Early in the work that I did at Akamai on data destruction, we built a very casual sort of threat model, but we never worked it up in any more rigorous fashion, which would have allowed us to talk consistently about the threats we were concerned about. We still managed to deliver a coherent solution, but I think it’s worth formalizing exactly what we were trying to achieve.
It’s very easy to get distracted by the spy-games aspect of data destruction. Everybody brings up thermite when I mention the topic. This DEF CON presentation by my friend Zoz a few years ago suggests the limits of it as a practical solution. In reality, somebody pulling your data off with a SATA cable because you forgot to wipe the drive before disposing of it is always your biggest worry.
I can’t believe I haven’t posted about this until now! Straight-up slipped my mind.
I have an article published in Increment, Stripe’s software engineering magazine. The latest issue is themed around Security, and in it I talk about threat modeling, particularly in a software-as-a-service context. It’s based a lot on the work at Akamai that I talk about here from time to time.
From the article:
Threat modeling is one of the most important parts of the everyday practice of security, at companies large and small. It’s also one of the most commonly misunderstood. Whole books have been written about threat modeling, and there are many different methodologies for doing it, but I’ve seen few of them used in practice. They are usually slow, time-consuming, and require a lot of expertise.
This complexity obscures a simple truth: Threat modeling is just the process of answering a few straightforward questions about any system you’re trying to build or extend.
(Oddly enough, this is my first paid professional long-form writing ever. It was extremely good to work with Sid Orlando and team at Increment—I had the best first-time author experience I could possibly have hoped for. If you have stuff to write about which is related to their upcoming topics, I can’t recommend pitching them enough.)
I’m in the process of negotiating offers for my next role now. One of the things I’ve learned the hard way is how important good management is—especially for me, since I’m kind of a hard case, but in general. It’s said that people leave managers, not companies, and I know that that’s been true of my experience. It turned out that I got very lucky in my early jobs, and up until recently my first managers were my high water mark.
Unfortunately the traditional job interview doesn’t give much time over to learn about the person who would be managing you. (Sometimes you don’t even meet with them.) While you as the candidate are always implicitly interviewing your interviewers, it’s nice to have time set aside to it.
Mudge had not yet signed on as the new head of security when I got the offer from Stripe, but the recruiting team had told me he was considering it, and I knew I didn’t want to sign on to a new team without talking with the person I’d be reporting to.
I knew Mudge only by reputation and vaguely at that, and I didn’t want to join a team only to have some new manager come in and clean house and install all their own people. I delayed accepting until Mudge was ready to talk, and then we had a long phone conversation where I effectively interviewed him as my new manager. (He was great, it turned out. 🙂
Going through the process again now, I’ve come back to these questions, and I’m going through the same process with my new potential managers. It’s proving extremely fruitful.
Here’s what I’m asking:
What is your vision for the organization?
Where do you see the organization fitting in the overall picture at the company?
Where do you want the organization to grow?
What’s your plan for scaling the organization?
What do you like in a manager?
What do you dislike in a manager?
How do you view your relationship with the people who work for you?
What is your philosophy of management?
What makes you excited to come to work every day?
Can you tell me about a specific time that you were wrong, and how you handled it?
You have two employees who don’t get along. What’s your approach?
Have you handled harassment complaints before (sexual or otherwise)? What happened?
You have an employee who’s struggling. How do you handle that?
What do career paths forward look like for this position?
How much support is here to present at conferences/other professional development?
What are your preferences around hours/work from home?
How much contact do you need from the folks who work for you?
What problems do you see facing the company over the next three years
What problems do you see facing the industry over the next three years?
Interviewing your prospective manager is absolutely something you can and should do, and these are questions I’ve found useful.
Is there something I’ve missed that you like to ask about? Leave a comment!
It gets at something fundamental. What is it that makes software safety so hard?
A couple years ago, at the March 2016 STAMP Workshop in Cambridge, Massachusetts I gave a talk titled “Safety Thinking in Cloud Software: Challenges and Opportunities” where I tried to answer that. (As always, I talk about work here but don’t speak on behalf of any former employer.) What follows is based on my notes for that talk.
I just sent an unintentionally blistering response to a Facebook recruiter. Having invested the time in writing it, I remembered that I have a very disused blog, and perhaps people reading here would find it useful, either as fodder for your own such messages, or as a snapshot of my concerns regarding Facebook and fascism in America in 2018. If either of these apply to you, enjoy.