Building a Safer Internet with HackerOne

Recently I started doing some work with HackerOne and I thought many of you would find it interesting enough for me to share.

A while back my friend Mårten Mickos joined HackerOne as CEO. Around that time we had lunch and he shared with me more about the company. Mårten has an impressive track record, and I could see why he was so passionate about his new gig.

The idea is pretty neat: HackerOne provides a service where companies (e.g. Uber, Slack, General Motors etc, and even The Pentagon) can provide a bug bounty program that invites hackers to find security flaws in their products and services. The company specifies the scope of the program (e.g. which properties/apps), and hackers are encouraged to find and submit vulnerability reports. When a report is approved, the hacker is often issued a payment.

HackerOne is interesting for a few reasons. Firstly, it is helping to build a safer and more secure world. As we have seen in open source, crowdfunding, and crowdsourcing, a productive and enabled community can deliver great results and expand the scope of operations far beyond that of a single organization. This is such a logical fit when it comes to security as the potential attack surface is growing larger and larger every day as more of our lives move into a digital realm.

What I also love about HackerOne is the opportunity it opens up for those passionate about security. It provides a playground where hackers can safely explore vulnerabilities, report them responsibly, build experience and relationships with security teams at popular companies, and earn some money. Some hackers on HackerOne are earning significant amounts of money (some even doing this full-time), and some are just having a blast on evenings and weekends earning some extra cash while having fun hacking.

I am working with HackerOne on the community strategy and execution side and it has been interesting exploring the different elements of building an engaged community of hackers. One of the things I have learned over the years building communities is that every one is different, and that is very much the case for HackerOne.

Familiar Ground

More broadly, it is also interesting to see echoes of similar challenges that faced open source in the early days, but now applied to hacking. Back then the world was presented with the open source model in which anyone, anywhere, could contribute their skills and talents to improve software. Many organizations back then were pretty weirded out by this. They worried about their intellectual property, the impact on their customers, losing control, and how they would manage the PR.

wargames_still8

Believe it or not, WarGames is not a documentary.

In a similar way, HackerOne is presenting a model in which organizations can tap the talents of a distributed community of hackers. While some organizations will have similar concerns to the ones back in the early days of open source, I am confident we will traverse those. This will be great for the Internet, great for organizations, and great for hackers.

Get Involved

If you are a hacker, or a programmer who would like to learn about security and try your hand, go and sign up, then find a program, and submit a report.

If you are an existing HackerOne user, I would also love to hear your feedback, thoughts, and ideas about how we can build the very best community. Feel free to send me an email to jono@hackerone.com – let’s build a powerful, engaged, global community that is making the world more secure and making hackers more successful.

Announcing Jono Bacon Consulting

A little while back I shared that I decided to leave GitHub. Firstly, thanks to all of you for your incredible support. I am blessed to have such wonderful people in my life.

Since that post I have been rather quiet about what my next adventure is going to be, and some of the speculation has been rather amusing. Now I am finally ready to share more details.

In a nutshell, I have started a new consultancy practice to provide community management, innersourcing, developer workflow/relations, and other related services. To keep things simple right now, this new practice is called Jono Bacon Consulting (original, eh?)

As some of you know, I have actually been providing community strategy and management consultancy for quite some time. Previously I have worked with organizations such as Deutsche Bank, Sony Mobile, ON.LAB, Open Networking Foundation, Intel and others. I am also an active advisor for organizations such as AlienVault, Open Networking Foundation, Open Cloud Consortium, Mycroft AI and I also advise some startup accelerators.

I have always loved this kind of work. My wider career ambitions have always been to help organizations build great communities and to further the wider art and science of collaboration and community development. I love the experience and insight I gain with each new client.

When I made the decision to move on from GitHub I was fortunate to have some compelling options on the table for new roles. After spending some time thinking about what I love doing and these wider ambitions, it became clear that consulting was the right step forward. I would have shared this news earlier but I have already been busy traveling and working with clients. 😉

I am really excited about this new chapter. While I feel I have a lot I can offer my clients today, I am looking forward to continuing to broaden my knowledge, expertise, and diversity of community strategy and leadership. I am also excited to share these learnings with you all in my writing, presentations, and elsewhere. This has always been a journey, and each new road opens up interesting new questions and potential, and I am thirsty to discover and explore more.

So, if you are interested in building a community, either inside or outside (or both) your organization, feel free to discover more and get in touch and we can talk more.

Moving on From GitHub

Last year I joined GitHub as Director Of Community. My role has been to champion and manage GitHub’s global, scalable community development initiatives. Friday was my last day as a hubber and I wanted to share a few words about why I have decided to move on.

My passion has always been about building productive, engaging communities, particularly focused on open source and technology. I have devoted my career to understanding the nuances of this work and which workflow, technical, psychological, and leadership ingredients can deliver the most effective and rewarding results.

As part of this body of work I wrote The Art of Community, founded the annual Community Leadership Summit, and I have led the development of community at Canonical, XPRIZE, OpenAdvantage, and for a range of organizations as a consultant and advisor.

I was attracted to GitHub because I was already a fan and was excited by the potential within such a large ecosystem. GitHub’s story has been a remarkable one and it is such a core component in modern software development. I also love the creativity and elegance at the core of GitHub and the spirit and tone in which the company operates.

Like any growing organization though, GitHub will from time to time need to make adjustments in strategy and organization. One component in some recent adjustments sadly resulted in the Director of Community role going away.

The company was enthusiastic about my contributions and encouraged me to explore some other roles that included positions in product marketing, professional services, and elsewhere. So, I met with these different teams to explore some new and existing positions and see what might be a good fit. Thanks to everyone in those conversations for your time and energy.

Unfortunately, I ultimately didn’t feel they matched my passion and skills for building powerful, productive, engaging communities, as I mentioned above. As such, I decided it was time to part ways with GitHub.

Of course, I am sad to leave. Working at GitHub was a blast. GitHub is a great company and is working on some valuable and important areas that strike right at the center of how we build great software. I worked with some wonderful people and I have many fond memories. I am looking forward to staying in touch with my former colleagues and executives and I will continue to be an ardent supporter, fan, and user of both GitHub and Atom.

So, what is next? Well, I have a few things in the pipeline that I am not quite ready to share yet, so stay tuned and I will share this soon. In the meantime, to my fellow hubbers, live long and prosper!

Kindness and Community

On Friday last week I flew out to Austin to run the Community Leadership Summit and join OSCON. When I arrived in Austin, I called home and our son, Jack, was rather upset. It was clear he wasn’t just missing daddy, he also wasn’t feeling very well.

As the week unfolded he developed strep throat. While a fairly benign issue in the scheme of things, it is clearly uncomfortable for him and pretty scary for a 3 year-old. With my wife, Erica, flying out today to also join OSCON and perform one of the keynotes, it was clear that I needed to head home to take care of him. So, I packed my bag, wrestled to keep the OSCON FOMO at bay, and headed to the airport.

Coordinating the logistics was no simple feat, and stressful. We both feel awful when Jack is sick, and we had to coordinate new flights, reschedule meetings, notify colleagues and handover work, coordinate coverage for the few hours in-between her leaving and me landing, and other things. As I write this I am on the flight heading home and at some point she will zoom past me on another flight heading to Austin.

Now, none of this is unusual. Shit happens. People face challenges every day, and many far worse than this. What struck me so notably today though was the sheer level of kindness from our friends, family, and colleagues.

People wrapped around us like a glove. Countless people offered to take care of responsibilities, help us with travel and airport runs, share tips for helping Jack feel better, provide sympathy and support, and more.

This was all after a weekend of running the Community Leadership Summit, an event that solicited similar levels of kindness. There were volunteers who got out of bed at 5am to help us set up, people who offered to prepare and deliver keynotes and sessions, coordinate evening events, equipment, sponsorship contributions, and help run the event itself. Then, to top things off, there were remarkably generous words and appreciation for the event as a whole when it drew to a close.

This is the core of what makes community so special, and so important. While at times it can seem the world has been overrun with cynicism, narcissism, negativity, and selfishness, we are instead surrounded by an abundance of kindness. What helps this kindness bubble to the surface are great relationships, trust, respect, and clear ways in which people can play a participatory role and support each other. Whether it is something small like helping Erica and I to take care of our little man or something more involved such as an open source project, it never ceases to inspire and amaze me how innately kind and collaborative we are.

This is another example of why I have devoted my life to understanding every nuance I can of how we can tap into and foster these fundamental human instincts. This is how we innovate, how we make the world a better place, and how we build opportunity for everyone, no matter what their background is.

When we harness these instincts, understand the subtleties of how we think and operate, and wrap them in effective collaborative workflows and environments, we create the ability to build and disrupt things more effectively than ever.

It is an exciting journey, and I am thankful every day to be joined on it by so many remarkable people. We are going build an exciting future together and have a rocking great time doing so.

Dan Ariely on Building More Human Technology, Data, Artificial Intelligence, and More

Behavioral economics is an exciting skeleton on which to build human systems such as technology and communities.

One of the leading minds in behavioral economics is Dan Ariely, New York Times best-selling author of Predictably Irrational, The Upside Of Irrationality, and frequent TED speaker.

I recently interviewed Dan for my Forbes column to explore how behavioral economics is playing a role in technology, data, artificial intelligence, and preventing online abuse. Predictably, his insight was irrationally interesting. OK, that was a stretch.

Read the piece here

Mycroft and Building a Future of Open Artificial Intelligence

Last year a new project hit Kickstarter called Mycroft that promises to build an artificial intelligence assistant. The campaign set out to raise $99,000 and raised just shy of $128,000.

Now, artificial intelligence assistants are nothing particularly new. There are talking phones and tablets such as Apple’s Siri and Google Now, and of course the talking trash can, the Amazon Echo. Mycroft is different though and I have been pretty supportive of the project, so much so that I serve as an advisor to the team. Let me tell you why.

Here is a recent build in action, demoed by Ryan Sipes, Mycroft CTO and all round nice chap:

Mycroft is interesting both for the product it is designed to be and the way the team are building it.

For the former, artificial intelligence assistants are going to be a prevalent part of our future. Where these devices will be judged though is in the sheer scope of the functions, information, and data they can interact with. They won’t be judged by what they can do, but instead what they can’t do.

This is where the latter piece, how Mycroft is being built, really interests me.

Firstly, Mycroft is open source in not just the software, but also the hardware and service it connects to. You can buy a Mycroft, open it up, and peek into every facet of what it is, how it works, and how information is shared and communicated. Now, for most consumers this might not be very interesting, but from a product development perspective it offers some distinctive benefits:

  • A community can be formed that can play a role in the future development and success of the product. This means that developers, data scientists, advocates, and more can play a part in Mycroft.
  • Capabilities can be crowdsourced to radically expand what Mycroft can do. In much the same way OpenStreetmap has been able to map the world, developers can scratch their own itch and create capabilities to extend Mycroft.
  • The technology can be integrated far beyond the white box sitting on your kitchen counter and into Operating Systems, devices, connected home units, and beyond.
  • The hardware can be iterated by people building support for Mycroft on additional boards. This could potentially lower costs for future units with the integration work reduced.
  • Improved security for users with a wider developer community wrapped around the project.
  • A partner ecosystem can be developed where companies can use and invest in the core Mycroft open source projects to reduce their costs and expand the technology.

There is though a far wider set of implications with Mycroft too. Much has been been written about the concerns from people such as Elon Musk and Stephen Hawking about the risks of artificial intelligence, primarily if it is owned by a single company, or a small set of companies.

While I don’t think skynet is taking over anytime soon, these concerns are valid and this raises the importance that artificial intelligence is something that is open, not proprietary. I think Mycroft can play a credible role in building a core set of services around AI that are part of an open commons that companies can invest in. Think of this as the OpenStack of AI, if you will.

Hacking on Mycroft

So, it would be remiss if I didn’t share a few details of how the curious among you can get involved. Mycroft currently has three core projects:

  • The Adapt Intent Parser converts natural language into machine readable data structures.
  • Mimic takes in text and reads it out loud to create a high quality voice.
  • OpenSTT is aimed at creating an open source speech-to-text model that can be used by individuals and company to allow for high accuracy, low-latency conversion of speech into text.

You can also find the various projects here on GitHub and find a thriving user and developer community here.

Mycroft are also participating in the IBM Watson AI XPRIZE where the goal is to create an artificial intelligence platform that interacts with people so naturally that when people speak to it they’ll be unable to tell of they’re talking to a machine or to a person. You can find out more about how Mycroft is participating here.

I know the team are very interested in attracting developers, docs writers, translators, advocates, and more to play a role across these different parts of the project. If this all sounds very exciting to you, be sure to get started by posting to the forum.

Upcoming Speaking at Interop and Abstractions

I just wanted to share a couple of upcoming speaking engagements going on:

  • Interop in Las Vegas – 5th May 2016 – I will be participating in the keynote panel at Interop this year. The panel is called How Open-Source Changes the IT Equation and I am looking forward to participating with Colin McNamara, Greg Ferro, and Sean Roberts.
  • Abstractions in Pittsburgh – 18-20 Aug 2016 – I will be delivering one of the headlining talks at Abstractions. This looks like an exciting new conference and my first time in Pittsburgh. Looking forward to getting out there!

Some more speaking gigs are in the works. More details soon.

Community Leadership Summit 2016

On 14th – 15th May 2016 in Austin, Texas the Community Leadership Summit 2016 will be taking place. For the 8th year now, community leaders and managers from a range of different industries, professions, and backgrounds will meet together to share ideas and best practice. See our incredible registered attendee list that is shaping up for this year’s event.

This year we also have many incredible keynotes that will cover topics such as building developer communities, tackling imposter syndrome, gamification, governance, and more. Of course CLS will incorporate the popular unconference format where the audience determine the sessions in the schedule.

We are also delighted to host the FLOSS Community Metrics event as part of CLS this year too!

The event is entirely free and everyone is welcome! CLS takes place the weekend before OSCON in the same venue in Austin. Be sure to go and register to join us and we hope to see you in Austin in May!

Many thanks to O’Reilly, Autodesk, and the Linux Foundation for their sponsorship of the event!

Suggestions for Donating a Speaker fee

In August I am speaking at Abstractions and the conference organizers very kindly offered to provide a speaker fee.

Thing is, I have a job and so I don’t need the fee as much as some other folks in the world. As such, I would like to donate the speaker fee to an open source / free software / social good organization and would love suggestions in the comments.

I probably won’t donate to the Free Software Foundations, EFF, or Software Freedom Conservancy as I have already financially contributed to them this year.

Let me know your suggestions in the comments!

Stay Updated

Get the freshest posts direct to your email address. No spam, no nonsense.

Pin It on Pinterest