Security READMEs


Byron's README

This page is intended to help others understand what it might be like to work with me, especially people who haven’t worked with me before.

It’s also a well-intentioned effort at building some trust by being intentionally vulnerable, and to share my ideas of a good working relationship to improve the experience of working with others.

Please feel free to contribute to this page by opening a merge request.

  1. LinkedIn Profile - https://www.linkedin.com/in/byronboots/
  2. My CliftonStrengths Top 5 (in order)
    1. Learner
    2. Achiever
    3. Intellection
    4. Analytical
    5. Relator
  3. My 16Personalities - Logician (INTP-A / INTP-T)
  4. GitLab Profile - @byronboots

About me

  • I care deeply about doing good and meaningful work that has an impact
  • I’ve lived in or around the PNW for much of my life however have traveled significantly and spent extended periods of time in many places through personal and work travel.
  • Outside of work I run a lot. It started as a way to try something that I don’t particularly enjoy and stay fit. Since then it has taken much of my free time with many high-mileage weeks and long races. I still wouldn’t say I enjoy running but I appreciate what it does for me as a great way to pass the time and think through problems and push myself. Running is the epitome of getting out what you put in and I appreciate that especially. When I race or run long, I don’t listen to music, podcasts, or anything else. I rarely have hours and hours of waking time without some sort of screen, be it entertainment or notifications, so I hold that time very tightly away from those things.
  • I really like to play golf and tennis for the fun they bring and the mental challenge. I appreciate the individuality of both sports.
  • If I’m at any sort of event or party and there’s a dog. I’m likely to spend more time with the dog than any other people there.
  • When I’m done working a goal of mine is to sail around the world.

My working style (MWS) / How you can help me (HYCHM)

Communication efficiency

  • MWS - I tend to internalize a lot of information and analyze it quickly. I would prefer to have more detail/data than not in almost every circumstance so I can parse and determine what information I feel is relevant. In a synchronous meeting this comes out as quickly formulated responses with possibly minimal context as to how I arrived there. If I sense we’re not aligned or I’m not understood, this can lead to a long-winded explanation where I dissect a topic deeply. In async communication this may come across with a large amount of text including assumptions, rationale and examples - far more context than you may have anticipated or needed. It may also make you feel as though I care deeply about the topic and have a strong stance when that may not necessarily be the case, I may just be trying share my thoughts.
  • HYCHM - In synchronous meetings, if you feel we’re aligned or you understand me, acknowledge it and consider repeating my stance so I know we’re communicating clearly. This will help me from feeling like I need to go deeper. I also am always working to better myself in this area and have tried injecting more “checks” into meetings to determine alignment so I know whether or not I need to go deeper. In async communication, it can be very difficult to know how much someone understands about a topic and it’s very easy to misinterpret. For me, there’s few things as frustrating as a response to a question of mine that contains a few word response whereas I required detail and context, so now I’m left following up or trying to piece together more puzzle pieces that could’ve been easily shared. For this reason I tend to draft lengthy text responses including assumptions, rationale and examples, all in an attempt to make very clear my thought process and provide details to others so they can draw different conclusions and challenge me. To help me, if your async question doesn’t require all that information, let me know as part of the question or frame the question to be closed (“my understanding is this, do you agree or disagree?“l) and avoid asking open ended questions when all you need is a closed response. This will help me be more efficient and make me feel better than just having a “Thanks!” response from you after a wall of text I wrote. This will also help eliminate confusion that my wall of text means I have a strong stance on a topic as much of that may be driven by me just wanting to clearly communicate.

More communication efficiency

  • MWS - Given my tendency to desire consuming any and all data and then framing my explanations with lots of context. If you do have several open ended questions on a new topic I’d prefer a quick synchronous conversation. It’ll be faster for me likely than drafting a long response and I can gauge your understanding and intent better. This doesn’t mean I’m not async first at all, I don’t want a calendar of meetings, but generally if the conversation starts sync and moves async we can both know the foot the other is starting from and be more efficient.
  • HYCHM - Schedule a meeting and add an agenda. I’m fine with 15 minute meetings or even shorter. I’ll do my best to accommodate other timezones and schedules and am generally online much earlier than my posted working hours so a slack to check a time is very welcome. If I can resolve the question in the agenda directly, I’ll try and do that and we may never actually need the meeting but this style of work helps me from toiling over a long issue comment that could be handled in a short call.

Let’s collaborate

  • MWS - Again on the data piece. I love data and appreciate other people sharing their data. For me, if we’re both sharing our data, assumptions, context, and rationale we can challenge the other from a more informed perspective. It’s easier for me to “buy in” to a decision if I know where the decision is coming from and how we arrived there.
  • HYCHM - If you want my input and want to collaborate, please share your data. If that’s easiest done through a meeting, that’s wonderful. If done async, that’s wonderful as well.

Give me the why

  • MWS - As noted above, it’s easier for me to “buy in” to a decision if I know where the decision is coming from and how we arrived there. For that reason, if you want me to buy in please share. I will do good work being told to do something. I will do my best work if I understand why we’re doing something (and ideally if I’ve had input in the decision making process, but the “why” is enough). This doesn’t mean that I’ll agree with every decision (disagree, commit, and disagree is one of my favorite subvalues) but knowing the reason behind why we’re doing something helps me immensely.
  • HYCHM - Share your thought process with me and own disagreements or flaws, I will always try to do the same. I’m not naive enough to think every decision made in or around work is one I’ll agree with but you can help me commit fully by sharing how you arrived at a decision and owning disagreements or flaws. One of my favorite leader relationships in my career has been a leader of mine that disagreed on numerous things with me. I was the one “doing the work” pointing out flaws and gaps in a process etc. and felt as though they were disconnected from the possible impacts of the decision. The leader did an excellent job of acknowledging those flaws and gaps and making it very clear that they not only owned the responsibility of making a decision but owned all of the flaws and gaps that may arise as part of the decision. This ownership and acknowledgement helped me to feel confident in the decision making process which further helped me perform good work.

If you already know what you want, tell me

  • MWS - I love to own my work, or not. I’m not fond of backseat drivers. What I mean by this is that while I’d much prefer to own my work and the decisions and responsibilities that come with that, I feel equally as strongly that if I’m not going to “own” the work, the work to be done needs to be clearly articulated so I can execute. This doesn’t mean I don’t like to collaborate, I greatly enjoy collaborating and most of all learning from others. I do dislike being assigned open ended work with minimal direction and then producing work only to have it needing change because it’s not what the assigner had in mind. I feel strongly that if a clear vision is already had for some work, even if it is a clear vision of what NOT to do, that vision should be communicated so I don’t “own” the work only to realize a vision for the work already existed but wasn’t communicated.
  • HYCHM - Clearly distinguish between whether the work is mine to own entirely or whether I’m only acting as the “hands and feet” to execute a task. A hybrid of those two bodies of work is most common but clearly communicating which parts of the work are mine to own vs. non-negotiable “needs to be done a certain way” will go a long way to keeping me happy throughout the work. If you have a specific deliverable you need but don’t care how that deliverable gets put together, communicate that. If you care how an analysis is done but not the way it is presented, communicate that. And even if you care about both components, how the work gets done and how it is presented, communicate that. I’ll be happier spending less time knowing exactly what to produce so I can return to those areas of work that I own, faster.

What I assume about others

  • I assume you also want to own your work and when you do, you’re analyzing all available data to make the best decisions.

What I want to earn and learn

  • I want to earn your trust and respect to be a knowledgeable and helpful person that you can engage on topics I’m familiar or simply to be a resource of support
  • My #1 CliftonStrength is “Learner” - I am motivated by learning new things and rarely will disregard something I don’t understand as something not worth learning. I want to learn and greatly appreciate those that can teach and help me understand more areas I’m not familiar.

Communicating with me

  • I am happy to communicate through any medium sync or async. If there’s significant data to be consumed I’d prefer reviewing async but then happy to proceed with communicating through whatever mode you find most appropriate.
  • If I’m very lost on a topic, I’ll generally look to setup some sync time to realign.
  • I prefer GitLab for communications UNLESS a decision needs to be made quickly, then I’d prefer Slack. Even better for “urgent” but async conversations is an issue with the conversation and a slack message letting me know you’ve commented. I have no problem with an @byronboots in a GitLab issue comment followed by a quick slack message in a channel letting me know there’s a new comment. If it’s not “urgent”, just the GitLab issue comment is sufficient but feel free to send a follow-up if I’m not responding quickly enough for your needs.
  • I’d prefer you didn’t DM me in Slack if the conversation can be in a channel. I won’t be upset by a DM ever but if all my work happens in DMs it’s hard to show what I’m working on for visibility and even more importantly, it’s hard to tag in others if help is needed. If we start a conversation in the DMs and there’s a natural break, I may try to resume the conversation in a Slack channel. If you’d prefer it didn’t move, just comment “sent you a DM” in the channel reply and we can move it back to the DMs. This obviously does not apply if sharing feedback that may be interpreted negatively. Celebrate publicly, critique privately.
  • I have Slack on my phone except sometimes on extended PTO. I don’t have email or GitLab logins on my phone. If you really don’t want me to see something until I’m back from PTO or at my computer again, put it in an issue. If you really want me to see an issue or something else internal and I’m not by my computer, you’ll need to screenshot it, I can’t access anything work related that is private on my phone.
  • I keep Slack up to date pretty well with my status be it out for a dog walk or in a meeting.

Strengths / Weaknesses

  • I can dive very deeply into work I’m motivated by. This can result in pushing myself too hard so when a less motivating task comes along I’m likely to push it aside as much as I can (knowing the why behind the task can help combat this). Balancing my efforts can be a challenge. Working long/weird hours can make others feel that they need to do so as well which is not my intention.
  • From the “Learner” CliftonStrengths description - “Discovering new ways to use your talents energizes you. You are likely to escape from situations and avoid people who want you to keep doing what you already know how to do well. Maintaining an intellectual status quo is unacceptable to you.” This translates directly into me wanting to learn and try and build new things and I greatly dislike operating sub-par processes for the sake of not wanting to risk trying something better/different. For others this may be interpreted as being unhappy in my current situation. I am fairly good at communicating when I want to do something new.
Joseph Longo README

My working style

  • I don’t like to micro-manage. As long as results are being delivered, I try to give others the freedom to operate on their terms. If you require additional instructions or guidance in order to complete a task, don’t hesitate to ask. I try to tailor my management and working style to the different individuals I am working with.
  • I tend to ask a lot of questions to ensure I have the full context before making a decision. The more information you can provide, the faster and easier the decision making process will be for me.
  • I strive to empower my team and help them reach their full potential. If there are topics or cross-functional areas that you’re interested in, let me know, and we’ll find a way to help you engage in those topics and reach your goals.

For your situational awareness (FYSA)

  • I tend to overexplain sometimes. I put a lot of thought into decisions I make, and when conveying those decisions, I often explain the entire journey I took to come to reach the end. If this happens, and it’s not valuable to you, please don’t hesitate to stop me and ask for the Cliffs Notes version.
  • When I’m busy, I will often look at Slack messages or emails and mark them as unread. While I intend to follow up on those messages when my bandwidth increases, I can sometimes forget. Don’t hesitate to send me a reminder if you haven’t received a response within your expected window.

Communication

  • I always appreciate brutal honesty. Direct communication is the quickest way for me to learn and make changes.
  • I’m always monitoring Slack and email. Feel free to reach out at any time.
  • I’m a big supporter of asynchronous communication, but I also believe a quick call or Slack huddle (< 5 mins.) can sometimes be the more efficient way to solve a problem. Don’t be afraid to propose a call, I’ll let you know if async works better at that time.
Josh Lemos README

Summary

Everything starts with people, without which we would not have organizational leadership. Humans are the most interesting and difficult part of building and supporting any business enterprise or technological advancement. Our goals as leaders is to create and maintain environments where brilliant people can thrive and drive incredible outcomes. We must foster a culture in which everyone has an opportunity to meaningfully contribute.

Values

  • Agency - Believe in delegating decisions as close to the problem space as possible and empowering teams and leaders to make the right decisions.
  • Candor - High fidelity information is the lifeblood of decision making. Team members must be able to speak candidly assuming positive intent.
  • Integrity - Maintain a high bar for accountability and act in good faith regardless of the possible audience or headwinds.
  • Ownership - When people feel ownership of a problem or objective the likelihood of success increases exponentially.
  • Teamwork - Scaling and building complex systems requires teamwork. Recognizing and embracing both strengths and being open about growth areas is essential to building high-performing teams.
  • Transparency - Disseminating information to leaders freely and openly where possible.

Working Style & Approach

  • Prefer long-form documents or issues which are context rich over slides and presentations. Find this especially useful when a decision is required. Documentation can clearly articulate the various options and trade-offs and provides a record as to why a specific option was selected.
  • When problem solving (and I love helping teams solve problems) I will encourge first principles thinking. I value data driven approaches and will often go back to the data for insights.
  • Empower team members throughout the organization affording everyone maximum opportunity and autonomy.
  • Default to having information pushed to me and try to minimize information requests. Frequent requests for information are often signal to indicate there is a gap in our status reporting processes.
  • Identify the right opportunities to assist, leaving space for others to step-up and further their development.
  • Mentorship, sponsorship and development of leaders, helping to realize their full potential through active coaching and candid feedback
  • Connect-the-dots between the business objectives, OKRs and the security strategy with cascading goals throughout the information security organization
  • Mediate healthy disagreements, dialogue, and conflict while allowing the data to ground the conversation.
  • Ensure every goal has a Directly Responsible Individuals (DRIs) to drive accountability for everyone in the service of solving a problem or reaching an outcome. DRIs advocate for and own the problems and solutions in order to reach a positive result.
  • Embrace divergent perspectives. As a leader my voice can carry more weight at times so I will often speak last.

Flaws & Pitfalls

  • In the quest for continuous improvement I can over index on problems and spend too little time appreciating progress. It is something I coach leaders to do but can fail to take my own advice.
  • While I try to meet people where they are I can misjudge the amount of support an individual wants or needs. If you find yourself wanting more guidance or autonomy feel free to tell me where you want to set those agency boundaries.
  • At times I am quick to identify and advocate for a solution especially in problem areas where I have considerable experience or domain expertise. Feel free to encourage me to spend more time hosting the discussion before deciding on a solution.
  • Trained helplessness drives me crazy and I have little patience for it. Everyone is capable of affecting change. Don’t stay blocked!

Communication Preferences

  • Slack - By default Slack is the best way to engage. By default I will delay-send messages to deliver during the recipients working hours.-
  • Meetings - Designed for conversations which cannot be solved async. Must have an agenda and action items with DRIs. Document Comments - Preferred medium for meeting notes and artifacts. Tagging me in documents is sufficient, no need to email. Nudging - in Slack after a day or so is encouraged if there is a pressing deadline.
  • Email - Long form communications that should persist beyond the time limits of Slack and do not require an urgent response.
  • Phone/Signal/etc. - For urgent communication or emergency response off hours.
Julie Davila's README
Nick Malcolm's README
Security Engineer
Philippe Lafoucrière README

Philippe Lafoucrière’s README

About me

Hi! I’m a Security Architect at GitLab, which is a specialty on top of my Security Distinguished Engineer role.

I have an Engineering background, having graduated from the Université de Technologie de Compiègne (France) with a Master’s Degree in Computer Science. Nevertheless, my career almost involved an Entrepreneur aspect. This makes me a Jack of all trades and a master of none.

I have worked in various industries, ranging from telecoms to online betting.

Ty Dilbeck's README

Hi, I’m Ty, and you can read about me here

Last modified September 6, 2023: Replace taps with spaces (69f17a79)