As our engine room family continues to grow, we are also changing and strengthening our organizational digital security practices and policies. After considering our threats and risks, we discovered our digital Achilles heel: the backend of our website was only as secure as our users’ weakest account password. So we knew we needed to force strong and regularly updated passwords, and we had to be smart about who had access to what information. Beyond improving security, simplifying roles and permissions, by removing access to unhelpful dashboards and irrelevant buttons, could streamline the user’s work experience, while hiding some of the organizations core features from any potential attack.Continue reading
We define organizational security as a sustained, appropriate level of security in team communication and information management practices.
Even with a working definition, organizational security is a pretty complicated thing. When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done. In the process, they start to develop systems. Systems are the result of a thousand little decisions. And when security isn’t a consideration in making these little decisions organizations can face big risk.Continue reading
Care about ethics, privacy and security? Seen too many projects use tech without realizing what might go wrong? Want to help activists and human rights organizations be smart about using technology and avoid doing harm? Want to wrestle with difficult concepts like “informed consent” and figure out what they mean in real life?
If you can get excited about hard questions like these, and you’d like to be part of a lean, dedicated and distributed organization working at the intersection of technology and advocacy, then this might be a job for you.
Take a look at the Job Description, and reach out if you have questions. Otherwise, send a CV and a cover letter telling us why you’re a good fit. Applications should be sent to email@example.com [Anneke’s PGP key] before midnight UTC on January 21.