We are in the middle of our 2018 Analyst hiring process at USV.  For the last several hiring cycles, USV has had an open process where anyone can apply.  I actually wrote about it back in 2011, right before I joined, remarking at the high quality of applicants that the process produced. That is still the case today.  In this year's Analyst application produced 326 applicants, of remarkable accomplishment.  Albert has been writing updates about the process on the USV blog.  At this point, we have reviewed all of the applications, and are working towards a second round of interviews with semi-finalists. What I'll cover here is how we've managed the process this time. For the past 3 cycles we have solicited video responses as part of the application process, powered by Ziggeo.  Having video in the application process has really worked for us.  Even with short videos (our were 30 and 60 seconds, respectively), you can get a good sense of a person's manner of speaking, sense of confidence, thoughtfulness, etc.  While it doesn't tell the whole story, it's been a very helpful signal for us over the years. The first time, we used a custom web application that Oliver from Ziggeo helped us build (source code here).  The second time, we re-used that codebase with some modifications.  This time, we tried to make it even more simple, using only off-the-shelf tools. What we ended up with was a combination of FormAssembly for the form itself (because FormAssembly supports Ziggeo integration) Ziggeo for the videos, and Airtable for the ultimate data storage and workflow management. FormAssembly made it easy to build the form, including nice features like letting applicants save a partially-completed form and come back to it later.  The form looked like this:

Ziggeo made it really easy to capture the video.  Note the embedded video recorder in the form above, which looks like this when you fire it up:

For our internal process of reviewing applications, we needed something else, which is where Airtable comes in. For those who don't know Airtable, it's basically a hybrid spreadsheet / database, with handy aspects of each.  It's like a spreadsheet in that it's really easy to update the schema and edit data.  It's like a database in that you get persistent records that are linkable with one another (a feature that we didn't use here but we make lots of use of elsewhere internally), and that has a great API. There's not an automatic way to move records from FormAssembly to Airtable, so we just did CSV export/import.  Ultimately, we ended up with a view like this, where we could review applicants one-by-one and then comment/score/sort/etc:

You can see a stripped-down version of the Airtable we used for the process here. All in all, this setup worked great.  It took zero coding to build, had a really modest number of errors or mishaps, and handled our workflow well. There are, of course, a few things that could have been better.  Top of the list would be direct Ziggeo support within Airtable.  Airtable has a feature where you can expose a form that will collect data directly into a table in Airtable.  Ideally, you'd be able to have a "video" type form element that would embed a Ziggeo recorder directly in the Airtable form.  Then, on the back end, it would be great if you could view those videos directly in Airtable, rather than clicking out to a link -- imagine the screenshot above, but with embedded video players rather than links.  I suspect a lot of people use Airtable for applicant tracking, and I'm sure this kind of video support would be popular.  Another would be automated connectivity between FormAssembly and Airtable, maybe via Zapier. So, that's what we did.  Remarkably easy to manage this time around -- thank you to all the teams out there building the tools that make this kind of thing easier by the day.

We have spent a fair bit of time over the past year working on security at USV and across the USV portfolio.  Anyone who has spent time working on personal or corporate security -- and in particular information security, knows that there are a million ways in, and you're never "finished". Fred wrote a bit about his experience last year, and we had an issue yesterday with Albert's phone:

Thanks to everyone who has been helping me recover from a Twitter account takeover based on an unauthorized SIM switch on my phone

— Albert Wenger (@albertwenger) January 11, 2018

The way we have been thinking about it is in terms of "the weakest link".  It is critical to have your most important accounts (primary email, banking, crypto, etc) secured well, but it's also important to work your way down the line to other accounts and entry points.  The lesson being that attackers will seek the weakest point and work from there. One of weakest points in personal security is the phone -- cell carriers are notoriously bad at security, and attacks like phone porting and SIM swapping are common.  For that reason, it's important to move away from using SMS as a second factor backup wherever possible, and instead moving to apps like Google Authenticator, or to hardware-based 2FA using Yubikeys or similar. Another weak point is personal email, or old email accounts.  It's easy to forget about old accounts that you used back in the day, but those can be problematic, especially if they are linked to other accounts, and if 2fA is non-existent or tied to SMS. So, by all means, start with the most important accounts.  But don't stop there -- keep sussing out weakest link. For more resources on personal information security, see this excellent guide by EFF (written in the context of surveillance, but applicable to all attack vectors).

We are in the middle of our 2018 Analyst hiring process at USV.  For the last several hiring cycles, USV has had an open process where anyone can apply.  I actually wrote about it back in 2011, right before I joined, remarking at the high quality of applicants that the process produced. That is still the case today.  In this year's Analyst application produced 326 applicants, of remarkable accomplishment.  Albert has been writing updates about the process on the USV blog.  At this point, we have reviewed all of the applications, and are working towards a second round of interviews with semi-finalists. What I'll cover here is how we've managed the process this time. For the past 3 cycles we have solicited video responses as part of the application process, powered by Ziggeo.  Having video in the application process has really worked for us.  Even with short videos (our were 30 and 60 seconds, respectively), you can get a good sense of a person's manner of speaking, sense of confidence, thoughtfulness, etc.  While it doesn't tell the whole story, it's been a very helpful signal for us over the years. The first time, we used a custom web application that Oliver from Ziggeo helped us build (source code here).  The second time, we re-used that codebase with some modifications.  This time, we tried to make it even more simple, using only off-the-shelf tools. What we ended up with was a combination of FormAssembly for the form itself (because FormAssembly supports Ziggeo integration) Ziggeo for the videos, and Airtable for the ultimate data storage and workflow management. FormAssembly made it easy to build the form, including nice features like letting applicants save a partially-completed form and come back to it later.  The form looked like this:

Ziggeo made it really easy to capture the video.  Note the embedded video recorder in the form above, which looks like this when you fire it up:

For our internal process of reviewing applications, we needed something else, which is where Airtable comes in. For those who don't know Airtable, it's basically a hybrid spreadsheet / database, with handy aspects of each.  It's like a spreadsheet in that it's really easy to update the schema and edit data.  It's like a database in that you get persistent records that are linkable with one another (a feature that we didn't use here but we make lots of use of elsewhere internally), and that has a great API. There's not an automatic way to move records from FormAssembly to Airtable, so we just did CSV export/import.  Ultimately, we ended up with a view like this, where we could review applicants one-by-one and then comment/score/sort/etc:

You can see a stripped-down version of the Airtable we used for the process here. All in all, this setup worked great.  It took zero coding to build, had a really modest number of errors or mishaps, and handled our workflow well. There are, of course, a few things that could have been better.  Top of the list would be direct Ziggeo support within Airtable.  Airtable has a feature where you can expose a form that will collect data directly into a table in Airtable.  Ideally, you'd be able to have a "video" type form element that would embed a Ziggeo recorder directly in the Airtable form.  Then, on the back end, it would be great if you could view those videos directly in Airtable, rather than clicking out to a link -- imagine the screenshot above, but with embedded video players rather than links.  I suspect a lot of people use Airtable for applicant tracking, and I'm sure this kind of video support would be popular.  Another would be automated connectivity between FormAssembly and Airtable, maybe via Zapier. So, that's what we did.  Remarkably easy to manage this time around -- thank you to all the teams out there building the tools that make this kind of thing easier by the day.

We have spent a fair bit of time over the past year working on security at USV and across the USV portfolio.  Anyone who has spent time working on personal or corporate security -- and in particular information security, knows that there are a million ways in, and you're never "finished". Fred wrote a bit about his experience last year, and we had an issue yesterday with Albert's phone:

Thanks to everyone who has been helping me recover from a Twitter account takeover based on an unauthorized SIM switch on my phone

— Albert Wenger (@albertwenger) January 11, 2018

The way we have been thinking about it is in terms of "the weakest link".  It is critical to have your most important accounts (primary email, banking, crypto, etc) secured well, but it's also important to work your way down the line to other accounts and entry points.  The lesson being that attackers will seek the weakest point and work from there. One of weakest points in personal security is the phone -- cell carriers are notoriously bad at security, and attacks like phone porting and SIM swapping are common.  For that reason, it's important to move away from using SMS as a second factor backup wherever possible, and instead moving to apps like Google Authenticator, or to hardware-based 2FA using Yubikeys or similar. Another weak point is personal email, or old email accounts.  It's easy to forget about old accounts that you used back in the day, but those can be problematic, especially if they are linked to other accounts, and if 2fA is non-existent or tied to SMS. So, by all means, start with the most important accounts.  But don't stop there -- keep sussing out weakest link. For more resources on personal information security, see this excellent guide by EFF (written in the context of surveillance, but applicable to all attack vectors).