If You’re Going to Hang Pictures in San Francisco

I grew up pretty much smack dab on the middle of the Canadian Shield, one of the more seismically stable places on the planet. Now that I live in San Francisco, I’m basically always thinking about how to survive an earthquake. When I went to hang some pictures, this ended up being a major research project, so for all my Canadian friends in the Bay Area or just other paranoid types, here’s what you need to have pictures hung as well as these:

1) OOK Tremor Hangers – these babies have a clip to keep your cable from jumping out of the hook, and come with OOK’s excellent hardened picture-hanging nails. The kit I linked to is the best deal for a bunch of them; if you need fewer, check out Home Depot. One alternative which some friends speak highly of but which I haven’t tried are the Quakehold “maze” style hangers – these might be easier to find at your hardware store, too.

2) Quakehold Putty – it’s like the blue sticky tacky stuff used to put posters up in camp and university dorms, except it doesn’t stain everything that nasty greasy blue. There’s even a clear version for sticking glassware to shelves etc.

3) 3M Picture Hanging Strips – I could write a whole blog post about how much I freaking love 3M Command Adhesive stuff. It’s the best. The picture strips are this weird velcro-like stuff that is great for hanging lightweight stuff on its own, or also are great at stabilizing and load-balancing in conjunction with the OOK hangers.

Those will do you right for drywall walls. If you’re a renter and nervous about your landlord noticing your hasty post-move-out spackle job, I highly recommend the 3M Sticky Nails. They don’t have clips like the OOKs, but if you’ve got quake putty and the hanging strips you’ll be alright up to a point. There’s a version for sawtooth type picture frames (which I hate), or wire-backed.

I had one concrete wall at my first SF apartment (the one that jacked up my rent by $500/mo when the lease was up for renewal… needless to say I don’t live there any more) and this taught me the joys of hard wall hangers. These are plastic hooks with small nails embedded in them, which will get just enough grip on a concrete wall to hold up a pretty large picture. I was nervous about the cable “jumping” out of the anchor, so I fashioned a complicated arrangement where I sandwiched the cable between the anchor hook on the bottom and a 3M Command “sticky nail” on top to keep the wire from jumping. And earthquake putty on both the anchor hook itself as well as a couple places on the frame. And 3M picture strips on the sides. This was a real belt and suspenders kinda operation…

Which is good, because four days after I finished hanging those pictures, there was a minor earthquake. All of my stuff stayed securely on my walls. Victory!

I’ve linked to products on Amazon, but Home Depot carries all of these as well, and the Container Store has quake putty and the full assortment of 3M Command delights. Cole Fox, which is a wonderful local hardware chain in SF, carries putty, 3M stuff, and hard wall hangers, the “maze” hangers, and some safety/tremor hangers that look similar to the OOK ones.

Happy picture hanging!

If you tell a story three times, blog it

Most anyone I know will confirm that I love telling stories. I stew on and re-tell anecdotes, and given enough of them on a given topic string them together into theories – theories of organization, models to understand and change the world. I sometimes forget that I’ve told you a particular story before, and tell it again – sorry about that 🙂

I’m a big fan of the CBC’s annual Massey Lectures, and one of my favourites is Thomas King’s “The Truth About Stories: A Native Narrative” from 2003. In it, King tells us as a sort of refrain or chorus that “the truth about stories is that’s all we are.” It’s one of those lines that gets under your skin, that sticks with you. It’s stuck with me for over a decade.

He closes one of the stories he tells in the lectures as such:

Take Charm’s story, for instance. It’s yours. Do with it what you will. Tell it to friends. Turn it into a television movie. Forget it. But don’t say in the years to come that you would have lived your life differently if only you had heard this story. You’ve heard it now.

This is we tell stories – in the hopes of sharing things we’ve learned, of giving another person data to “life their life differently” – whether by choosing to take a particular story into account, or to not do so. We tell stories in the hopes that we’ll help others make better mistakes. Or at least, different ones.

(As an aside, this year’s Massey Lecturer will be Margaret Macmillan, a historian whose work I’ve long admired. I’m looking forward to listening to it – listening to the CBC keeps me from getting too homesick.)

I’ve been trying to write more lately, and one metric I’ve been using is that if I tell a story more than three times, I should blog about it. So far this has resulted in dozens of drafts strewn across WordPress, Trello, and Google Drive, but I found myself telling people my idea that if you tell a story three times you should blog it… at least three times, so here we are.

Some of the stories I am hoping to tell this year:

  • finishing my series of posts on undermanagement in tech
  • magical thinking and time
  • Fuck Yes” But No
  • on coping with finding out that one’s friend is an abuser
  • how pair programming is like piloting a Jaeger in Pacific Rim
  • revisiting Naomi Klein’s No Logo in the context of the Gig Economy
  • how impostor syndrome is a perfectly rational outcome of being called an impostor all the time

Here’s to a 2015 full of more stories 🙂

Leigh’s Informal Security Salary Survey 2014

The ISC2 is running their annual salary survey, but I want something a bit more personal, and hopefully, localized. So I’m going to run my own survey. Hopefully I don’t end up regretting this 🙂

Send me as much or as little of the following via FB message, email (salaries at hypatia dot ca), Twitter DM, or carrier pigeon, and I will collate, anonymize, and publish the results:

  • Company
  • Title
  • City/Country
  • Base Salary
  • On hire stock and cash
  • Annual bonus (stock and cash)
  • Education level
  • Years at current job
  • Total years experience
  • Gender / ethnicity if you’re comfortable sharing – I will only use these in aggregate because they are so identifying when one is a minority 😦

Anonymization-wise, I will bucketize the titles so they aren’t too specific. I will report all figures in $10k bands and years of experience in ~3-year ranges for obfuscation purposes. For companies with fewer than 5 reports, I won’t mention the company. I’m really good at de-anonymization; I’ll apply that level of expertise to anonymizing your data. And I will delete your data once I’m done this project.

Joining the advisory board of Mod N Labs

I’m pleased to announce that I am joining Mod N Labs, a new security startup accelerator based in San Francisco, as an advisor. I’ll bring my industry experience as well as diversity and inclusion expertise as we help entrepreneurs build the next generation of security companies. I’m still at Heroku as my day job – it continues to be awesome.

If you have a cool security startup idea and would like to work with an amazing community of advisors and investors, please reach out – we want to hear from you. We are particularly interested in hearing from founders who are currently underrepresented in the security industry, including women, people of colour, LGBTQ people, and people with disabilities. We recognize that there is a mountain of research showing that diverse teams perform better, and we’d be remiss in not seeking out founders as diverse as the security landscape we live in.

Building a security community I want to stay in

Leigh Honeywell teaching an Ally Skills workshop
Yours truly teaching an Ally Skills workshop for the EEOC.

Over the years, I’ve had hundreds of conversations with people of all genders (but mostly men) about what we can do to make tech, and information security in particular, a better place for women. Kids’ programs like r00tz and HacKid make it clear that plenty of girls want to be hackers early on. There is some awesome work happening specifically around increasing the number of women entering the pipeline – NYU’s Career Discovery symposium for women, ACSA‘s scholarships for women studying information security, Tennessee Tech’s Women in Cyber Security Conference, the EWF‘s fellowship at Carnegie Mellon, and many others. But we also have to make things better for the women who are already here.

I myself had a scary brush with burnout in the past year, and with a lot of work and amazingly supportive colleagues I’ve gotten through it. I want to stay in this field – but I need your help to make that happen. So if you’ve ever benefited from something I said or did – had an “ah-ha!” moment, got an interview you wanted, or finally understood threat modeling – I’m asking you to donate to the organization that kept me on this side of burnout: the Ada Initiative.

Donate now

Let me tell you why the Ada Initiative is making it easier for me to stay in infosec. This summer in Las Vegas during Security Conference Extravaganza Week, I taught two free Ally Skills workshops using the materials the Ada Initiative has spent the past three years developing. We make these materials available for free, online, under a Creative Commons license – we want the world to use them. Here are some things people said about the workshop:

“The key to the Ally Skills workshop is that it creates an environment where, with some basic ground rules, it’s possible to talk through all of those awkward day-to-day moments we all face as professionals in an industry with a gender disparity. Turning the cringeworthy into the teachable is no small feat, but the structure of the workshop makes it not only possible, but fun and surprisingly painless. Awesomesauce.” –Shawn Moyer

“As a woman in security, I thought I knew everything there was to know on the subject, and mostly attended for the promised snacks. To my surprise, I found the workshop to be deeply meaningful. It was encouraging to be in a room full of considerate people that wanted to improve their community, and it was a fantastic, introspective exercise figuring out what those improvements could be.” –Marisa Fagan

“The material presented and the trainer were both excellent, but what made it stick in a meaningful way were the stories shared by the participants. Everyone contributed thoughtfully which made it much easier to imagine how you might act on the information in real situations.” –Chet Wisniewski

Knowing that I’m not alone – that these people support me and they are going to take action when they see bad stuff going down – lets my shoulders come down from around my ears and allows me to think, hey, maybe I can keep doing this.

So I’m making you a challenge – two challenges, actually. First, if the rest of you donate $2048, I’ll match that donation with my own money. My employer, Salesforce.com, will match that dollar-for-dollar – so the impact of your donation will be tripled. Last year, I made a matching challenge to my friends in the name of my grandmother, architect Janet Leys Mactavish Shaw. You can read about her on Wikipedia – she was a badass lady who would have loved hacking and open technology and culture had she lived to see them happen.

And here’s my second challenge: I heard from a lot of people who were unable to make the workshops in Las Vegas that they would love to attend one. So if we can raise $4096, I will personally teach a free workshop – with content I’ve written specifically for information security – in San Francisco in the next six months.

Donate now

Scaling this workshop up is, to me, one of the most powerful things happening right now in working to improve conditions for women in geeky fields, and especially information security. I want you to join me in making this happen.

“It was great to have conversations, among people who support the aims of geek feminism, about how to handle situations and improve things. Online discussions tend to devolve into debating “how sexist something is”, which “side” is “overreacting”, or worse. Anyone who appreciates the depth, balance, and nuance found on the Geek Feminism wiki would enjoy one of your workshops.” –Jesse Ruderman

“It was enlightening to explore topics around sexism which, as a man in information security, I’m rarely exposed to with such honesty. The ability to have discussions with other men and women in the group was key to fully ingesting Leigh’s great skills lessons and questioning my own attitudes.” –Ryan O’Horo

Charles’ Rules of Argument: the short version

There’s a great piece of Old Internet Culture called Charles’ Rules of Argument. I’ve found it to be extremely useful in how I discuss difficult issues online, in particular in deciding how to pick my battles, what I’m trying to get out of an argument, and how to fight burnout and manage my energy.

You can read the original version if you’re interested in a good yarn, but there’s a wonderful precis of it in the Ada Initiative’s Ally Skills Workshop, which I’ve been teaching a lot over the past few months. Here it is, with my notes in brackets:

  • Don’t go looking for an argument [there will always be enough of those headed your way]
  • State your position once, speaking to the audience [it’s hard to convince people to change their minds, but you can often sway observers who are less invested in Being Correct]
  • Reply one more time to correct any misunderstandings of your first statement [Do this after waiting a bit for replies to roll in]
  • Do not reply again [IMPORTANT]
  • Spend time doing something fun instead [Self care! It’s a thing! You should do! Eat some ice cream, watch trashy TV, hug a friend.]

I find that I often underestimate the toll that Arguing On The Internet takes on my energy levels. It seems amusing at first and then I look up and it’s two hours later and I’m exhausted. Charles’ Rules are incredibly helpful as a tool to keep you mindful of the impact on your life that online debate can have.

If you liked this post, please consider supporting the Ada Initiative’s work during our annual fundraising drive.

Anti-Harassment Training with the EEOC

I’m excited to announce that I’ll be co-teaching a workshop next Friday, September 12th with Justice Marianna Warmee of the EEOC. The workshop is the second day of two days of classes the EEOC is putting on to celebrate the 50th anniversary of the 1964 Civil Rights Act.

The workshop we are teaching (listed as “Harassment Scenarios” in the event program) will combine general material on workplace harassment with a customized version of the Ada Initiative’s Ally Skills Workshop.

You can register for one or both days of the event over on the EEOC’s site.