Interlock is a blockchain network used to protect DeFi users and govern cybersecurity data. We make cybersecurity software that uses $ILOCK to secure people and sofware, but rewards $ILOCK to people who make DeFi safer.
We want to protect the internet while rewarding the people who make it safer.
We are dedicated to:
- 👁️ remaining the freshest, simplest and earliest way to stop phishing and bad actors
- 💰 giving people the ability to benefit from and govern cybersecurity data collection efforts
- 🪙 protecting crypto wallets and smart contracts
- 🪟 privacy, transparency, and trust through open source software
- 💻 beautiful, humane and frictionless user experiences
- 🧑🚀 automating threat analysis and monitoring
- ⏬ reducing the proliferation of security tools
- 🖖 making the web less spammy and hostile
Interlock is an all-remote company with team members spread across two continents and four time zones. The broader team of contributors worldwide submits patches, bug reports, troubleshooting tips, improvements, and real-world insights to Interlocks's open source code base, documentation, website, and company handbook.
The majority of the code, documentation, and content we create at Interlock is public and source-available. We strive to be open and transparent in the way we run the business, as much as confidentiality agreements (and time) allow. We perform better with an audience, and our audience performs better with us.
Interlocks's values are a set of five ideals adopted by everyone on the team. They describe the culture we are working together to deliver, inside and outside the company:
- 🔴 Empathy
- 🟠 Ownership
- 🟢 Balance
- 🔵 Objectivity
- 🟣 Openness
When a new team member joins Interlock, they adopt the values, from day one. This way, even as the company grows, everybody knows what to expect from the people with whom they work. Having a shared mindset keeps us quick and determined.
Empathy leads to better understanding, better communication, and better decisions. Try to understand what people may be going through, so you can help make it better.
- Think and make user-first choices.
- Consider your counterpart.
- For example: keep in mind customers, contributors, colleagues, the other person in your video meeting, the other folks in a Discord channel, and the people who use software and APIs you build, the people following the processes you design.
- Ask questions in a way you would want to be asked.
- Assume others have positive intent.
- Be kind.
- Quickly review pending changes when your review is requested.
- Be punctual.
- End meetings on time.
- Role play as a user.
- Don't be afraid to rely on your imagination to understand.
- Developers are users too (REST API, smart contracts, airlock, docs).
- Contributor experience matters (but product quality and commitments come first).
- Bugs cause frustrating experiences and alienate users.
- Create patches with care (upgrading to new releases can be time-consuming for users running self-managed deployments).
- Confusing error messages make people feel helpless and can fill them with despair.
- Error messages deserve to be good (spending time on them is worth it).
- UI help text and labels deserve to be good (it's worth it to spend time on them).
- Invest in hospitality.
- "Be a helper." -Mr. Rogers
- Think and say positive things.
- Show genuine gratitude for other team members' actions say it in chat.
- Talking with users and contributors is time well spent.
- Embrace the excitement of others (it's contagious).
- Make small talk at the beginning of meetings.
- Be generous (go above and beyond, especially for customers/contributors)
- Apply customer service principles to all users, even if they never use Interlock.
- Treat everyone as our guests.
- Better humanity.
- Take responsibility.
- Think like an owner. See founder's manual.
- Follow through on commitments (actions match your words).
- Own up to mistakes.
- Understand why it matters (the goals of the work you are doing).
- Consider the business impact (fast forward 12 months, consider the total cost of ownership over the eternity of maintenance).
- Often, you'll need to own processes that won't scale. Not everything should be automated from the start. Your experience with doing things manually will teach us how to scale effectively later. Do not try to scale things upfront.
- Be responsive.
- Respond quickly, even if you can't take further action at that exact moment.
- When you disagree, give your feedback; then agree and commit, or disagree and commit anyway.
- Favor short calls over long asynchronous back and forth discussions in Discord, or Github.
- Procrastination is a symptom of not knowing what to do next (if you find yourself avoiding reading or responding to a message, schedule a Discord call with the people you need to figure it out).
- We win or lose together.
- Think about the big picture beyond your individual team/project goals.
- Success equals creating value for customers and stakeholders.
- You're not alone in this (There's a great community of people able and happy to help).
- Don't be afraid to spend time helping users, customers, and contributors (including colleagues on other teams).
- Be proactive (ask other contributors how you can help, regardless of who is assigned to what
- Finish completely before moving to something new (help unblock team members and other contributors to deliver value).
- Take pride in your work.
- Be efficient (your time is valuable, your work matters, and your focus is a finite resource).
- You don't need permission to be thoughtful.
- Reread anything you write for users. Check everything that a user might read for clarity, spelling errors, and to make sure that it provides value.
- Take your ideas seriously (great ideas come from everyone; write them out and see if they have merit).
- Think for yourself (from first principles).
- Use reason (believe in your brain's capacity to evaluate a solution or idea, regardless of its popularity).
- You are on a hero's journey (motivate yourself intrinsically with self-talk; even boring tasks are more motivating, fun, and effective when you care).
- Better your results.
Between overthinking and rushing, there is a golden mean.
- Iterate your work.
- Work in baby steps. Look for ways to make the smallest, minimally viable change. Small changes provide faster feedback, and help us to stay focused on quality.
- Pick low-hanging fruit (deliver value quickly where you can).
- Think ahead, then make the right decision for now.
- Look before you leap (when facing a non-trivial problem, get perspective before diving in; there may be a simpler solution). When facing a (non-trivial) problem, take a step back before diving into fixing it - put the problem back in context, think about the actual goal and not just the issue itself, sometimes the obvious solution misses the end goal, sometimes a simpler solution will emerge, or it may just confirm that the fix is the right one and you can go ahead with better confidence.
- Move quickly.
- "Everything is in draft."
- Think fast (balance thoughtfulness and planning with moving quickly).
- Aim to deliver results daily, not weekly or bi-weekly.
- Move faster than 90% of the humans you know.
- Resist gold-plating and avoid bike-shedding.
- Remember, less is more.
- Focus on fewer tasks at one time. By focusing on fewer tasks at once, we are able to get more done, and to a higher standard, while feeling more positive about our work in the process.
- Go with "boring solutions."
- Finish what you start, or at least throw it away loudly in case someone else wants it.
- Keep it simple (prioritize simplicity; people crave mental space in design, collaboration, and most areas of life).
- Use fewer words (lots of text equals lots of work).
- As time allows ("I would have written a shorter letter, but I did not have the time." -Blaise Pascal).
- Make time for self-care.
- This helps you bring your best self when communicating with others, making decisions, etc.
- Consider taking a break or going for a walk.
- Take time off (it is better to have 100% focus for 80% of the time than it is to have 80% focus for 100% of the time).
- Think about how to organize your day/work hours to best fit your life and maximize your focus.
- Better focus.
- Be curious.
- Ask great questions & take the time to listen truly.
- Listen intently to feedback and genuinely try to understand (especially constructive criticism).
- See failure as a beginning (it is rare to get things right the first time).
- Question yourself ("Why do I think this?").
- Underpromise and overdeliver.
- Quality results often take longer than we anticipate.
- Be practical about your limits and about what's possible with the time and resources we have.
- Be thorough (don't settle for "the happy path"; every real-world edge case deserves handling).
- Prioritize the truth (reality).
- Be wrong and show your work (it's better to make the right decision than it is to be right).
- Think "strong opinions, loosely held" (proceed boldly, but change your mind in the face of new evidence)
- Avoid the sunk cost fallacy (getting attached to something just because you invested time working on it or came up with it).
- Be fair to competitors ("may the best product win.").
- Give credit where credit is due; don't show favoritism.
- Hold facts, over commentary.
- Speak computer to computers
- A lucky fix without understanding does more harm than good.
- When something isn't working, use the scientific method.
- Especially think like a computer when there is a bug, or when something is slow, or when a customer experiences a problem.
- Assume it's your fault.
- Assume nothing else.
- Better your rigor.
- Anyone can contribute to Interlock.
- Be outsider-friendly, inclusive, and approachable.
- Use small words, so readers understand more easily.
- Prioritize accessible terminology and simple explanations to provide value to the largest possible audience of users.
- Avoid acronyms and idioms which might not translate.
- Welcome contributions to your team's work from people inside or outside the company.
- Get comfortable letting others contribute to your domain.
- Believe in everyone.
- Write everything down.
- Use the "handbook first" strategy.
- Writing your work down makes it real and allows others to read on their own time (and in their own timezone).
- Never stop consolidating and deduplicating content (gradually, consistently, bit by bit).
- Embrace candor.
- Have "short toes," and don't be afraid of stepping on toes.
- Don't be afraid to speak up (ask questions, be direct, and interrupt).
- Give pointed and respectful feedback.
- Take initiative in trying to improve things (no need to wait for a consensus).
- Communicate openly (if you think you should send a message to communicate something, send it, but keep comments brief and relevant).
- Be transparent.
- Everything we do is "public by default."
- We build in the open.
- Declassify with care (easier to overlook confidential info when declassifying vs. when changing something that is already public from the get-go).
- Open source is forever.
- Better your collaboration.
- DM's can limit collaboration. Only DM to collaborate when it makes sense, most conversations can benefit from greater visibility. If you feel its too noisy for general channels, start a thread instead.
- If the conversation produces an actionable outcome, create a Github issue for it.
- If the conversation is relevant to an existing Github issue, be sure to update the issue after the conversation.
2014: Origins of Apozy
In 2014, ethical hackers Rick and Erhan noticed that spear-phishing was the primary cause of breaches at large companies. They founded Apozy to make the workforce more resilient against phishing attacks.
2015: Apozy v1.0
A high-fidelity security awareness platform was created to test and train enterprise workforces. It was designed to continuously emulate real-world attacks and improve breach resilience.
2017: The YC days
Despite strong breach resistance, spear-phishing attacks were too sophisticated. The product shifted away from training and focused on using emerging visual tech to spot phishing sites and sandbox them in real-time.
2019: Birth of Airlock
Protection capabilities advanced to provide comprehensive data and telemetry for malicious extensions, malvertising and randsomware.
2021: Interlock was founded
With the addition of Nick, Interlock was founded. We are pioneering an ecosystem of security products made for Web3 extending our protection capabilities to smart contracts while rewarding people who share data to make the internet safer.
Why this way?
Why do we use a wireframe-first approach?
Wireframing (or "drafting," as we often refer to it at Interlock) provides a clear overview of page layout, information architecture, user flow, and functionality. The wireframe-first approach extends beyond what users see on their screens. Wireframe-first is also excellent for drafting APIs, config settings, CLI options, and even business processes.
Here's why we use a wireframe-first approach at Interlock.
- We create a wireframe for every change we make and favor small, iterative changes to deliver value quickly.
- We can think through the functionality and user experience more deeply by wireframing before committing any code. As a result, our coding decisions are clearer, and our code is cleaner and easier to maintain.
- Content hierarchy, messaging, error states, interactions, URLs, API parameters, and API response data are all considered during the wireframing process (often with several rounds of review). This initial quality assurance means engineers can focus on their code and confidently catch any potential edge-cases or issues along the way.
- Wireframing is accessible to people who understand our users but are not necessarily code-literate. So anyone can contribute a suggestion (at any level of fidelity). At the very least, you'll need a napkin and a pen, although we prefer to use Figma.
- With Figma, thanks to its powerful component and auto-layout features, we can create high-fidelity wireframes - fast. We can iterate quickly without costing more work and less sunk-cost fallacy.
Why organize work in team-based kanban boards?
It's helpful to have a consistent framework for how every team works, plans, and requests things from each other. Interlock's kanban boards are that framework, and they cover three goals:
- Intake: Give people from anywhere in the world the ability to request something from a particular team (i.e., add it to their backlog).
- Planning: Give the team's manager and other team members a way to plan the next three-week iteration of what the team is working on in a world (the board) where the team has ownership and feels confident making changes.
- Shared to-do list: What should I work on next? Who needs help? What important work is blocked? Is that bug fix merged yet? When will it be released? When will that new feature ship? What did I do yesterday?
Why a three-week cadence?
The Interlock product is released every three weeks. By syncing the whole company to this schedule, we can:
- keep all team members (especially those who aren't directly involved with the core product) aware of the current version of Interlock and when the next release is shipping.
- align project planning and milestones across all teams, which helps us schedule our content calendar and manage company-wide goals.
Why use agile methodology?
Releasing software iteratively gets changes and improvements into the hands of users faster and generally results in software that works. This makes contributors fitter, happier, and more productive. See the agile manifesto for more information.
Why the emphasis on training?
Investing in people and providing generous, prioritized training, especially up front, helps contributors understand what is going on at Interlock. By making training a prerequisite at Interlock, we can:
- help team members feel confident in the better decisions they make at work.
- create a culture of helping others, which results in team members feeling more comfortable even if they aren’t familiar with the osquery, security, startup, or IT space.
- if possible, record training sessions for others
Why not continuously generate REST API reference docs from javadoc-style code comments?
We prefer to generate our REST API reference docs the good old-fashioned way. By hand. Here are a few of the drawbacks that we have experienced when generating docs via tools like Swagger or OpenAPI and some plus ones for doing it by hand with Markdown.
- Markdown gives us more control over how the docs are compiled, what annotations we can include, and how we present the information to the end-user.
- Markdown is more accessible. Anyone can edit Interlock's docs directly from our website without needing coding experience.
- A single Markdown file reduces the amount of surface area to manage that comes from spreading code comments across multiple files throughout the codebase. (see "Why do we use one repo?").
- Generated docs can become just as outdated as handmade docs, except since they are generated, they become siloed and more difficult to edit.
- Autogenerated docs are typically hosted on a subdomain. This means we have less control over a user's journey through our website and lose the SEO benefits of self-hosted documentation.
- Autogenerating docs from code is not always the best way to make sure reference docs accurately reflect the API. Based on our experience from past projects, we've learned that the benefits of generated docs do not outweigh the drawbacks of creating them by hand.
- As the Interlock REST API, documentation, and tools mature, a more declarative format such as OpenAPI might become the source of truth, but only after investing in a format and processes to make it visible, accessible, and modifiable for all contributors.
Why handbook-first strategy?
The Interlock handbook provides team members with up-to-date information about how to do things in the company. By adopting the handbook-first strategy, we can encourage a culture of self-service and self-learning, which is essential for daily a-synchronous work as part of an all-remote team.
This strategy was inspired by GitLab, which uses it with great effect. Check out this short three-minute video about their take on the handbook-first approach.
Levels of confidentiality
- Public (share with anyone, anywhere in the world)
- Confidential (share only with team members who've signed an NDA, consulting agreement, or employment agreement)
- Classified (share only with founders of Interlock, peepops, and/or the people involved. e.g., US social security numbers during hiring)