EA Forum Bot Site
EA Forum

Hide table of contents
Comment Permalink
by Jason Clinton, Wim van der Schoot
3 min read 16

170

Opportunities to take actionAI safetyBuilding effective altruismCareer choiceInformation securityPersonal developmentBooksApplication announcementsTeaching materials
Frontpage
Show all topics

Ahoy! Our community has become acutely aware of the need for skilled infosec folks to help out in all cause areas. The market conditions are that information security skilled individuals are in shorter supply than demand. This book club aims to remedy that problem.

I have been leading the Chrome Infrastructure Security team at Google for 3 years, have 11 years of infosec experience, and 24 years of career experience. My team’s current focus includes APT and insider defense. I built that team with a mix of folks with infosec skills—yes—but the team is also made up of individuals who were strong general software engineers who had an interest in security. I applied this book and a comprehensive, 18 month training program to transition those folks to infosec and that has been successful. Reading this book as a book club is the first 5 months of that program. So, while this book club is not sufficient to make a career transition to infosec, it is a significant first step in doing so.

The goal of this group and our meetings is to teach infosec practices, engineering, and policies to those who are interested in learning them, and to refresh and fill in gaps in those who are already in the infosec focus area.

Find the book as a free PDF or via these links. From the book reviews:

This book is the first to really capture the knowledge of some of the best security and reliability teams in the world, and while very few companies will need to operate at Google’s scale many engineers and operators can benefit from some of the hard-earned lessons on securing wide-flung distributed systems. This book is full of useful insights from cover to cover, and each example and anecdote is heavy with authenticity and the wisdom that comes from experimenting, failing and measuring real outcomes at scale. It is a must for anybody looking to build their systems the correct way from day one.

This is a dry, information-dense book. But it also contains a comprehensive manual for how to implement what is widely considered the most secure company in the world.

Audience

Any software engineer who is curious about becoming security engineering focused or anyone looking to up their existing infosec career path. It is beyond the level of new bachelor’s graduates. However, anyone with 3-ish years of engineering practice on real-world engineering systems should be able to keep up. A person with a CompSci masters degree but no hands-on experience might also be ready to join.

Openness

Directed to anyone who considers themselves EA-aligned. Will discuss publicly known exploits and news stories, as they relate to the book contents, and avoid confidential cases from private orgs. Will discuss applicability to various aspects of EA-aligned work across all cause areas.

Format, length, time and signup

Meet for 1 hour on Google Meet every 2 weeks where we will discuss 2 chapters. ~11 meetings over 22 weeks.

The meetings will be facilitated by me.

The discussion format will be:

  1. The facilitator will select a theme from the chapters, in order, and then prompt the participants to offer their perspective, ensuring that everyone has ample opportunity to participate, if they choose.
  2. Discussion on each theme will continue for 5-10 minutes and then proceed to the next theme. Participants should offer any relevant, current news or applicability to cause areas, if time permits.
  3. The facilitator will ensure that discussion is relevant and move the conversation along to the next topic, being mindful of the time limit.
  4. Any threads that warrant more discussion than we have time for in the call will be taken to the Slack channel for the book club (see form below for invite) where participants can continue the discussion and ask more questions about specific implementation details and how to effect that change in an organization.

Dates & Time: Starting date: Saturday April 1, 2023 at 2PM PDT. (timezone conversion). We have core attendees signed up across US, UK and AUS currently; apologies if this does not overlap with your timezone.

Signup: Signup here on this form to receive an invite to the Slack channel and add the event calendar (alternative iCal format) to your own calendar. Changes to schedule will be reflected there.

Special thanks to Wim van der Schoot for the impetus to organize this book club.

170

0
0

Reactions

0
0
Mentioned in

More posts like this

Comments16


Sorted by
New & upvoted
Click to highlight new comments since:
Jay Bailey5
1
0

Seems like a pretty incredible opportunity for those interested! What level of time commitment do you expect reading and understanding the book to take, in addition to the meetings?

Reply
Jason Clinton4
0
0

Each set of two chapters we will read will take between 1-2 hours to read every two weeks. That's it.

Reply
Mateodona_104
1
1

Are you aware of the existence of  EA Gather Town ? An always-on virtual meeting place for coworking, connecting, and having both casual and impactful conversations. 

It could be a good place to host the meetings.

Reply
LeverageTime1
0
0

Incredible way to contribute to the community! Do we have a new link for the PDF please?
(old link is broken )

Reply
Yonatan Cale2
0
0

Reading this book as a book club is the first 5 months of that program.

5 months of.. full time work? Something else?

 

If I understand correctly, the book club is 11 meetings, where each meeting is 1 hour of video plus 1-2 hours of reading beforehand.

I'm confused about how this adds up, almost to the point where I wonder if you were testing us on purpose ;)

Reply
Jason Clinton1
0
0

This is the first 5 months of theory in the program. There's also practice and the new team members also shadowed security reviews. So, some self-practice and thinking about security exploits and applicability is expected to occur in parallel to the book club to get the full benefit.

Reply
Avi Norowitz2
1
0

I like this initiative! Just a suggestion: On the Google Form, it would help if the questions "Describe briefly your technical background" and "Describe briefly your involvement in Effective Altruism" were "Paragraph" inputs instead of "Short answer."

Reply
Wim van der Schoot3
1
0

Fixed, thank you for noting.

Reply
Madhav Malhotra2
0
0

Could you please share more details on which parts of the curriculum would be inaccessible to recent graduates? From the outline of the book alone, it's hard to estimate the level of technical depth needed.

Reply
Jason Clinton6
0
0

Unfortunately, all of it. The discussion will be fast-moving and talk about reifying the abstract ideas into concrete, production systems and organization structure. It will be out of anyone's skill set who hasn't had worked with real production systems and technical orgs for a few years.

Reply
JaimeRV1
0
0

Would it be possible to organise sessions in other timezones if there is demand for it? Like Europe, India,...

Reply
Jason Clinton1
0
0

Yea, depending on success, we might split the next round in two to get global coverage.

Reply
Peter Drotos 🔸4
0
0

Would also be interested how it went and if there are plans for a second round.

Reply
Mckiev 🔸2
0
0

How did the first run go? Are you planning to do more groups?

Reply
Curated and popular this week
 ·  · 22m read
 · 
The cause prioritization landscape in EA is changing. Prominent groups have shut down, others have been founded, and everyone’s trying to figure out how to prepare for AI. This is the third in a series of posts critically examining the state of cause prioritization and strategies for moving forward. Executive Summary * An increasingly common argument is that we should prioritize work in AI over work in other cause areas (e.g. farmed animal welfare, reducing nuclear risks) because the impending AI revolution undermines the value of working in those other areas. * We consider three versions of the argument: * Aligned superintelligent AI will solve many of the problems that we currently face in other cause areas. * Misaligned AI will be so disastrous that none of the existing problems will matter because we’ll all be dead or worse. * AI will be so disruptive that our current theories of change will all be obsolete, so the best thing to do is wait, build resources, and reformulate plans until after the AI revolution. * We identify some key cruxes of these arguments, and present reasons to be skeptical of them. A more direct case needs to be made for these cruxes before we rely on them in making important cause prioritization decisions. * Even on short timelines, the AI transition may be a protracted and patchy process, leaving many opportunities to act on longer timelines. * Work in other cause areas will often make essential contributions to the AI transition going well. * Projects that require cultural, social, and legal changes for success, and projects where opposing sides will both benefit from AI, will be more resistant to being solved by AI. * Many of the reasons why AI might undermine projects in other cause areas (e.g. its unpredictable and destabilizing effects) would seem to undermine lots of work on AI as well. * While an impending AI revolution should affect how we approach and prioritize non-AI (and AI) projects, doing this wisel
 ·  · 6m read
 · 
I am writing this to reflect on my experience interning with the Fish Welfare Initiative, and to provide my thoughts on why more students looking to build EA experience should do something similar.  Back in October, I cold-emailed the Fish Welfare Initiative (FWI) with my resume and a short cover letter expressing interest in an unpaid in-person internship in the summer of 2025. I figured I had a better chance of getting an internship by building my own door than competing with hundreds of others to squeeze through an existing door, and the opportunity to travel to India carried strong appeal. Haven, the Executive Director of FWI, set up a call with me that mostly consisted of him listing all the challenges of living in rural India — 110° F temperatures, electricity outages, lack of entertainment… When I didn’t seem deterred, he offered me an internship.  I stayed with FWI for one month. By rotating through the different teams, I completed a wide range of tasks:  * Made ~20 visits to fish farms * Wrote a recommendation on next steps for FWI’s stunning project * Conducted data analysis in Python on the efficacy of the Alliance for Responsible Aquaculture’s corrective actions * Received training in water quality testing methods * Created charts in Tableau for a webinar presentation * Brainstormed and implemented office improvements  I wasn’t able to drive myself around in India, so I rode on the back of a coworker’s motorbike to commute. FWI provided me with my own bedroom in a company-owned flat. Sometimes Haven and I would cook together at the residence, talking for hours over a chopping board and our metal plates about war, family, or effective altruism. Other times I would eat at restaurants or street food booths with my Indian coworkers. Excluding flights, I spent less than $100 USD in total. I covered all costs, including international transportation, through the Summer in South Asia Fellowship, which provides funding for University of Michigan under
 ·  · 5m read
 · 
Summary Following our co-founder Joey's recent transition announcement we're actively searching for exceptional leadership to join our C-level team and guide AIM into its next phase. * Find the full job description here * To apply, please visit the following link * Recommend someone you think could be a great fit here * Location: London strongly preferred. Remote candidates willing to work from London at least 3 months a year and otherwise overlapping at least 6 hours with 9 am to 5 pm BST will be considered. We are happy to sponsor UK work visas. * Employment Type: Full-time (35 hours) * Application Deadline: rolling until August 10, 2025 * Start Date: as soon as possible (with some flexibility for the right candidate) * Compensation: £45,000–£90,000 (for details on our compensation policy see full job description) Leadership Transition On March 15th, Joey announced he's stepping away from his role as CEO of AIM, with his planned last day as December 1st. This follows our other co-founder Karolina's completed transition in 2024. Like Karolina, Joey will transition to a board member role while we bring in new leadership to guide AIM's next phase of growth. The Opportunity AIM is at a unique inflection point. We're seeking an exceptional leader to join Samantha and Devon on our C-level team and help shape the next era of one of the most impactful organizations in the EA ecosystem. With foundations established (including a strong leadership team and funding runway), we're ready to scale our influence dramatically and see many exciting pathways to do so. While the current leadership team has a default 2026 strategic plan, we are open to a new CEO proposing radical departures. This might include: * Proposing alternative ways to integrate or spin off existing or new programs * Deciding to spend more resources trialling more experimental programs, or double down on Charity Entrepreneurship * Expanding geographically or deepening impact in existing region
Recent opportunities in AI safety
9
Join Cambridge AI Safety Hub's Leadership
Cambridge AI Safety Hub
· · 2m read
0
0
7
Expression of Interest: Mentors & Researchers at AI Safety Global Society
Caroline Shamiso Chitongo 🔸, AI Safety Global Society
· · 2m read
0
0
46
Introducing the Pathfinder Fellowship: Funding and Mentorship for AI Safety Group Organizers
Agustín Covarrubias 🔸, Topaz
· · 3m read
0
0
View more