Writing Archive

Favorites

• Work Sample Tests: A Framework for Good Work Sample Tests: Eight Rules for Fair Tests November 17th, 2021
• "Where did we get lucky?" February 4th, 2020
• You have two jobs November 1st, 2017
• Psychological safety in the InfoSec industry April 18th, 2016
• I refuse to tolerate assholes May 19th, 2011
• How the news breaks November 8th, 2006

2025

• Working in Between Public and Private October 18th, 2025
• Two Scenario Threat Modeling August 8th, 2025
• Comfort Scores: A risk mitigation tool for pre-trip briefings August 4th, 2025
• What if We Thought About Risk Decisions Differently? July 22nd, 2025
• Ultralight Heresies July 21st, 2025
• Potential causes of accidents in outdoor pursuits (the Meyer/Williamson matrix) June 17th, 2025
• Changing Directions June 3rd, 2025
• How to report a security issue in an open source project March 27th, 2025
• Beware tech career advice from old heads March 13th, 2025
• Thinking About Risk: Sidebar #4: Quantitative Risk Revisited January 28th, 2025
• Thinking About Risk: Sidebar #3: Two Flavors of Medium Risk January 17th, 2025
• Thinking About Risk: Sidebar #2: The Swiss Cheese Model January 16th, 2025
• Thinking About Risk: Sidebar #1: "Exposure" January 15th, 2025

2024

• Thinking About Risk: Mitigation December 10th, 2024
• Thinking About Risk: An introduction to thinking about risk December 4th, 2024
• Free digital security checkups for people/organizations concerned about the incoming US government November 11th, 2024
• Why you should run for the DSF Board, and my goals for the DSF in 2025 October 18th, 2024
• If we had $1,000,000… October 8th, 2024
• Ethical Applications of AI to Public Sector Problems October 1st, 2024
• All I Need to Know About Engineering Leadership I Learned From Leave No Trace July 12th, 2024
• Paying More for Media June 11th, 2024
• Why I'm Not Writing a Productivity Series April 4th, 2024
• Mentorship, coaching, sponsorship: three different — and equally important — tools for developing talent April 1st, 2024
• Discussing Open Source funding and sustainability on the Sustain podcast March 29th, 2024
• Talking about Django's history and future on Django Chat March 20th, 2024
• So you've been reorg'd... March 12th, 2024
• Estimating Software Projects: Breaking Down Tasks March 11th, 2024
• Paying people to work on open source is good actually February 16th, 2024
• Tracking Engineering Time February 7th, 2024
• Philanthropy Update January 10th, 2024
• My Diverse Hiring Playbook January 4th, 2024

2023

• Managing Technical Debt December 20th, 2023
• Making Decisions: First decide how to decide: “one weird trick” for easier decisions December 5th, 2023
• Making Decisions: RFC processes are a poor fit for most organizations December 1st, 2023
• Professionalism: No Yelling November 21st, 2023
• Performance Is Contextual November 20th, 2023
• How to Build Trust November 16th, 2023
• Does someone need to be a good manager to give good management advice? November 16th, 2023
• Seniority and self-management: you don't have to do this alone October 4th, 2023
• RTO vs WFH: my default recommendations for remote vs colocated teams September 29th, 2023
• Team size isn't a measure of success September 11th, 2023
• Mailbag: Should you give candidates feedback on their interview performance? August 25th, 2023
• Do I need a consultant, contractor or employee? August 24th, 2023
• Hire for Floors, not Ceilings August 16th, 2023
• Giving It All Away: My Philanthropic Plan May 15th, 2023
• Follow-ups to "Incompetent but Nice" March 31st, 2023
• Incompetent but Nice March 28th, 2023

2022

• Professionalism: You should maintain a transition file November 9th, 2022
• Performance "Seasons" Are Useless — Use Anniversary Reviews Instead October 25th, 2022
• The Intersection of Tenure and Seniority October 20th, 2022
• Writing With Copilot October 14th, 2022
• When Is Short Tenure a Red Flag? October 14th, 2022
• Is this a parable about software development? October 13th, 2022
• Role Title Terminology October 12th, 2022
• Post-interview recommendations: a case against 'maybe' September 23rd, 2022
• Quality Is Systemic September 9th, 2022
• Taking notes in interviews August 12th, 2022
• Panel interviews don't work July 8th, 2022
• Checking References: What to do if a reference check goes wrong July 6th, 2022
• Checking References: How to Check References June 24th, 2022
• Checking References: Yes, You Should Check References June 22nd, 2022
• DORA Metrics: the Right Answer to measuring engineering team performance June 17th, 2022
• Making a Compelling Offer — in this economy? June 16th, 2022
• Mailbag: Dealing With Misalignment While Hiring May 23rd, 2022
• Professionalism: Honesty is a professional behavior May 19th, 2022
• Professionalism: What is “professionalism” and why am I writing about it? April 12th, 2022
• Is my advice too mercenary? April 11th, 2022
• Your last one-on-one: what to do instead of an exit interview April 7th, 2022
• Exit Interviews Are a Trap April 4th, 2022
• That Wild Ask A Manager Story February 14th, 2022
• I was on The Changelog February 14th, 2022
• Developing a Values Interview Question January 31st, 2022
• Book Review: Powerful (Patty McCord) January 18th, 2022
• Year in Review: 2021 January 7th, 2022
• Work Sample Tests: Wrap Up and Q&A January 6th, 2022

2021

• Work Sample Tests: What doesn't work (and why) December 30th, 2021
• Work Sample Tests: Labs & Simulation Environments December 24th, 2021
• Volunteer Responsibility Amnesty Day December 20th, 2021
• Work Sample Tests: ‘Reverse’ Code Review December 15th, 2021
• Work Sample Tests: Bring Your Own Code December 7th, 2021
• Work Sample Tests: Pair Programming November 30th, 2021
• Work Sample Tests: Coding “Homework” November 23rd, 2021
• Work Sample Tests: A Framework for Good Work Sample Tests: Eight Rules for Fair Tests November 17th, 2021
• Work Sample Tests: The tradeoff between inclusivity and predictive value November 10th, 2021
• Work Sample Tests: Introduction to Work Sample Tests November 9th, 2021
• When you're a manager, your behavior is under a microscope October 26th, 2021
• Dear Potheads, You Can Work for the U.S. Government, Maybe October 25th, 2021
• Simple Product Management Tricks October 20th, 2021
• What is your labor worth? Tech compensation in 2021 October 13th, 2021
• Delegation: How to Delegate Meeting Attendance October 6th, 2021
• Delegation: Briefing a Delegate September 27th, 2021
• People- vs Results-Oriented Management: Both Work! September 22nd, 2021
• Delegation: Delegate Outcomes, Not Methods July 21st, 2021
• Delegation: Make Failure A (Safe) Option July 20th, 2021
• Delegation: “Give Away Your Toys” July 19th, 2021
• Delegation: What's delegation? July 19th, 2021
• Probably Are Gonna Need It: Application Security Edition July 8th, 2021
• Book Review: Team Topologies July 5th, 2021
• The VPP/VPE Relationship June 16th, 2021
• Estimating Software Projects: So you messed up. Now what? June 8th, 2021
• Estimating Software Projects: The art of the SWAG June 2nd, 2021
• Estimating Software Projects: My Software Estimation Technique May 25th, 2021
• Estimating Software Projects: Software Estimation Is Hard. Do It Anyway. May 20th, 2021
• 2021 DBIR Highlights May 18th, 2021
• Positive feedback is different from praise May 12th, 2021
• The Mass Email Mistake May 10th, 2021
• Three Feedback Models April 22nd, 2021
• The Fundamental Purpose of Middle Management: Context Down, Information Up April 19th, 2021
• Are You Stuck On Vision, Strategy, or Tactics? April 16th, 2021
• Embrace the Grind April 7th, 2021
• Mailbag: Adapting Interview Questions for Junior Candidates March 29th, 2021
• “Fair” Doesn't Mean “Equal” March 28th, 2021
• How managers should respond to defensiveness after feedback March 23rd, 2021
• The Three Kinds of Organizational Power March 15th, 2021
• How Long Does It Take to Hire Someone? March 11th, 2021
• Coworking With a Friend to Write More March 9th, 2021
• “Why Did You Leave Your Last Job?” March 8th, 2021
• How to Give a Status Update To Executives March 5th, 2021
• Unpacking Interview Questions: Types of Interview Questions March 1st, 2021
• Effective Organizations Value Autonomy February 26th, 2021
• Unpacking Interview Questions: Interview Question Series Wrap Up February 15th, 2021
• Unpacking Interview Questions: The Weakness Question February 12th, 2021
• Unpacking Interview Questions: “Tell Me About a Disagreement…” February 11th, 2021
• Unpacking Interview Questions: Diversity, Equity, and Inclusion February 10th, 2021
• Unpacking Interview Questions: “Tell Me About a Project You Led…” February 9th, 2021
• Unpacking Interview Questions: “Explain a Topic At Multiple Levels…” February 8th, 2021
• SOCCR: the framework I use for decision briefs January 30th, 2021
• How to gather consensus before a big decision January 18th, 2021
• Hangar's Dumb Security Questionnaire January 15th, 2021
• Why I'm excited to get a COVID vaccine January 13th, 2021
• Articles for r2c: Bringing Security along on the CI/CD journey January 11th, 2021
• Designing Engineering Organizations January 5th, 2021

2020

• AI is catching up to the hype December 28th, 2020
• Measuring Hiring Manager Effectiveness September 14th, 2020
• Articles for r2c: Not all attacks are equal: understanding and preventing DoS in web applications September 11th, 2020
• Training Interviewers September 8th, 2020
• Articles for r2c: Preventing SQL Injection in Django May 15th, 2020
• What accomplishments sound like on software engineering resumes May 8th, 2020
• Layoffs are Coming March 13th, 2020
• Django's new governance model March 12th, 2020
• The Innovation/Execution Spectrum February 18th, 2020
• "Where did we get lucky?" February 4th, 2020
• Demos, Prototypes, and MVPs January 16th, 2020
• 📣 Now on Google Cloud Run January 5th, 2020

2019

• My Python Development Environment: My Python Development Environment, 2020 Edition November 11th, 2019
• My questions for prospective employers (Director/VP roles) April 23rd, 2019
• IQ isn't enough to get hired April 3rd, 2019
• Goals aren't enough; you have to talk about performance, too April 1st, 2019

2018

• My interview kickoff script, annotated November 29th, 2018
• Hire me to help you hire November 27th, 2018
• A bit of smart security design from Tiller November 19th, 2018
• 2018 life update May 3rd, 2018
• A reading list for new engineering managers May 2nd, 2018
• The Moment April 2nd, 2018
• My Python Development Environment: My Python Development Environment, 2018 Edition February 21st, 2018

2017

• You have two jobs November 1st, 2017
• Five stories about the California Wildfires you probably missed October 22nd, 2017
• Don't include social engineering in penetration tests June 27th, 2017

2016

• Getting started with pytest November 27th, 2016
• Django Under the Hood 2016 Highlights November 22nd, 2016
• So you want a new admin? May 26th, 2016
• Ratchets & Levers May 19th, 2016
• 2016 DBIR Highlights April 27th, 2016
• A reading list for InfoSec engineers April 20th, 2016
• Psychological safety in the InfoSec industry April 18th, 2016

2015

• How do you run distributed standups? June 4th, 2015
• Shanley and my PyCon talk June 1st, 2015

2014

• Uber and the Fourth Estate November 18th, 2014
• Python Programmers Support the Ada Initiative September 23rd, 2014
• Re: What Can Men Do? April 25th, 2014
• The limits of "unlimited" vacation March 18th, 2014
• Retiring as BDFLs January 13th, 2014

2013

• Bagels December 2nd, 2013
• To my friends in the Node community November 30th, 2013
• On TRUCEConf November 9th, 2013
• Personal lessons from XOXO September 22nd, 2013
• Join me in supporting the Ada Initiative August 27th, 2013
• Getting features into Django May 23rd, 2013
• I've joined Heroku May 13th, 2013

2012

• Auto-building Sphinx docs May 24th, 2012
• Measuring the Django Community: The Django community in 2012 March 5th, 2012

2011

• DIY supplies October 31st, 2011
• Why conferences need a code of conduct August 4th, 2011
• P.J. Eby on PyPI July 5th, 2011
• Is there a market for paid Django apps? June 28th, 2011
• A REST wankery question May 25th, 2011
• I refuse to tolerate assholes May 19th, 2011
• Work for me! April 25th, 2011
• Help desk software? March 4th, 2011

2010

• Configuration and architecture November 9th, 2010
• CI is hard! November 8th, 2010
• Office hours November 7th, 2010
• Django classes: deployment, ecosystem November 4th, 2010
• How to roast a chicken November 3rd, 2010
• Django gotcha: concrete inheritance November 2nd, 2010
• What's your favorite Django app? November 1st, 2010
• "Web Scale" October 28th, 2010
• Peter Norvig on programming languages October 18th, 2010
• man tar August 3rd, 2010
• Mark Shuttleworth on Tribalism July 31st, 2010
• GvR on commit privileges July 26th, 2010
• What to do when PyPI goes down July 20th, 2010
• Backwards compatibility June 9th, 2010
• util June 8th, 2010
• Dynamic form generation February 28th, 2010
• Early registration for my Advanced Django class ends soon February 16th, 2010
• To hell with web standards February 12th, 2010

2009

• Fixing PostgreSQL's default encoding on Ubuntu 9.10 December 12th, 2009
• Writing Great Documentation: You need an editor November 12th, 2009
• Writing Great Documentation: Technical style November 11th, 2009
• Writing Great Documentation: What to write November 10th, 2009
• My travel kit November 9th, 2009
• Measuring the Django Community: The Django community in 2009 November 6th, 2009
• Thank you, Rails November 5th, 2009
• On commit bits November 4th, 2009
• Lessons from Rackspace's downtime November 3rd, 2009
• The power of "no" November 2nd, 2009
• SEO scumbags October 29th, 2009
• QFT October 20th, 2009
• Job opportunity: engineer at Whiskey Media October 13th, 2009
• * is Unix October 7th, 2009
• Python is Unix October 6th, 2009
• Django Master Class, October 16 September 18th, 2009
• Contributor License Agreements September 17th, 2009
• Snakes on the Web September 4th, 2009
• Reminder: Django Training August 7th, 2009
• Django Training July 20th, 2009
• Twenty questions about the GPL July 13th, 2009
• Django internals: authentication July 13th, 2009
• Professionalism July 4th, 2009
• SVN usability June 30th, 2009
• Looking for a Django developer? June 10th, 2009
• More buildout notes April 20th, 2009
• Developing Django apps with zc.buildout April 15th, 2009
• Nobody expects Python packaging! April 13th, 2009
• Hooray for standards April 9th, 2009
• Python implementation details March 26th, 2009
• It's time for a change March 4th, 2009
• FAQ: Untrusted users and HTML February 24th, 2009
• The taste of shame and humiliation February 2nd, 2009
• Why I'm excited about Python 3 January 22nd, 2009
• Descriptivists and Prescriptivists January 13th, 2009
• What is django.contrib? January 8th, 2009

2008

• "Syntactic Sugar" November 22nd, 2008
• Typography: Rhythm & Proportion November 21st, 2008
• Minimalism November 18th, 2008
• REST worst practices November 14th, 2008
• PyCon Braindump March 19th, 2008
• Help OSI March 18th, 2008
• Sailing on… February 21st, 2008
• A picture is worth a thousand words January 30th, 2008
• Shameless self-promotion January 29th, 2008

2007

• Django Book Update November 13th, 2007
• Of the Web October 19th, 2007
• CouchDB first impressions October 18th, 2007
• The sorry state of database journalism September 12th, 2007
• My "personal security" plan August 31st, 2007
• Seasoning Templates July 19th, 2007
• Die, Marker Felt, Die! July 16th, 2007
• Dear Adobe July 2nd, 2007
• Some guesses about the future May 31st, 2007
• Django projects May 22nd, 2007
• Django Internships at the Journal-World May 2nd, 2007
• Measuring the Django Community: Circles of Django (2007) March 22nd, 2007
• You vs. the Real World March 12th, 2007
• Jimbo's Number March 6th, 2007
• Ripped by Engadget March 5th, 2007
• Five things I hate about Python March 4th, 2007
• Overheard at PyCon February 23rd, 2007
• I don't care whose is bigger February 19th, 2007
• Fried Chicken January 29th, 2007

2006

• How the news breaks November 8th, 2006
• Wanted: kick-ass sysadmin September 18th, 2006
• Pronouncement August 22nd, 2006
• Post-OSCONum part 1: try not to suck July 28th, 2006
• "Show-stoppers" July 20th, 2006
• Digg dugg July 17th, 2006
• Bad dog! July 10th, 2006
• Improved text image view June 30th, 2006
• Django OSCON shirts June 27th, 2006
• Django propaganda May 3rd, 2006
• A complete waste of time April 21st, 2006
• Django meetup in Palo Alto April 12th, 2006
• Merquery March 29th, 2006
• Quiet Enjoyment March 23rd, 2006
• Free server? Probably not March 22nd, 2006
• Free servers? March 2nd, 2006
• Django stuff at Pycon March 2nd, 2006
• WWBD February 17th, 2006
• Template + Cache = Crazy Delicious January 31st, 2006
• Why you should use Django January 27th, 2006
• Strike averted January 13th, 2006
• Done January 4th, 2006

2005

• Dojo gets a manual December 23rd, 2005
• Django, meet Dojo December 19th, 2005
• Have more… December 14th, 2005
• Django performance tips December 12th, 2005
• Hiring, part II December 8th, 2005
• We're hiring! December 7th, 2005
• Lightpd on Ubuntu December 5th, 2005
• What can Django learn from Rails? December 5th, 2005
• allofmp3.com RSS feed September 22nd, 2005
• Private Dancer? September 9th, 2005
• A note to web designers August 26th, 2005
• A quick comparison August 22nd, 2005
• Sera's Pancakes August 21st, 2005
• Django and Rails August 16th, 2005
• Reboot August 15th, 2005