Back

Office Hours: I’m the founder and CEO of Tall Poppy – a YC backed startup building scalable tech to fight online harassment. I’m Leigh Honeywell. AMA!Featured

Hello Elphas!

I’m the co-founder and CEO of Tall Poppy. My company works with tech platforms, movie studios, and non-profits to protect their employees from personal cybersecurity threats and online harassment.

Before Tall Poppy, I spent a year doing public interest tech work at the ACLU as a Technology Fellow. Prior to the ACLU, I worked on security teams at Microsoft, Salesforce, and Slack. I’ve worn just about every hat in cybersecurity, from code review to incident response to policy.

I’ve also been a long-time tech and inclusion activist. I worked to organize tech workers against the Trump administration’s agenda and to protect #metoo whistleblowers.

For fun, my husband and I run a local Ottawa Mastodon federated social media server for a few hundred of our neighbours, and I advocate for building more dense, sustainable housing as a board member of Make Housing Affordable. I love skiing in the winter and camping in the summer.

Ask me anything about scaling security at startups, personal cybersecurity, online harassment, whistleblowing, inclusion, affordable housing, the Fediverse, and more!

Thanks so much for joining us @leighhoneywell!Elphas – please ask @leighhoneywell your questions before Friday, April 7th. @leighhoneywell may not have time to answer every questions, so emoji upvote your favorites 🔥👍🏾➕
Hello @leighhoneywell! Your work looks really interesting. There is a group in Canada that I volunteer with whose mission feels similar to Tall Poppy's. https://odlan.ca/I am curious to know if Tall Poppy has resources specific to LGBTQ targeting online? Your resources for Therapists page on your site is really interesting as well! Great work :)
Hey Alexandra! ODLAN seems awesome - really critical work!We've got a general resource page with technical and psychosocial guidance that's pretty broadly applicable: https://www.tallpoppy.com/resourcesThe other resource I'd point to is the GLAAD Social Media Safety Index - I'm an advisor to the project, and they've produced some really comprehensive reporting and guidance to tech platforms on how they can do better at protecting LGBTQ folks online: https://glaad.org/smsiHope that's helpful, and thanks for the kind words 🙏
@leighhoneywell Wow - I am so impressed and love all of the work you're involved with! I have two questions :)1. What was the most rewarding and/or most impactful work you did as a Technology Fellow at the ACLU? 2. Where do you think big tech will (or should) invest early in user security - specifically, social platforms.
These are great questions Leah, thank you!1. What was the most rewarding and/or most impactful work you did as a Technology Fellow at the ACLU?I got to provide technical guidance on the arguments in a case we argued in front of the supreme court, which was really cool. I also published security guidance for #metoo whistleblowers, which is still pretty helpful I think (except use Bitwarden instead of Lastpass as a password manager :) ) - you can read it here: https://www.aclu.org/news/privacy-technology/staying-safe-when-you-say-metoo2. Where do you think big tech will (or should) invest early in user security - specifically, social platforms.The two big challenges that I see on the user security side are: account takeover issues, and scaling content moderation. Passwords suck and they are the cause of so many breaches; figuring out ways of being able to authenticate users that rely on something other than a password I think is going to be an important shift in the next few years. And we've seen the consequences over and over of the platforms' failure to effectively manage violent and hateful content - it's both genuinely a hard problem at the billion-person scale these platforms operate at, and one which they have a responsibility to society and humanity to solve.
@leighhoneywell . Your profile is amazing! Happy to see a woman in Sec.I have a question. I'm new to programming, and I noticed this line in inspect "code injected by live server". How would you deal with this attack?
Hey Margaret! Great question - I can totally see how you'd think that was an attack, but I think it's actually just a code comment from Visual Studio Code! Guessing you're using that as an editor :)If you're interested in learning more about web application security, I'm a big fan of the book "The Web App Hackers' Handbook": https://www.wiley.com/en-us/The+Web+Application+Hacker%27s+Handbook%3A+Finding+and+Exploiting+Security+Flaws%2C+2nd+Edition-p-9781118026472 It hasn't been updated in a while, but the authors also run a free online training lab: https://portswigger.net/web-security
Ooh! Thank you for those resources! I’ve been looking for ways to keep up with web app security threats as well :)
Ooh! Thank you for those resources! I’ve been looking for ways to keep up with web app security threats as well :)
@leighhoneywell Thank you for the resource.
Hi @leighhoneywell, wow, what a great company and cause! I mostly just wanted to drop a line to say kudos but also ask, for a complete newbie, what would be some of your go-to resources/tips on personal cybetsecutiry that every individual should be familiar with? Thanks!
Thanks for the great question @mmilana!I'm partial to our own resources page: https://www.tallpoppy.com/resourcesAnother great tool is the Consumer Reports Security Planner app: https://securityplanner.org/If I had to constrain myself to just one tip, I'd recommend learning how to use a high-quality, well-tested password manager like 1Password or Bitwarden :)
Hi @leighhoneywell, wow, what a great company and cause! I mostly just wanted to drop a line to say kudos but also ask, for a complete newbie, what would be some of your go-to resources/tips on personal cybetsecutiry that every individual should be familiar with? Thanks!
Hi!! I'm working on cybersecurity for latam children! i would love it if we could chat!! https://www.chimali.lat/about
Super cool! Send me a DM :)
Does your company work on or towards issues that affect individuals? What about using spyware to eavesdrop on private conversations? When companies do this for ads, its annoying. When people do this, it's beyond upsetting. This seems to happen a lot. How can I figure out how ppl are able to do this?
@leighhoneywell i just want to say hi Slack friend 👋 you are amazing!
Ahhhhhh yay thank you Kristina! So are you!!!
Love your work with TallPoppy @leighhoneywell!What are you most excited about with the Fediverse? What security issues do you see with federated social media? Have you tried any other federated networks besides mastodon?Thanks for doing this AMA!