Digital security is all about tradeoffs: nonprofits have limited resources, and need to carefully assess risks and decide which threat scenarios are most critical. In this article we outline strategies for assessing risk, choosing security objectives, and provide sample policies to use as starting points.

Image for post
Image for post

Assessing Risk

To decide how best to use limited resources to protect your organization, first you need to think through possible worst case scenarios, and decide which are most important. Security professionals call this “threat modeling.” According to the EFF, “Security isn’t just about the tools you use or the software you download. It begins with understanding…

2020 was an incredibly hard year, and many of the challenges we faced in 2020 are still with us in 2021. In times of crisis, trauma and uncertainty, it is easy to feel out of control. But there is one risk area you can get more control over right now, today: your personal digital security.

The pandemic is changing our way of life. Work, school and social connection have moved mostly online. The United States facing a recession and possible economic depression. This economic pressure has pushed many people and systems to the breaking point. As a result, scams, hacks…

Facebook has a handy Ad Library search tool that anyone can use to search and filter ads about social issues, elections or politics. Most organizations that spend lots of money on Facebook ads have teams that do significant Facebook ad testing. If you’re going to spend lots of money on ads, you might as well make sure your messages and images play well with the demographics of users you intend to reach. You can figure this out by testing many ad variants with small budgets side by side, measuring impressions, and investing bigger budget in winning ads. …

As we collectively try to survive a global pandemic, many businesses, nonprofits, and schools are moving work online. As the most remarkable and terrible event of our lifetimes unfolds, the focus of our collective attention has shifted almost exclusively to COVID-19. And unfortunately so has the focus of much of online harassment, phishing, and scams. The trolls are out in force, and they want your attention, money, dignity, and data. We must all act now to protect ourselves.

Image for post
Image for post


Many organizations have adopted the video conferencing system Zoom for video meetings, lessons, and social gatherings. Zoom video conferences are held in…

The security community and the progressive organizing world has seen a significant increase in social media impersonation attacks over the last few weeks.

Image for post
Image for post

The goal of these attacks appears to be to extract the phone numbers of people who have posting or admin access to organizational social media accounts. With these phone numbers, attackers can attempt a SIM swap / SIM-jacking attack, and then use stolen phone numbers to break into social media accounts protected by the SMS 2FA method.

Here’s a recent example, starring an impersonation of my Instagram account. My Instagram account is “annlewis”, and the impersonator account…

Image for post
Image for post
We’re hiring! Work from wherever you want. Use your tech skills to make the world a better place.

Hello world, I’m the CTO of MoveOn, and I’m hiring a senior software engineer. This article is about MoveOn’s hiring process for this role. To candidates reading this: my goal is to make our process as clear as possible. To hiring managers reading this: my goal is to open source our hiring processes. We want to make hiring as equitable, inclusive, competitive, and successful as possible. Feel free to reuse anything here that is useful to you.

I’ve interviewed ~500 candidates and reviewed ~5000 applications over the last 15 years at a variety of companies, including startups, and Rosetta…

Image for post
Image for post
Trump Is Not Above The Law Protest, New York City

Resistance and Innovation: 2018 Year In Review

2018 was a year of sustained progressive resistance against Trump’s toxic agenda, culminating in a midterm election with record turnout that ended GOP control of the House. This resistance was fueled by the energy and attention of millions of Americans who personally felt the threat of the Trump administration. Technology channeled this energy into action and impact.

At MoveOn, 2018 was the year of peer to peer textbanking — we sent 50MM texts in 2018 with our open source system Spoke. 2018 was the year we used social media at scale to lift up the voices of regular people talking…

When I first started my job as CTO at MoveOn 3 years ago, I was immediately overwhelmed: within hours of logging on for my first day I had 100 unread emails, a new all-remote organizational culture to figure out and navigate, I was plunged into the midst of a high stakes platform and data migration I didn’t yet have any context or history about, I inherited an undocumented budget and legacy codebases, and I was tasked with hiring a team, building a data warehouse and figuring out “what exactly we should do with the website.”

More or less flying by…

The media loves to tell war stories about sexism, racism, and other forms of prejudice in the tech world. While shedding light on systemic problems is good journalism, for people interested in tech careers, reading story after story about the culture problems in tech can feel at best like the familiar sting of stereotype threat, and at worst like a menacing professional liability. But the good news is that tech industry culture is not inherently bad- some of it is great, and it is both possible and straightforward to create a software engineering culture where everyone can thrive.

Bad software…

Some software engineers have computer science degrees, others went to coding bootcamps, and others are self-taught. In my professional experience, software engineers with computer science degrees are in the minority, and the majority of professional software engineers are self-taught. Partly this is because computer science is a relatively young field of study compared to other STEM majors, and partly this is because of the boom in software engineering jobs over the last decade. There are more software engineering jobs than qualified candidates, and many engineers get their start in software engineering by getting hired on potential and then learning on…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store