The OccamSec Employee Handbook

This is our employee handbook, it receives updates as required which will be reflected here within 30 days of a change being made.

Preface

We want to change the world. That’s it, we’ve said it.

We work in data security, not curing cancer. However, the world relies on data ever more, even the people who want to cure cancer need data. More and more of the world relies on data for their well being, so if it’s not secure there are problems. We believe that securing data (and therefore the world) is not a zero sum game, and it’s not just about the latest exploit or secret you know. It’s about building solutions that recognize we are all in this together, and that to fix this we are going to need to do something different. This is our cause, and we believe this makes us a little different than most.

There’s always more money to be had, but to enjoy work there needs to be a goal that’s bigger than oneself. So here is our larger-than-self goal: We are building something that when it works could actually change life for the better for millions.
This is hard work, there is no escaping it, but this opportunity is rare so let’s make the most of it.

Rules For Work

Rules are good for many places, we have one – you are an adult, we will treat you like one so please act like one. The most important thing is to treat others how you want to be treated. Yes, we stole that from a Hallmark card, but it’s nonetheless true (unless you are a sadist and wish to be treated badly, in which case be aware that a company full of people treating each other badly is not going to get very far – again, adults, common sense etc…)

Sometimes in their absence, rules, policies, myths, and fairytales will appear. Here are some specific points with reference to OccamSec that should thwart the emergence of any imaginary rules:

1) We are an Equal Opportunity Employer. We do not discriminate against any job applicant or employee because of the person’s race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability or genetic information. This is the 21st century, if you have an issue with anyone based on any of those criteria the past is waiting for you, please return to it and leave our company. If you are concerned with any aspect of this please talk with someone in senior management and they can give you extra clarity.

2) It does not matter what time you get to work, what time you leave, and for the most part, where you work, unless you are working on something with other people. That means that if you have been invited to a meeting then you need to attend in some capacity, if you are working on a project at a client site you are expected to show up at that site, or if you are working with someone on a project in the office you should be there, that sort of thing. Other than that, you can work from anywhere you feel most productive.

3) Two-way communication is important. In fact, there is a whole section on it below, but to summarize: you should (and should feel like) you can communicate with or meet with anyone within the organization about any issue, and they should with you. If you feel like there is some issue preventing this with someone, you should speak to your manager/supervisor or someone senior. Even if it’s your first day, even if you do not know their name.

4) Try to be aware of and manage expectations, particularly with communications. Like a great power, it’s a great responsibly: if you have a personal appointment to attend to (e.g. doctor’s) one day, you don’t need to ask if you can, but you should make sure someone knows about it if it’s going to take more than a few hours. If it clashes with a meeting or if it’s going to push back a deliverable then you should definitely notify whoever is expecting you to do/be there.

4) There is no dress code, with the exception of when we go on site. When visiting a client, their dress code is your dress code.

5) A work week is 40 hours long, roughly. That number will change as work dictates. Working with others is often required for projects (see “structure and teams” below) and doing it effectively is really important. Sometimes you may need to adjust some of the previous mentioned points to ensure this goes smoothly. For example, if someone needs your response to an email, in order to contact a client, in the middle of the work day, don’t unexpectedly take a three hour lunch. If you need to take some time out just let other members of your team know.

6) Your work must speak for itself. That’s the deal we make. Output is what matters. It needs to be good, it needs to be correct, and it needs to be on time. If for some reason you will not be on time then let someone know.

Communication - Methods and Style

Communication is important, really, really important. Good communication is surprisingly easy (as is bad communication unfortunately).

Let’s deal with the elephant in the room: historically “IT people” are not the biggest fans of in-person, face to face communication. This is probably a bit harsh and no doubt there are other large groups of people who like to avoid in-person communication. However the stereotype persists, so keep this in mind. Someone who would rather chat with you in response to a voicemail is not being rude.

Methods

1) In-person, face to face. You will accomplish in 10 minutes of face to face communication what takes you an hour in any other medium. Even if 10 minutes is all it takes for you to determine someone is an ass, it’s still quicker at getting to that conclusion than email.

2) Phone/video call. If you can’t meet in person then go with the phone or a video chat. It’s not as productive as in person, but will be sufficient if needed.

3) Internal chat. We have our own chat system, it’s good for a quick conversation. It’s terrible at conveying emotion or depth and is extremely easy to be read wrong. You have been warned…

4) Email. If the above are not going to work then use email. It’s fine if you want to distribute something long and/or technical/detailed/formal, but if you use email to avoid speaking to someone, expect the other person to realize that and for the conversation to be less informal/free-flowing. Also, email is fairly reliable as a way to send data – in 1995 it was OK to say “did you send me that? I didn’t see it”, but in 2017 it’s not.

The more you care about the issue the more you should try to make use of number one or two.

Style

We value open and honest communication. So, might “open and honest” sometimes be “painful and awkward”? Yes. But we believe that done right, communicating in this way is better for everyone – you, your co-workers, and our clients. That old adage (or was it a Hallmark card?) “treat others as you want to be treated” holds true.

Communication should occur quickly. What does quickly mean? Well if you have to ask yourself “How long should I wait to respond to this?” then the answer is just do it now. Likewise if the person asking for something seems like it might be urgent then hold off reading that news story and reply.

Additional note – Meetings

A note on meetings – no meeting should last more than 30 minutes unless it’s vital to the future of the human race. After 30 minutes attention drifts and usefulness drops. So keep them under 30 minutes. Also keep the attendance to a minimum, realistically anything over 3 people is going to have a rough time reaching a conclusion.

When you are in a meeting, be present in the meeting – don’t read email, don’t surf the web, avoid text messages – you were invited for a reason.

Structure and Teams

There are many ways to work together. As goals change, people change, and organizations change, the way you work with someone may change. Be aware of this, and don’t see it as a bad thing, being able to adapt is a good skill.

OccamSec has a flat structure. There are some people who are senior, and people know who these folks are. However, when work is being done the senior person on that project may be you. Anyone can lead a team.

We value flexible people who are self directed yet able to work as part of a team. Where structure exists it is to provide clarity about responsibilities so we can do our best work. Teams are created (and disbanded) as required. If you hear of a team and would like to be on it just ask. At a high level we are loosely organized into three teams:

1) People delivering projects for clients.

2) People building stuff.

3) People who make it possible for groups 1 & 2 to thrive.

Everyone is responsible for helping these teams succeed. When working in a team remember it’s not just you, make sure you communicate clearly and in a timely manner. Also keep in mind that someone else on your team may not be thinking exactly like you, and that’s OK.

Expenses

We know we stated above that we have one basic tenet at OccamSec – actually, there are two basic tenets: that one about acting like an adult and this one: Don’t take the piss.

That’s the entirety of our expense policy. What this means is that if you have to incur an expense that’s related to work then you will be reimbursed for it (usually within 30 days).

Some details:

1) Per diems are not a source of profit. We typically rely on the federal per diem rates when traveling outside our own hometown. These rates are the maximum you should expect to be reimbursed for when traveling. Being “the maximum” means you can spend up to that amount, if you spend less you don’t get to pocket the difference.

2) All our clients require detailed expenses. All business expenses must be submitted into our expense reporting system in a timely fashion in order to be considered for reimbursement.

3) Flights longer than 5 hours may be booked in business class with approval. Some clients approve of this while some do not (some of the biggest ones forbid it). Ask before you buy that ticket.

4) You probably don’t eat a $200 steak every night at home, so that’s probably not going to happen when you travel.

5) Alcohol is non-reimbursable. Always.

Time Off

When you start, you receive 4 weeks of paid time off. Being sick does not count towards this, since no one chooses to be sick.
We also shut for standard holidays in addition to a few additional days the company may also throw in. Keep in mind that the nature of our work sometimes requires work on holidays.

Please request time off as soon as you can. We have to schedule projects and it’s good to know who is not free. While on vacation you are not generally expected to respond to work communications. If something is critical you will get a phone call, (or someone will show up at your vacation spot.).

Maternity and Parental Leave

In the event you give birth to a baby you receive 24 weeks paid maternity leave after you have been employed by OccamSec for one year.

In the event that the person with whom you are in a relationship has a baby , or you adopt a child you get six weeks of paid parental leave. Parental leave can be taken whenever you want within six months of the baby arriving.

Disability Leave

State laws requires employers to grant unpaid time off to employees who are dealing with an illness or disability. Please speak with us to ensure you get the time you need.

What We Value

Attitude: It’s easy to say you want to change the world. The hard part is doing it and doing it for the better. Life is too short to spend it working with people who are not in the pursuit of something better and who do not believe it’s possible. We want to work with people we genuinely like to be around, that begins with attitude.

Thinking: Thinking is awesome, really, without it nothing is ever going to get done. We like thinking. We like thinking combined with action even more.

A sense of urgency: Everyone needs priorities, and progress needs to be made on these priorities. Breaking projects down into short digestible steps will make life easier for you. A 3 month project with one far off goal is going to be difficult to accomplish and probably not be completed.

Prioritization: Doing one thing well beats doing five things with mediocrity all the time. The best way to get nothing done is to try and do everything. With that in mind it’s ok to speak to as many people as you can to make sure you have the right priorities, it is also ok to get feedback for you to lock in what’s next, and it’s ok to pursue your list with little regard for the shiny new project someone needs help with.

Don’t be an asshole: If you have to ask…

Client focused: Every company that ever made something to sell says this. 99% of those said it, then forgot about it. We are not going to forget about it. In almost everything you do in this job think about who it is for and what they want. When you write something the goal is to give your client what they need. When you work with someone else on a project think about what you are trying to achieve, who it’s for, and what it needs to be.

Try, fail, and try again: We need to try new ideas, if they go wrong then learn what happened and work out what to do next. Fear of failure is a huge source of failure over the long run. Do you know how many iPhones it took to reach the final one that was launched? Neither do we, but it was more than 1.

Learning: Everyone needs to learn, the world we are in moves at a pace unseen before, and tomorrow it will be faster. What you knew yesterday is already becoming out of date. There can never be enough emphasis placed on learning, it’s the only way we will get better. Do it whenever you can, wherever you can. Learning can be from a book, a class, a conference, a TV show, a song, a meal, a conversation, the list is endless, our ability to learn is what marks the forward progress of the human race.

One important note – If you leave within 6 months of company funded training you have to repay the full cost of it including any travel expenses incurred and reimbursed. If you leave within 6-12 months you have to repay half of it. If you leave the company involuntarily then you will not be required to reimburse the company.

Our People

You are the most important resource at OccamSec. Without you nothing is going to happen. Our people come from many backgrounds, places, and have their own belief systems. If everyone was the same we would be a bank.

Never judge anyone without getting to know them. Try to understand their perspective. Research shows more and more that empathy is one of the most critical skills for people (even more so for leaders). We don’t always need to agree, but we need to treat each other with respect.

Realize that there are other people in the company, their collective success comes before that of the individual, no matter who you are or how good you are.

We value what is written in this document, if you feel we are not living up to it please let us know.

Thank you for working with us.