Protecting GitHub’s 100M Developers
Plus, AI turns 1, managing resources cross-functionally, and more.
What does protecting the more than 100 million developers on GitHub’s platform take? And what can your team learn from GitHub’s impressive security posture?
On this week’s episode, co-host
is joined by , VP and Deputy Chief Security Officer at GitHub. Join them as they discuss Jacob's journey from the NSA to GitHub, delving into how AI impacts the security space and the future of Copilot's ever-expanding capabilities.The conversation also explores how enhancing customer trust, investing in diversity within security teams, and bringing security to where developers work are critical in improving security industry-wide.
Whether you’re protecting dozens of users or millions, Jacob has practical advice for engineering leaders everywhere.
"If you're an engineering leader working with a security team, ask for a postmortem on a security incident.
Go sit in and listen to the gory details of the last red team exercise and understand what the red team did and how they did it. Get smart on how threat actors are approaching your systems and understand how you can engineer towards a better solution and be more productive and learn from it."
Episode Highlights:
02:30 Intersection of DevOps and security
06:00 Research in cybersecurity
14:30 AI’s impact on the security space
21:00 Jacob’s career at the NSA
28:00 Advice for engineering leaders (focus on the fundamentals!)
34:00 The future of security teams and industry collaboration
The Download
The Download is engineering leadership content we’re reading, watching, and attending that we think you might find valuable.
1. Happy 1st Birthday, A.I.
Ok, AI has been in development for decades, but it’s been a year since ChatGPT launched, kicking off the AI-everywhere-all-at-once world we now live in.
Between the lessons learned in 2023 and the predictions for AI in 2024,
’s article below argues that:“The first year of AI in software engineering marked a paradigm shift in how developers code.”
Read: A.I.’s Impact In Its First Year In Software Engineering
2. Driverless dilemma: industry seeks federal aid
Following a recent crash involving a driverless car in San Francisco, the autonomous vehicle industry is seeking support from US Transportation Secretary Pete Buttigieg. Facing competition from China and grappling with safety and trust issues, the industry is imploring the federal government to get in the driver’s seat.
Read: The AV industry sends an SOS to Pete Buttigieg
Your DORA Metrics. 100% free. Forever.
High-performing software engineering teams love DORA metrics. But it’s not always simple for leaders to access up-to-date data on their teams — and it’s often expensive.
Not anymore. LinearB is introducing Free DORA metrics for all.
All-Inclusive Access: Get all four DORA metrics – Cycle Time, Deploy Frequency, Change Failure Rate (CFR), and Mean Time to Recovery (MTTR) with no restrictions on team size, contributors, or repos.
Benchmark & Improve: Compare your performance against industry benchmarks and enhance team efficiency with additional metrics like Merge Frequency and Pull Request Size – crucial for assessing quality and efficiency.
Forever Free: Gain these invaluable insights at no cost. No credit card, no strings attached.
Elevate your team's capabilities today. Sign up for your free DORA dashboard and let data-driven insights guide your team to new heights.
3. Your teams and resource management
Juggling full-stack resources across multiple teams? Check out this short and sweet read from
’s newsletter, Lessons in Engineering Leadership.4. Don’t be afraid to refactor
Earlier this year Dan Lines interviewed Flowcode’s CTO
on the podcast. During their conversation on why teams everywhere seem to be losing the plot when it comes to shipping code, Mike dropped a great reminder - don’t be afraid to refactor!“If you’re afraid to refactor, it’s just an inevitability of problems later on.“