50 stories
·
1 follower

5 Strategies Healthcare Providers Are Using To Secure Networks

1 Share

5 Strategies Healthcare Providers Are Using To Secure Networks

  • Healthcare records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record.
  • The growing, profitable market for Protected Health Information (PHI) is attracting sophisticated cybercriminal syndicates, several of which are state-sponsored.
  •  Medical fraud is slower to detect and notify, unlike financial fraud (ex. stolen credit cards), contributing to its popularity with cybercriminals globally.
  • Cybercriminals prefer PHI data because it’s easy to sell and contains information that is harder to cancel or secure once stolen. Examples include insurance policy numbers, medical diagnoses, Social Security Numbers (SSNs), credit card, checking and savings account numbers.

These and many other insights into why healthcare provider networks are facing a cybersecurity crisis are from the recently declassified U.S. Department of Health & Human Services HC3 Intelligence Briefing Update Dark Web PHI (Protected Health Information) Marketplace presented April 11th of this year. You can download a copy of the slides here (PDF, 13 pp, no opt-in). The briefing provides a glimpse into how the dark web values the “freshness’ of healthcare data and the ease of obtaining elderly patient records, skewing stolen identities to children, and elderly patients. Protenus found that the single largest healthcare breach this year involves 20 million patent records stolen from a medical collections agency. The breach was discovered after the records were found for sale on the dark web. Please see their 2019 Mid-Year Breach Barometer Report (opt-in required) for an analysis of 240 of the reported 285 breach incidents affecting 31,611,235 patient records in the first six months of this year. Cybercriminals capitalize on medical records to drive one or more of the following strategies as defined by the HC3 Intelligence Briefing:

5 Strategies Healthcare Providers Are Using To Secure Networks

SOURCE: HEALTH & HUMAN SERVICES HC3 INTELLIGENCE BRIEFING UPDATE DARK WEB PHI (PROTECTED HEALTH INFORMATION) MARKETPLACE

Stopping A Breach Can Avert A HIPAA Meltdown

To stay in business, healthcare providers need to stay in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA provides data privacy and security provisions for safeguarding medical information. Staying in compliance with HIPAA can be a challenge given how mobile healthcare provider workforces are, and the variety of mobile devices they use to complete tasks today. 33% of healthcare employees are working outside of the office at least once a week. And with government incentives for decentralized care expected to expand mobile workforces industry-wide, this figure is expected to increase significantly. Health & Human Services provides a Breach Portal that lists all cases under investigation today. The Portal reflects the severity of healthcare providers’ cybersecurity crisis. Over 39 million medical records have been compromised this year alone, according to HHS’ records from over 340 different healthcare providers. Factoring in the costs of HIPAA fines that can range from $25,000 to $15.M per year, it’s clear that healthcare providers need to have endpoint security on their roadmaps now to avert the high costs of HIPAA non-compliance fines.

Securing endpoints across their healthcare provider networks is one of the most challenging ongoing initiatives any Chief Information Security Officer (CISO) for a healthcare provider has today. 39% of healthcare security incidents are caused by stolen or misplaced endpoints. CISOs are balancing the need their workforces have for greater device agility with the need for stronger endpoint security. CISOs are solving this paradox by taking an adaptive approach to endpoint security that capitalizes on strong asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what are consuming network bandwidth is an IT management problem, but it’s a security outcome “, said Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software.

5 Strategies for Healthcare Providers Are Using To Secure Networks

Thwarting breaches to protect patients’ valuable personal health information starts with an adaptive, strong endpoint strategy. The following are five proven strategies for protecting endpoints, assuring HIPAA compliance in the process:

  1. Implementing an adaptive IT asset management program delivers endpoint security at scale. Healthcare providers prioritizing IT asset management control and visibility can better protect every endpoint on their network. Advanced features including real-time asset management to locate and secure devices, geolocation fencing so devices can only be used in a specific area and device freeze options are very effective for securing endpoints. Healthcare providers are relying more and more on remote data delete as well. The purpose of this feature is to wipe lost or stolen devices within seconds.
  2.  Improve security and IT operations with faster discovery and remediation across all endpoints. Implement strategies that enable greater remediation and resilience of every endpoint. Healthcare providers are having success with this strategy, relying on IT asset management to scale remediation and resilience to every endpoint device. Absolute’s Persistence technology is a leader in this area by providing scalable, secure endpoint resiliency. Absolute also has a proven track record of providing self-healing endpoints extending their patented firmware-embedded Persistence technology that can self-heal applications on compatible endpoint devices.
  3. Design in HIPAA & HITECH compliance and reporting to each endpoint from the first pilot. Any endpoint security strategy needs to build in ongoing compliance checks and automated reports that are audit-ready. It also needs to be able to probe for violations across all endpoints. Advanced endpoint security platforms are capable of validating patient data integrity with self-healing endpoint security. All of these factors add up to reduce time to prepare audits with ongoing compliance checks across your endpoint population.
  4. A layered security strategy that includes real-time endpoint orchestration needs to anchor any healthcare network merger or acquisition, ensuring patient data continues to be protected. Private Equity (PE) firms continue acquiring providers to create healthcare networks that open up new markets. The best breach prevention, especially in merged or acquired healthcare networks, is a comprehensive layered defense strategy that spans endpoints and networks. If one of the layers fails, there are other layers in place to ensure your organization remains protected. Healthcare providers’ success with layered security models is predicated on how successful they are achieving endpoint resiliency. Absolute’s technology is embedded in the core of laptops and other devices at the factory. Once activated, it provides healthcare providers with a reliable two-way connection so they can manage mobility, investigate potential threats, and take action if a security incident occurs.
  5. Endpoint security needs to be tamper-proof at the operating system level on the device yet still provides IT and cybersecurity teams with device visibility and access to modify protections. Healthcare providers need an endpoint visibility and control platform that provides a persistent, self-healing connection between IT, security teams, and every device, whether it is active on the network or not. Every identity is a new security perimeter. Healthcare providers’ endpoint platforms need to be able to secure all devices across different platforms, automate endpoint hygiene, speed incident detection, remediation, and reduce IT asset loss by being able to self-diagnose and repair endpoint devices on real-time.


Read the whole story
Share this story
Delete

10 Predictions How AI Will Improve Cybersecurity In 2020

1 Share
10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.  Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.
10 Predictions How AI Will Improve Cybersecurity In 2020

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.



Read the whole story
Share this story
Delete

Vrijheid is… zelf beslissingen nemen. Ook met dementie

1 Share
DOOR TIM OPGENHAFFEN. De wil van personen met dementie wordt vaak niet gerespecteerd. Vaak beslissen we in hun plaats omdat dit beter voor hen is. Of eerder, omdat wij dit beter voor hen vinden. Dit staat onder druk van het Gehandicaptenverdrag van de Verenigde Naties. Het is soms nodig om iets te doen wat een … Lees verder





Read the whole story
Share this story
Delete

Dockless Roombas

1 Comment and 8 Shares
The company started out exploiting a loophole in the law banning scooters. The city was mad at first, but then they noticed how much they were saving on street cleaning.
Read the whole story
Share this story
Delete
1 public comment
alt_text_bot
106 days ago
reply
The company started out exploiting a loophole in the law banning scooters. The city was mad at first, but then they noticed how much they were saving on street cleaning.
90 days ago
https://keramatzade.com/Earn-wealth-with-amazing-business-ideals https://keramatzade.com/Law-of-Attraction-of-Wealth https://keramatzade.com/Ways-to-make-money https://modirebimeh.ir/online-calculation-of-iranian-life-insurance/ https://modirebimeh.ir/engineers-professional-liability-insurance/ https://modirebimeh.ir/third-party-insurance-calculation/ https://modirebimeh.ir/iran-liability-insurance-have-you-not-yet-insured-your-business-with-iran-liability-insurance/ https://modirebimeh.ir/iran-life-insurance-ganji-for-the-future-of-children-and-families/ https://modirebimeh.ir/iran-car-body-insurance-the-best-and-most-prestigious-in-the-iranian-insurance-industry/ https://modirebimeh.ir/the-most-reliable-and-unrivaled-third-party-car-insurance-in-iran/ https://keramatzade.com/14-ways-to-increase-revenue https://keramatzade.com/8-ways-to-increase-revenue https://keramatzade.com/25-jobs-with-which-you-can-earn-up-to-a-million-dollars https://keramatzade.com/success-secret-1 https://keramatzade.com/Make-Money-Online-Effective-step-by-step-money-making-techniques https://keramatzade.com/Make-money-at-home https://keramatzade.com/Ways-to-make-money-without-capital https://keramatzade.com/Creative-Money-Making-Ideas https://keramatzade.com/The-law-of-attracting-money https://keramatzade.com/Ways-to-Make-Money-at-Home https://keramatzade.com/Immediate-absorption-of-wealth-in-10-minutes-and-attractive-ways-to-get-rich https://keramatzade.com/The-secret-of-attracting-money-in-Iran-to-achieve-creative-money-maker-ideas https://keramatzade.com/Ways-to-get-rich-in-Iran-with-the-most-wonderful-business-ideas https://keramatzade.com/Astonishing-economic-intelligence-test-to-increase-financial-intelligence

Get your work recognized: write a brag document

1 Comment and 4 Shares

There’s this idea that, if you do great work at your job, people will (or should!) automatically recognize that work and reward you for it with promotions / increased pay. In practice, it’s often more complicated than that – some kinds of important work are more visible/memorable than others. It’s frustrating to have done something really important and later realize that you didn’t get rewarded for it just because the people making the decision didn’t understand or remember what you did. So I want to talk about a tactic that I and lots of people I work with have used!

This blog post isn’t just about being promoted or getting raises though. The ideas here have actually been more useful to me to help me reflect on themes in my work, what’s important to me, what I’m learning, and what I’d like to be doing differently. But they’ve definitely helped with promotions!

You can also skip to the brag document template at the end.

you don’t remember everything you did

One thing I’m always struck by when it comes to performance review time is a feeling of “wait, what did I do in the last 6 months?“. This is a kind of demoralizing feeling and it’s usually not based in reality, more in “I forgot what cool stuff I actually did”.

I invariably end up having to spend a bunch of time looking through my pull requests, tickets, launch emails, design documents, and more. I always end up finding small (and sometimes not-so-small) things that I completely forgot I did, like:

  • mentored an intern 5 months ago
  • did a small-but-important security project
  • spent a few weeks helping get an important migration over the line
  • helped X put together this design doc
  • etcetera!

your manager doesn’t remember everything you did

And if you don’t remember everything important you did, your manager (no matter how great they are!) probably doesn’t either. And they need to explain to other people why you should be promoted or given an evaluation like “exceeds expectations” (“X’s work is so awesome!!!!” doesn’t fly).

So if your manager is going to effectively advocate for you, they need help.

here’s the tactic: write a document listing your accomplishments

The tactic is pretty simple! Instead of trying to remember everything you did with your brain, maintain a “brag document” that lists everything so you can refer to it when you get to performance review season! This is a pretty common tactic – when I started doing this I mentioned it to more experienced people and they were like “oh yeah, I’ve been doing that for a long time, it really helps”.

Where I work we call this a “brag document” but I’ve heard other names for the same concept like “hype document” or “list of stuff I did” :).

There’s a basic template for a brag document at the end of this post.

share your brag document with your manager

When I first wrote a brag document I was kind of nervous about sharing it with my manager. It felt weird to be like “hey, uh, look at all the awesome stuff I did this year, I wrote a long document listing everything”. But my manager was really thankful for it – I think his perspective was “this makes my job way easier, now I can look at the document when writing your perf review instead of trying to remember what happened”.

Giving them a document that explains your accomplishments will really help your manager advocate for you in discussions about your performance and come to any meetings they need to have prepared.

Brag documents also really help with manager transitions – if you get a new manager 3 months before an important performance review that you want to do well on, giving them a brag document outlining your most important work & its impact will help them understand what you’ve been doing even though they may not have been aware of any of your work before.

share it with your peer reviewers

Similarly, if your company does peer feedback as part of the promotion/perf process – share your brag document with your peer reviewers!! Every time someone shares their doc with me I find it SO HELPFUL with writing their review for much the same reasons it’s helpful to share it with your manager – it reminds me of all the amazing things they did, and when they list their goals in their brag document it also helps me see what areas they might be most interested in feedback on.

On some teams at work it’s a team norm to share a brag document with peer reviewers to make it easier for them.

explain the big picture

In addition to just listing accomplishments, in your brag document you can write the narrative explaining the big picture of your work. Have you been really focused on security? On building your product skills & having really good relationships with your users? On building a strong culture of code review on the team?

In my brag document, I like to do this by making a section for areas that I’ve been focused on (like “security”) and listing all the work I’ve done in that area there. This is especially good if you’re working on something fuzzy like “building a stronger culture of code review” where all the individual actions you do towards that might be relatively small and there isn’t a big shiny ship.

use your brag document to notice patterns

In the past I’ve found the brag document useful not just to hype my accomplishments, but also to reflect on the work I’ve done. Some questions it’s helped me with:

  • What work do I feel most proud of?
  • Are there themes in these projects I should be thinking about? What’s the big picture of what I’m working on? (am I working a lot on security? localization?).
  • What do I wish I was doing more / less of?
  • Which of my projects had the effect I wanted, and which didn’t? Why might that have been?
  • What could have gone better with project X? What might I want to do differently next time?

you can write it all at once or update it every 2 weeks

Many people have told me that it works best for them if they take a few minutes to update their brag document every 2 weeks ago. For me it actually works better to do a single marathon session every 6 months or every year where I look through everything I did and reflect on it all at once. Try out different approaches and see what works for you!

don’t forget to include the fuzzy work

A lot of us work on fuzzy projects that can feel hard to quantify, like:

  • improving code quality on the team / making code reviews a little more in depth
  • making on call easier
  • building a more fair interview process / performance review system
  • refactoring / driving down technical debt

A lot of people will leave this kind of work out because they don’t know how to explain why it’s important. But I think this kind of work is especially important to put into your brag document because it’s the most likely to fall under the radar! One way to approach this is to, for each goal:

  1. explain your goal for the work (why do you think it’s important to refactor X piece of code?)
  2. list some things you’ve done towards that goal
  3. list any effects you’ve seen of the work, even if they’re a little indirect

If you tell your coworkers this kind of work is important to you and tell them what you’ve been doing, maybe they can also give you ideas about how to do it more effectively or make the effects of that work more obvious!

encourage each other to celebrate accomplishments

One nice side effect of having a shared idea that it’s normal/good to maintain a brag document at work is that I sometimes see people encouraging each other to record & celebrate their accomplishments (“hey, you should put that in your brag doc, that was really good!”). It can be hard to see the value of your work sometimes, especially when you’re working on something hard, and an outside perspective from a friend or colleague can really help you see why what you’re doing is important.

Brag documents are good when you use them on your own to advocate for yourself, but I think they’re better as a collaborative effort to recognize where people are excelling.

Next, I want to talk about a couple of structures that we’ve used to help people recognize their accomplishments.

the brag workshop: help people list their accomplishments

The way this “brag document” practice started in the first place is that my coworker Karla and I wanted to help other women in engineering advocate for themselves more in the performance review process. The idea is that some people undersell their accomplishments more than they should, so we wanted to encourage those people to “brag” a little bit and write down what they did that was important.

We did this by running a “brag workshop” just before performance review season. The format of the workshop is like this:

Part 1: write the document: 1-2 hours. Everybody sits down with their laptop, starts looking through their pull requests, tickets they resolved, design docs, etc, and puts together a list of important things they did in the last 6 months.

Part 2: pair up and make the impact of your work clearer: 1 hour. The goal of this part is to pair up, review each other’s documents, and identify places where people haven’t bragged “enough” – maybe they worked on an extremely critical project to the company but didn’t highlight how important it was, maybe they improved test performance but didn’t say that they made the tests 3 times faster and that it improved everyone’s developer experience. It’s easy to accidentally write “I shipped $feature” and miss the follow up (“… which caused $thing to happen”). Another person reading through your document can help you catch the places where you need to clarify the impact.

biweekly brag document writing session

Another approach to helping people remember their accomplishments: my friend Dave gets some friends together every couple of weeks or so for everyone to update their brag documents. It’s a nice way for people to talk about work that they’re happy about & celebrate it a little bit, and updating your brag document as you go can be easier than trying to remember everything you did all at once at the end of the year.

These don’t have to be people in the same company or even in the same city – that group meets over video chat and has people from many different companies doing this together from Portland, Toronto, New York, and Montreal.

In general, especially if you’re someone who really cares about your work, I think it’s really positive to share your goals & accomplishments (and the things that haven’t gone so well too!) with your friends and coworkers. It makes it feel less like you’re working alone and more like everyone is supporting each other in helping them accomplish what they want.

thanks

Thanks to Karla Burnett who I worked with on spreading this idea at work, to Dave Vasilevsky for running brag doc writing sessions, to Will Larson who encouraged me to start one of these in the first place, to my manager Jay Shirley for always being encouraging & showing me that this is a useful way to work with a manager, and to Allie, Dan, Laura, Julian, Kamal, Stanley, and Vaibhav for reading a draft of this.

I’d also recommend the blog post Hype Yourself! You’re Worth It! by Aashni Shah which talks about a similar approach.

Appendix: brag document template

Here’s a template for a brag document! Usually I make one brag document per year. (“Julia’s 2017 brag document”). I think it’s okay to make it quite long / comprehensive – 5-10 pages or more for a year of work doesn’t seem like too much to me, especially if you’re including some graphs/charts / screenshots to show the effects of what you did.

One thing I want to emphasize, for people who don’t like to brag, is – you don’t have to try to make your work sound better than it is. Just make it sound exactly as good as it is! For example “was the primary contributor to X new feature that’s now used by 60% of our customers and has gotten Y positive feedback”.

Goals for this year:

  • List your major goals here! Sharing your goals with your manager & coworkers is really nice because it helps them see how they can support you in accomplishing those goals!

Goals for next year

  • If it’s getting towards the end of the year, maybe start writing down what you think your goals for next year might be.

Projects

For each one, go through:

  • What your contributions were (did you come up with the design? Which components did you build? Was there some useful insight like “wait, we can cut scope and do what we want by doing way less work” that you came up with?)
  • The impact of the project – who was it for? Are there numbers you can attach to it? (saved X dollars? shipped new feature that has helped sell Y big deals? Improved performance by X%? Used by X internal users every day?). Did it support some important non-numeric company goal (required to pass an audit? helped retain an important user?)

Remember: don’t forget to explain what the results of you work actually were! It’s often important to go back a few months later and fill in what actually happened after you launched the project.

Collaboration & mentorship

Examples of things in this category:

  • Helping others in an area you’re an expert in (like “other engineers regularly ask me for one-off help solving weird bugs in their CSS” or “quoting from the C standard at just the right moment”)
  • Mentoring interns / helping new team members get started
  • Writing really clear emails/meeting notes
  • Foundational code that other people built on top of
  • Improving monitoring / dashboards / on call
  • Any code review that you spent a particularly long time on / that you think was especially important
  • Important questions you answered (“helped Risha from OTHER_TEAM with a lot of questions related to Y”)
  • Mentoring someone on a project (“gave Ben advice from time to time on leading his first big project”)
  • Giving an internal talk or workshop

Design & documentation

List design docs & documentation that you worked on

  • Design docs: I usually just say “wrote design for X” or “reviewed design for X”
  • Documentation: maybe briefly explain the goal behind this documentation (for example “we were getting a lot of questions about X, so I documented it and now we can answer the questions more quickly”)

Company building

This is a category we have at work – it basically means “things you did to help the company overall, not just your project / team”. Some things that go in here:

  • Going above & beyond with interviewing or recruiting (doing campus recruiting, etc)
  • Improving important processes, like the interview process or writing better onboarding materials

What you learned

My friend Julian suggested this section and I think it’s a great idea – try listing important things you learned or skills you’ve acquired recently! Some examples of skills you might be learning or improving:

  • how to do performance analysis & make code run faster
  • internals of an important piece of software (like the JVM or Postgres or Linux)
  • how to use a library (like React)
  • how to use an important tool (like the command line or Firefox dev tools)
  • about a specific area of programming (like localization or timezones)
  • an area like product management / UX design
  • how to write a clear design doc
  • a new programming language

It’s really easy to lose track of what skills you’re learning, and usually when I reflect on this I realize I learned a lot more than I thought and also notice things that I’m not learning that I wish I was.

Outside of work

It’s also often useful to track accomplishments outside of work, like:

  • blog posts
  • talks/panels
  • open source work
  • Industry recognition

I think this can be a nice way to highlight how you’re thinking about your career outside of strictly what you’re doing at work.

This can also include other non-career-related things you’re proud of, if that feels good to you! Some people like to keep a combined personal + work brag document.

General prompts

If you’re feeling stuck for things to mention, try:

  • If you were trying to convince a friend to come join your company/team, what would you tell them about your work?
  • Did anybody tell you you did something well recently?
Read the whole story
Share this story
Delete
1 public comment
jepler
162 days ago
reply
(also document your Foss contributions this way)
Earth, Sol system, Western spiral arm

Dooddoener: mensen houden niet van verandering

1 Share

Tegen verandering ? Dan ben je conservatief ! Verandering ligt bij vele mensen moeilijk en dat is maar goed ook. Veranderen om te veranderen heeft weinig zin. Je weet wat je hebt, maar niet wat er komen zal. Iets anders of op een nieuwe manier betekent niet per definitie dat het beter zal zijn, dus … Lees verder Dooddoener: mensen houden niet van verandering

Het bericht Dooddoener: mensen houden niet van verandering verscheen eerst op De Wereld van Kaat.

Read the whole story
Share this story
Delete
Next Page of Stories