Publications
Edge Authentication and Token-Agnostic Identity Propagation, Netflix Tech Blog, February 2021
As most developers can attest, dealing with security protocols and identity tokens, as well as user and device authentication, can be challenging. Imagine having multiple protocols, multiple tokens, 200M+ users, and thousands of device types, and the problem can explode in scope. A few years ago, we decided to address this complexity by spinning up a new initiative, and eventually a new team, to move the complex handling of user and device authentication, and various security protocols and tokens, to the edge of the network, managed by a set of centralized services, and a single team. In the process, we changed end-to-end identity propagation within the network of services to use a cryptographically-verifiable token-agnostic identity object.
Feedback in Times of Crisis, September 2020
Feedback is core to a company culture and is a great way to help each other become stronger stunning colleagues. Due to the global pandemic, fires, civil unrest and all of the associated demands and stressors, regular feedback processes are being disrupted. The COVID-19 pandemic has also brought about unprecedented stress for many, and some people are in heightened states of threat. Research shows that the heart rates of people who are receiving unprompted feedback jumps around enough to indicate moderate or extreme anxiety. How do you give feedback in these challenging times, when we are all operating at least at a level 1 threat level, with times at level 2 or 3, when we know that feedback increases the threat?
Creating Margin, August 2020
Margin provides time to create, relax, or recharge. It’s intentionally setting aside time to read, think, dream, relax with your family and friends, or exercise: a deliberate time to create more balance and deeper engagement in your life. It is the gap between rest and exhaustion.
What Makes a Great Engineering Manager?, November 2018
This article articulates what the Edge Engineering leadership team at Netflix expects of our Engineering Managers for them to be successful leaders of our teams. By applying this model, we seek to become better leaders, to position our teams to be as effective as possible for the long-term, and to position our engineers to learn, grow, and increase their impact.
Scaling Event Sourcing for Netflix Downloads, Episode 2, Netflix Tech Blog, September 2017
Following on to Episode 1, we provide an overview of the general event sourcing pattern and how we applied it to some of these key use cases.
Scaling Event Sourcing for Netflix Downloads, Episode 1, Netflix Tech Blog, September 2017
This series of posts will outline why and how we built a new licensing system to support the Netflix downloads experience. In this first post of the series, we provide an overview of the Netflix downloads project and the changes it meant for the content licensing team at Netflix. Further posts will dive deeper into the solutions we created to meet these requirements.
Improving Team Productivity by Reducing Context Switching, October 2016
A challenge that many engineering teams face is project and task fragmentation. Engineers often work on multiple projects in parallel and can be severely interrupt-driven by operational issues and partner support requests. It can seem like every partner request is urgent and team members often drop everything to work on the most recent urgent request. Context switching hurts efficiency, impacting longer-term project deliverables and resulting in missed commitments. Team morale also suffers. How can we, as an engineering leaders, smooth this speed bump and help our teams improve velocity and meet project commitments?
Are You The Best Partner You Could Be?, October 2016
The success of any team depends on many factors, one of which is the health and success of internal partnerships. Our engineering teams are not able to sustain excellence in building and operating critical systems and services, and adding great business value, without our internal partners. These partnerships need to be built and nurtured continuously, using mutual respect and trust as a base.
How Do You Practice Appreciation?, September 2016
Netflix is well-known for its Freedom and Responsibility culture, and one of the key values of our culture is honesty, always. We believe that candor and sharing constructive feedback freely helps improve our already stunning colleagues, as well as company performance, even at the risk of creating conflict. True candor requires great trust, but it also builds trust when we are selfless in giving feedback, even when it may be difficult to do. Sharing candid feedback is a big part of how we communicate and work together on a daily basis. We are consistent about providing constructive feedback in real-time, but sometimes forget to acknowledge the more positive aspects of our working relationships. This came up in a team discussion recently and we agreed to “practice appreciation” more regularly and strive not to take anyone for granted.
Rules May Not Always “Apply”, February 2016
An oft-quoted HBR article reports that women often don’t apply for jobs unless they think they are 100% qualified: “men apply for a job when they meet only 60% of the qualifications, but women apply only if they meet 100% of them”. Based on this belief, women have often been advised to have more confidence in themselves. However, the author of this article surveyed over one thousand professionals and the top-cited reason by far (for both men and women) was that they did not want to waste time and energy applying for a position for which they did not consider themselves 100% qualified. The reality is, “required” qualifications may not always be 100% required. As a hiring manager, of course I would love to find the absolutely perfect candidate, who checks all the boxes. In reality, most candidates whom we hire, and go on to be wildly successful, match most of the key elements in the job description and miss on a few others.
Elementary Intrusion Detection, Part 2, USENIX ;login: Magazine, June 1996
Elementary Intrusion Detection, Part 1, USENIX ;login: Magazine, April 1996
Security Administration in an Open Network Environment, USENIX Large Systems Administration Conference, 1995
As networking technologies evolve and business needs change, traditionally isolated and secure communication networks are giving way to more open computing environments. Security, network and systems administrators must therefore concern themselves not only with firewall and boundary security, but also with individual system security. Security administration in a large open network is a challenging assignment and requires a combination of auditing, assessment and compliance mechanisms. For very large networks, automation is another variable which is critical to consider in this equation. There are several tools available to assess the security of networks and systems; however, there are few freely available solutions for addressing the problems that these analysis tools detect. This paper describes the changing network security paradigm and discusses what tools are available for identifying security vulnerabilities in an open network environment. It goes on to state the problem that we faced at Sun and describes the suite of tools that we have designed and implemented as a solution, focusing on the automation of system security assessment and compliance. Finally, SunSWAT, the Sun Security Weakness Attack Tool, is introduced and its evolution from a single shell script designed to respond to the results of a network security audit, into a system for improving system security, implementing enterprise security standards and auditing to those standards, is discussed.
Patents
Honors & Awards
39 Most Powerful Female Engineers of 2018 by Business Insider, June 2019
Technology & Innovation Fellow, Lesbians Who Tech, May 2017 – Sep 2017
The LGBTQ Tech and Innovation Summit (formerly White House LGBTQ Tech and Innovation Briefing) is a five-month fellowship sponsored by Lesbians Who Tech. Fellows volunteer their time to work on projects that benefit the LGBTQ community (and others!).