Jacob Kaplan-Moss

Partner, Revolution Systems LLC

About

I helped create Django, the leading Python web framework. I have over a decade of experience in engineering leadership as a consultant, director, and open source leader.

Experience

  • Engineering Supervisor

    18F (US General Services Adminstration)

    Aug 2016 - May 2018

    Supervisor for one quarter of the Engineering organization, including two assistant managers. Responsible for regular check-ins, feedback on performance, coaching staffing on improving technical and interpersonal skills, performance reviews, and promotions/raises. As part of the Engineering Leadership team, responsible for grading and promotion standards, organization- wide management practices like one-on-ones and feedback mechanisms, hiring, and project staffing.

    • Re-built Engineering’s hiring process, including creating and improving standard hiring criteria, interview guides, technical assignments for candidates, and training interviewers in interviewing techniques.
    • Published these hiring guides publicly to help improve the inclusivity of our hiring process, and spread hiring best practices throughout government and private industry.
    • Led hiring for the Engineering chapter, including leading interviews for multiple positions, selecting and training interview panels, and making final hire/no-hire decisions.
    • Led the creation and launch of the TTS Bug Bounty, the first security bug bounty run by a civilian government agency. Served as Project Manager post- launch. Published policies and procurement documentation to guide other agencies in adopting their own Bug Bounties.
    • Advocated for Bug Bounties and Vulnerability Disclosure Policies throughout government, including briefing the Federal CIO Council and the US Senate Homeland Security & Governmental Affairs Committee.

  • Security Lead

    18F (US General Services Administration)

    Mar 2016 - Mar 2017

    Responsible for improving the security engineering practices at 18F, and providing expert assistance on secure engineering to 18F and our agency partners.

    • Started and led 18F’s Security Working Group, responsible for tracking and coordinating Information Security-related work across 18F.
    • Led hiring for security engineers, a new role at 18F. Created role description, led hiring, and developed performance plans.
    • Provided security assistance to various 18F product teams, including cloud.gov, and login.gov.
    • Provided security and DevOps consulting to California Child Welfare Digital Services.
    • Developed incident response guides for 18F, and for the cloud.gov team. Conducted tabletop exercises to train teams in their use.
    • Trained project teams, most notably login.gov, on the use of STRIDE-based threat modeling techniques, and helped them integrate proactive security work into their workflow.

  • Director of Security

    Heroku

    May 2013 - Jan 2016

    Led Heroku’s Security team. Accountable for information security at the company, as well as responsible for building a security product for millions of apps running on the world’s biggest PaaS. Managed a team of 8-10 security engineers, with major areas of responsibility in Product Security, Incident Response, and Risk/Compliance.

    • Built Heroku’s formal security programs from scratch, covering Product Security, Incident Response, and Risk/Compliance.
    • Hired and and built a team to support these programs.
    • Led substantial gains in our security and compliance posture, which directly translated to increased Enterprise sales and ability to launch new security- focused products.
    • Led major engineering initiatives to increase our defensive security, such as adoption of 2FA across all services, increased visibility into production systems, and quicker and easier software updates. These improvements prevented a minor breach from getting worse, and vastly sped up our organizational response to critical security vulnerabilities like Heartbleed.
    • Served as Project Manager on many cross-organization projects, including substantial compliance and security projects (Safe Harbor, PCI, HIPAA, internal security benchmarks).
    • As part of the Engineering Leadership team, helped establish grading and promotion standards, built organization-wide management practices like one-on- ones and feedback mechanisms, and participated in designing and implementing our overall Product and Engineering structure and workflow.
    • Brought Heroku’s security practices into alignment with the standards established by our parent organization, Salesforce.com, an industry-leader in Trust and Security.

  • Partner

    Revolution Systems

    Mar 2009 - Present

    Co-owner of Revolution Systems, a consultancy specializing in web application development and scalability.. Responsible for consoling with clients on hardening and scaling existing systems, including training, technical team-building, consulting on systems design and high-level strategy. Clients include: LexisNexis, National Geographic, USA Today, DealerTrack, Threadless, Cox Media Group, Urban Airship, Wharton Business School.

    • Increased revenues 10-fold since joining as partner.
    • Hired and managed a team staff engineers, as well as occasional subcontractors.
    • Served as a “virtual CTO” for several clients, helping to recruit and build teams or engineering organizations as small as 5 and as large as 1,500 staff.
    • Trained organizations in Python, Django, PostgreSQL, and related technologies.
    • Wrote web applications to client specifications using Python, Django, PostgreSQL, JavaScript, and related technology.

  • Software Architect

    Whiskey Media

    Mar 2008 - Feb 2009

    Served as the Django expert for the engineering team building a content management system backing GiantBomb.com, Tested.com, and others.

  • Lead Developer

    Lawrence Journal-World

    Aug 2005 - Mar 2008

    Lead developer on Ellington, a news publishing platform build in Python/Django.

  • Web Developer

    Lawrence Journal-World

    Aug 2004 - Aug 2005

    Developer on Ellington, a news publishing platform build in Python/Django. Managed the initial open source release of Django in 2005.

  • Lead Developer

    ID Society

    Nov 2003 - Aug 2004

    Developed an in-house CMS framework in PHP for design clients. Clients included Grand Marnier USA, Johnnie Walker Black Label, and USA Networks.

  • Software Developer

    Radar/Digital Systems

    Jan 2000 - Jul 2003

    Led the design and development of a web-based wide-area video monitoring system marketed to harbors, airports and transportation companies. Clients included the Santa Cruz Harbor, the Port of Los Angeles, and CalTrans.

Education

  • University of California, Santa Cruz

    BA, Literature

    1999 - 2003

Projects

  • Core Team, Django

    Part of the original team that created Django in 2004. Led development until January 2014, continuing as part of the core team since. Wrote the Django Code of Conduct, becoming one of the first major open source projects to adopt a Code of Conduct. Our version has since been forked and re- used by several other open source communities.

  • Founder, Django Software Foundation

    Founded the Django Software Foundation in 2008. Served as President until 2010, and as a Board Member until 2012.

Contact