I'm much more concerned with a new hire, especially revOps, that shows up and their day 1 recommendation is to change productivity tooling for the whole company. Typically these big changes on day one kinda folks are tone def to the organization and culture, and don't always survive the backlash / fallout of their changes.
Encourage this person to start a little smaller, build a track record of impactful wins and use that track record to make bigger and bigger changes.
To answer your stack questions, people are successful with all sorts of tools - one stack isn't better or worse.
You are making a lot of assumptions that I'd encourage you to not. Also, this isn't a big bounty dilemma. There was no program.
What are you trying to accomplish? You hacked a site (probably not legal).You reach out and reported it (nice gesture). They fixed it (the site is more secure (yay!). They offered to pay you $1k pounds (awesome!). You are rejecting the offer based on lies you tell yourself (they can pay more and if rather share it with the world be cause good things will happen for me if I do).
Bad things can happen too. They can reach out to authorities. Your current or future employer could reach your future post and decide you aren't the right person for them. The underlying company could respond to your post and confirm you weren't authorized to test and a good portion of the security community would never seriously consider you for employment.
Sure, you might be able to negotiate a little more, if you take the right approach. How much do you want? 1200, 10,000, 50,000? When you do something wrong, even with good intentions, and now you aren't happy with the amount they graciously offered to compensate you with, your approach to publicly expose them if you don't get what you want because "they can pay more" seems less like they won't pay for my expertise and more like extortion.
When in doubt, choose the path you'd be proud to talk about in a courtroom.
thanks for the reply - really appreciate it. I get the sense of what you are indicating and it makes sense as well. Also I am not security researcher, but a software engineer who tinker around with other apps
No disrespect, it's important to have people paying attention to these things or they would just never get fixed, but that's my take away from once being excited about going potentially going into this field to seeing what the day to day work was like
For context, I don't have the time to meet with everyone that reaches out. I was thinking I could hold office hours and people could show up and ask questions.
You and I don't have a meeting of the minds for what a founding engineer is. I understand it to be the first, non-cofounder, salaried engineer. This is the highest-equity receiving engineer-focused early employee. They should be getting a market-ish for a startup salary. In this day and age, in the US, it's probably 150-180k + 1% equity + healthcare.
If you are not making a salary / a well below market rate salary (50k for an engineer), you are a co-founder, not a co-founding engineer.
I'd think about the role as a role. Is there a job description? If so, what are the specific responsibilities. What would you pay for the role - comp it to market and company hiring practices. Then, determine if you need the role. Then, open the req and recruit for the role / encourage her to apply. Then, put her through the same interview process as everyone else.
You have to treat your business as a business. If you need the role, are paying a fair rate (salary, bonus, equity) and she's the best candidate, hire her. Then, you have a process that you can be transparent about and is fair.
Don't be bullied into something like this - it could be the beginning of the end.
> My first thought was snide / next level anti-Semitic trolling
Chomsky has been very critical of Israel, and as a result there are many pro-Israel people who strongly dislike him. So, while it isn’t impossible for Hebrew language trolling to be from an antisemite, my first thought would be it is from one of his pro-Israel critics
This article understates how big the content discovery problem was on the web, at those times. Delicious, Digg, Stumbleupon, Reddit and a million others.
Reddit is the Craigslist of content discovery, in so many ways.
""A Securities and Exchange Commission filing said Huffman in 2023 got a salary of $341,346, which is relatively low for a CEO of a major public corporation. In February, this was raised to $550,000. He also got a $792,000 bonus last year based on Reddit's user numbers, revenue, and a type of profitability known as adjusted EBITDA that excludes certain expenses."
"The bulk of his compensation package is now in restricted stock units and stock options. A lot of this compensation is based on Huffman staying at Reddit through late 2028, and some is triggered by completing Reddit's initial public offering, the SEC filing said.
Half of the stock options vest at $25.29, a relatively easy bar to reach. The other half vest only if Reddit shares reach $45, $60, and $90 in public-market trading over 10 years, the SEC filing says — that's a higher bar and aligns the CEO's interests with shareholders."
And yet Craig Newmark is a billionaire and the owners of Reddit aren't. $900 million in revenue means nothing if you jettison it into the stratosphere.
Encourage this person to start a little smaller, build a track record of impactful wins and use that track record to make bigger and bigger changes.
To answer your stack questions, people are successful with all sorts of tools - one stack isn't better or worse.