
 Reciprocation The reciprocation rule says that we should try to repay, in kind, what another person has provided us. Moocher and welsher are unsavory labels to

Talk like TED

I have always admired the power and effectiveness of TED talks.  This book was a quick read and helped to reinforce the best practices that the most successful TED presenters employ. My notes and key excerpts are below.   Unleash the master within Dig deep to identify your unique and meaningful connection to your presentation topic. “Nothing great has ever been achieved without enthusiasm.” - Ralph Waldo Emerson Master the art of storytelling You need data, facts, and analysis to challenge people, but you also need narrative to get people comfortable enough to care about the community that you are advocating for. Your audience needs to be willing to go with you on a journey.” Aristotle believed that persuasion occurs when three components are represented: ethos, logos, and pathos. Ethos is credibility. We tend to agree with people whom we respect for their achievements, title, experience, etc. Logos is the means of persuasion through logic, data, and statistics. Pathos is the act of