I helped create Django, the leading Python web framework. I have over a decade of experience in engineering leadership as a consultant, director, and open source leader.
Aug 2016 - May 2018
Supervisor for one quarter of the Engineering organization, including two assistant managers. Responsible for regular check-ins, feedback on performance, coaching staffing on improving technical and interpersonal skills, performance reviews, and promotions/raises. As part of the Engineering Leadership team, responsible for grading and promotion standards, organization- wide management practices like one-on-ones and feedback mechanisms, hiring, and project staffing.
• Re-built Engineering’s hiring process, including creating and improving standard hiring criteria, interview guides, technical assignments for candidates, and training interviewers in interviewing techniques.
• Published these hiring guides publicly to help improve the inclusivity of our hiring process, and spread hiring best practices throughout government and private industry.
• Led hiring for the Engineering chapter, including leading interviews for multiple positions, selecting and training interview panels, and making final hire/no-hire decisions.
• Led the creation and launch of the TTS Bug Bounty, the first security bug bounty run by a civilian government agency. Served as Project Manager post- launch. Published policies and procurement documentation to guide other agencies in adopting their own Bug Bounties.
• Advocated for Bug Bounties and Vulnerability Disclosure Policies throughout government, including briefing the Federal CIO Council and the US Senate Homeland Security & Governmental Affairs Committee.
Mar 2016 - Mar 2017
Responsible for improving the security engineering practices at 18F, and providing expert assistance on secure engineering to 18F and our agency partners.
• Started and led 18F’s Security Working Group, responsible for tracking and coordinating Information Security-related work across 18F.
• Led hiring for security engineers, a new role at 18F. Created role description, led hiring, and developed performance plans.
• Provided security assistance to various 18F product teams, including cloud.gov, and login.gov.
• Provided security and DevOps consulting to California Child Welfare Digital Services.
• Developed incident response guides for 18F, and for the cloud.gov team. Conducted tabletop exercises to train teams in their use.
• Trained project teams, most notably login.gov, on the use of STRIDE-based threat modeling techniques, and helped them integrate proactive security work into their workflow.
Director of Security
May 2013 - Jan 2016
Led Heroku’s Security team. Accountable for information security at the company, as well as responsible for building a security product for millions of apps running on the world’s biggest PaaS. Managed a team of 8-10 security engineers, with major areas of responsibility in Product Security, Incident Response, and Risk/Compliance.
• Built Heroku’s formal security programs from scratch, covering Product Security, Incident Response, and Risk/Compliance.
• Hired and and built a team to support these programs.
• Led substantial gains in our security and compliance posture, which directly translated to increased Enterprise sales and ability to launch new security- focused products.
• Led major engineering initiatives to increase our defensive security, such as adoption of 2FA across all services, increased visibility into production systems, and quicker and easier software updates. These improvements prevented a minor breach from getting worse, and vastly sped up our organizational response to critical security vulnerabilities like Heartbleed.
• Served as Project Manager on many cross-organization projects, including substantial compliance and security projects (Safe Harbor, PCI, HIPAA, internal security benchmarks).
• As part of the Engineering Leadership team, helped establish grading and promotion standards, built organization-wide management practices like one-on- ones and feedback mechanisms, and participated in designing and implementing our overall Product and Engineering structure and workflow.
• Brought Heroku’s security practices into alignment with the standards established by our parent organization, Salesforce.com, an industry-leader in Trust and Security.
Mar 2009 - Present
Co-owner of Revolution Systems, a consultancy specializing in web application development and scalability.. Responsible for consoling with clients on hardening and scaling existing systems, including training, technical team-building, consulting on systems design and high-level strategy. Clients include: LexisNexis, National Geographic, USA Today, DealerTrack, Threadless, Cox Media Group, Urban Airship, Wharton Business School.
• Increased revenues 10-fold since joining as partner.
• Hired and managed a team staff engineers, as well as occasional subcontractors.
• Served as a “virtual CTO” for several clients, helping to recruit and build teams or engineering organizations as small as 5 and as large as 1,500 staff.
• Trained organizations in Python, Django, PostgreSQL, and related technologies.
Mar 2008 - Feb 2009
Served as the Django expert for the engineering team building a content management system backing GiantBomb.com, Tested.com, and others.
Aug 2005 - Mar 2008
Lead developer on Ellington, a news publishing platform build in Python/Django.
Aug 2004 - Aug 2005
Developer on Ellington, a news publishing platform build in Python/Django. Managed the initial open source release of Django in 2005.
Nov 2003 - Aug 2004
Developed an in-house CMS framework in PHP for design clients. Clients included Grand Marnier USA, Johnnie Walker Black Label, and USA Networks.
Jan 2000 - Jul 2003
Led the design and development of a web-based wide-area video monitoring system marketed to harbors, airports and transportation companies. Clients included the Santa Cruz Harbor, the Port of Los Angeles, and CalTrans.
University of California, Santa Cruz
1999 - 2003
Part of the original team that created Django in 2004. Led development until January 2014, continuing as part of the core team since. Wrote the Django Code of Conduct, becoming one of the first major open source projects to adopt a Code of Conduct. Our version has since been forked and re- used by several other open source communities.
Founded the Django Software Foundation in 2008. Served as President until 2010, and as a Board Member until 2012.
- Email Jacobjacob@jacobian.org
- (785) 766-2474