Daniel Miessler's Blog, page 71

It’s fairly obvious that COVID-19 will result in lots of changes throughout the world. We’ll hopefully improve our hospital readiness, we’ll hopefully address Wet Markets, and we’ll likely get a lot more comfortable with working remotely—among many others.

Authorized, protected, and/or anonymized telemetry.

I think it’s also time to consider using telemetry from peoples’ wearables to power realtime Health Operations Centers (HOCs). So, just like a Security Operations Center (SOC), we have people—and increasingly algorithms as well—observing data coming in from all over the world and looking for patterns.

Many of us are now using smartwatches and other wearables, with Mary Meeker putting us at around 55 million users in 2018, which was 2x growth in four years.

Mary Meeker’s Wearables Slide from 2019

Those wearables, and the ones being released all the time by multiple companies, could be used to send data to one or more analysis projects.

There are differences, but it reminds me of SETI or Folding@Home, where people are donating individual resources to a larger cause. Voluntary donation.

If anything like this were compulsory I’d obviously be against it.

So for the health data sharing, you could ideally pick what level of sharing you’re comfortable with—and the organization(s) you’re ok to share with—and either toggle it or not.

Current location
Previous locations
Body temperature
Resting heart rate
Oxygen levels
Insulin levels
Steps taken
Respiratory rate
User-reported well-being
Dr. Visits
(More as the tech advances)

Some of these are easier than others, obviously.

All this data could be shared in an authenticated way, at a granular level that protects the identity and privacy of the user as much as desired, with an operations center that brings it all together to create a story of our current health state.

Various groups already do this kind of data gathering, aggregation, visualization, and analysis using other methods. But they’re far more manual, and far slower. We’re just now getting the technology that enables us to do this in a more automated way.

Yes, I know. I hear you asking: what about privacy? Great question.

I’m in information security myself, so I know the privacy implications of sending data—especially health data—anywhere, let alone to some big brain in the sky.

But it is possible to do this properly, in a useful way, while still respecting people’s privacy appetite. It’ll just take a lot of groups working together to agree on a decent standard that includes privacy as a core feature.

I know people are skeptical of the feasibility, but COVID-19 is about to create new pressures that will create new diamonds. There’s no reason that a community-based Health Monitoring System that’s both powerful and privacy-focused can’t be one of them.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

I’ve thought for a long time that public video feed monitoring would become ubiquitous. My basis for this was looking at humans ultimately desire, not at the tech itself.

When I hear crazy long-term predictions I always think two things: either the prediction is going to be obvious, or it’s going to be wrong.


I think my approach is different in a subtle and powerful way. Rather than predicting the exact form, of the exact tech, in the exact order that it’ll emerge, I’m taking a reverse engineering approach.


Specifically, instead of starting with tech and seeing where it’s going, I’m starting with humans and what they seek, need, and desire. In other words, I think we can predict the future of technology through a strong understanding of what humans ultimately want as a species.

The Real Internet of Things, January 2017

Just yesterday I tweeted that the COVID-19 situation was going to finally make large-scale video surveillance endemic to our society.

We’re about to see AI companies offering algorithms that monitor video feeds for sick people.

They’ll be used with other sensors (heat, smell) for individual checks, and in mass video feeds to flag people for additional testing.

Busses, train stations, airports, etc.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) March 21, 2020

Governments and various industries have been trying to do this for a long time, but they’ve been opposed on the grounds of protecting freedom and privacy.

They were going to lose that fight anyway—eventually—because the features of connecting algorithms to sensors are simply too compelling to our ingrained human desires, but this angle of sickness monitoring is game over.

Watching people en masse for terrorism, when people can easily that there isn’t that much terrorism actually happening, is a harder fight. But when people remember the Great Depression of 2020, caused by a pandemic, nobody will lift a finger to stop video surveillance tech that claims to be able to spot sick people.

And sure enough—not one day after that tweet—someone sent me this link.

New: AI/surveillance company claims it's deploying 'coronavirus-detecting' cameras in the United States. Says rolling out to customers such as airports, government agencies, Fortune 500. Essentially detects a fever and sends an alert. Similar used in China https://t.co/f2uX5pD2WY

— Joseph Cox (@josephfcox) March 17, 2020

This is from a company that already sells “gun detection” video monitoring, which is another guaranteed winner.

Machine Learning is getting so good that we can bounce WiFi off of someone’s body and read their heartbeat, read their facial expressions, and estimate their emotional state.

There are thousands of projects like this, where you point an algorithm at a video feed and it tells you if something is happening in the scene. And it’s easy to see where it’s going.

This last one might sound familiar.

Show me wanted criminals.
Show me people who might be sick.
Show me people who look like they’re carrying a weapon.
Show me people who look like they’re concealing explosives.
Show me people who look anxious.
Show me people who look dangerous.
Show me people who we should interrogate further.
Show me people who might commit a crime in the future.

This is amazing stuff. In a world without evil, power-hungry people it would be glorious. But in our world it’s a quick path to discrimination and dystopia.

But my point isn’t that this stuff is bad and we should stop it. That’s silly. We can’t stop it. It’s too compelling. Stopping terrorists and dangerous people—and now sick people—is simply too deep of a desire in too much of the population.

Our only hope in this is to keep people educated on the tradeoffs.

We must understand what we give up when we enable tech like this. For every person who’s creating it or implementing it because they believe it will help people there is at least one more who sees that deployment as an onramp to profit and control.

That awareness of the tradeoffs is crucial, and that’s what gets tossed first when people are injected with fear.

If there were another 9/11 in the US or Europe, for example, video surveillance would blossom with minimal resistance.

COVID-19 is going to cause a worldwide economic depression unlike we’ve never seen. And that will cause PTSD equivalent to many 9/11’s.

Someone will say, “We need these cameras everywhere, hooked up to dozens of algorithms looking for threats”, and people will say, “What about privacy?”

And then they’ll say, “It will let us know if anyone is sick, so we can isolate them and prevent the next 2020 Depression.”

And that will be the end of the conversation.

Basically, the fear of pandemics just permanently opened the door to ubiquitous video surveillance, and our next hope of opposing it won’t come until after we’ve completely recovered from the economic fallout of COVID-19.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

I wonder if our recovery from this pandemic and its economic fallout might take the form of a series of massive jumps.

Think about a medium-sized business that’s been around for 30 years, and all the different tech systems they use. They’re still using HR systems, payroll systems, and lots of other infrastructure that’s relatively outdated compared to what’s available today.

Punctuated Equilibrium is where species jump ahead suddenly.

They knew about these new technologies, and they told themselves that they would have loved to deploy them if they were starting over, but there’s just too much momentum in that ancient system they’ve been using forever.

Well, this might be that chance to start over.

Many businesses will close forever, but I think many more will basically condense into a tiny form of themselves, with maybe 50%, 25%, or 10% of what they used to have. But then they’ll rebuild relatively quickly.

And maybe when they do that re-expansion, they’ll do it in a new building.
Maybe they’ll use a bare-bones, all-in-one, tech-based HR solution instead of the legacy stuff they were using before.
Maybe they’ll do fin-tech banking instead of their local credit union that their grandfather started with.

It seems like there are myriad examples of this for businesses of all types.

It’s like a large forest fire set off by a lightning strike. And where the green that shows up afterward comes quickly, and with a sense of purpose.

I bet there’s a whole field of expertise around this, and I’d like to read a couple of books written by experts in such a field. It seems to be some combination of history, economics, and business.

If you have any ideas on how this might manifest, let me know.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

Exponential, Epidemic, Endemic, and Pandemic are words we’re hearing a lot now, and they can be confusing to people without previous experience.

Here are their definitions—with an example of each.

An Epidemic is an increase in occurrences in a given area, e.g., a lot of people getting a particular cold virus in Hackensack, New Jersey.
An Epidemic is when an Epidemic spreads throughout the world, e.g., the Flu pandemic of 1918.
Something being Endemic means it’s a permanent feature of a group, e.g., Chickenpox is endemic in the U.K., but Malaria is not.
And Exponential growth means that the amount of growth something experiences is related to how large it is already. So in the case of growth, the bigger it gets the faster it grows, e.g., exponential growth of the number of people with the flu during a pandemic.

So an epidemic is just an outbreak of instances of something, and it’s confined to a particular area. A pandemic is a world-wide epidemic. And endemic means something is now a permanent part of a population.

Exponents also become more dramatic depending on the size of the base.

Exponential is the interesting one. A lot of people believe it means that the number is multiplied by an exponent, like, 1203. But what it actually means is that the growth rate depends on the current size.

So if you have something growing at a 15% rate, that starts as 100, the next time you measure it’ll be at 115. And if it’s growing at a 100% rate, then the next time you measure it’ll be 200. And in a very short amount of time you can have insanely large numbers.

Exponential growth can be shocking to people who’ve never seen it.

For example, how much money do you have if you start with a penny ($.01) and double it for 30 days?

It’s not some high number like $500, or even $1,000, or even $100,000. Nope…

It’s $5,368,709.

You can also have negative growth.

That’s why exponential growth is such a big deal. It’s not just the amount that it grows by—it’s that the previous total is then used as the new base.

Summary


An epidemic is a fast increase in instances in a particular area.
A pandemic is a worldwide epidemic.
Endemic means something is permanently part of a population.
Exponential grown means the speed of the increase gets magnified as it becomes larger.


Notes


Wikipedia’s definition of endemic. More
Wikipedia’s definition of epidemic. More
Wikipedia’s definition of pandemic. More
Wikipedia’s definition of exponential growth. More

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

At the time of this writing, the planet is facing a rare, global challenge to its fortitude and composure. There is a new virus moving through populations where the details are uncertain, and many of the world’s top authorities have started switching their narrative from containment to mitigation.

That’s clearly bad, but how bad is it? And what should we do about it as groups and individuals?

The narratives from our core media—and especially in social media—have come in two, polar opposite forms.

This is no different than diseases we already face on a daily and yearly basis. There’s nothing to worry about! If you just go about your daily routine everything will be fine.
This is the big one. It’s killing so many people! Don’t believe anyone who tells you to be calm! Stock up as much as possible and prepare for the absolute worst.

The thing about reality is that it doesn’t care about narratives or positions. It doesn’t choose between one human-described extreme or the other. It usually lives happily and awkwardly in-between.

Luckily there’s a mindset that’s ideal for this not-so-neat reality that we usually face, and it’s called Stoicism, or—more generally—Resilience. There is much to be said about this approach to life, but one great capture comes from Seneca:

It does not matter what you bear, but how you bear it.

Seneca

Stoicism is normally thought of as an ancient philosophy of not caring when bad things happen. But it isn’t actually about not acknowledging bad things, or not caring about them, or not reacting to them.

Stoicism is about reducing our negative emotions related to negative events so that we may endure them, persevere, and become stronger on the other side. It’s about acknowledging that bad things happen and being mentally prepared to handle them when they do.

Stoicism also stressed knowledge in addition to resilience. Becoming overwhelmed by challenges was to be avoided, but so too was ignorant bliss. But somehow, these seem like the only two options we have.

Our media are offering a false dichotomy of panic or denial. Prevention or Pandemic.

Security is a portmanteau of two Latin words—se, which means without, and cura, which means worry. It literally means to create an environment free of worry.

We don’t have to make that choice. Not with the spread of disease, and not with other types of security either.

Is terrorism an imminent threat or more like a meteor strike that you shouldn’t worry about? Is it possible to prevent the hacking of your business, or is it foolish to even try? Is it the end of the world if your private data is stolen, or is it not worth protecting that data in the first place?

When it comes to security, everywhere you look you see people trying to yank opinions to one extreme or the other. They’re either over-indexed on prevention, or they think apathy is a solution.

Resilience is a better way that’s guided by both knowledge and fortitude.

Resilience says yes—it’s best to prevent terrorism attacks, but that’s guaranteed to fail in many cases. But we can adjust our security based on the new attacks and we are a strong people. Our country will be ok.

Resilience says yes—it’s best to prevent cybersecurity attacks, but our business is still likely to get hacked. We’ll improve and move on, knowing it’ll eventually happen again. Our business will be ok.

To bear trials with a calm mind robs misfortune of its strength and burden.

Seneca

And Resilience says yes—it’s best to prevent new diseases from spreading, but sometimes we can’t. We already live with lots of diseases that unfortunately kill a lot of people ever year. We will adjust to this one and improve, knowing that it’ll eventually happen again.

We. Will. Be. Ok.

Don’t let yourself into the trap of picking between prevention and panic, or doom and denial.

There’s a middle ground that’s far more healthy, which is greatly needed at this moment.

Resilience.

As Nassim Taleb said well, our goal should be:

…to transform fear into prudence, pain into transformation, mistakes into initiation, and desire into undertaking.

Nassim Taleb

Yes. It’s bad. It will be disruptive.

But it’s ok. No matter its impact, we’ll get through it.

That’s what we do.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

It seems like there’s a pattern when it comes to telling the difference between healthy and unhealthy things. It’s something like:

Extracted versions of healthy things tend to be unhealthy.

There are countless examples.

Corn vs. Corn Syrup
Sex vs. Porn
Social Approval vs. Social Media
Public News Channels vs. News Entertainment
Books vs. Reddit
Vegetables vs. Refined Sugar

Another thing these have in common—beyond just reduction—is speed. Natural versions of things tend to be slow, while modern and extracted versions tend to be fast.

For food this stuff is pretty straightforward. And there’s even a metric that tracks pretty well to natural and healthy foods vs. modern and unhealthy alternatives: the Glycemic Index.

These thoughts are what happens when you read meditation and health food books at the same time.

The body has a speed at which it prefers to absorb sugar, which has been imprinted over tens of thousands of years.

But what about meaning and happiness? It seems to have a similar mechanism.

Maybe this is why so many people enjoy slowly and manually cooking their own food—in their own kitchen—rather than microwaving something or eating out. Sure, you can make higher quality food if you do it yourself, but there is something about the elongated process that enhances it as well.

Maybe you’ve heard of the weird San Francisco types getting into Dopamine Fasting. That sounds familiar.

Many studies show that if you remove sugar from your diet you quickly see the nuance in foods that are less sweet, and come to enjoy them more.

They’re basically trying to reduce the amount of pleasure/stimulus they take in, and reduce the speed with which they absorb it. All so that they can better enjoy the inputs they do receive.

It seems the underlying theme here is not really dilution vs. extract, or slow vs. fast—but some combination of the two. Or rather that those tend to pair with each other.

So what’s a practical takeaway from this—assuming it’s true? Maybe it’s something like:

With food, mostly eat things that are less sweet and that take more time to digest
With inputs, mostly consume things that are in-depth and slow-building, where the wisdom seeps in vs. being delivered as a pill
With happiness, work towards long-term goals that trickle in the rewards over years and decades, in small doses, rather than chasing intense short-term milestones

Green salads vs. meat and dessert. Books vs. TV. Practicing an altruistic craft vs. seeking attention on Twitter.

So that brings us to three potential criteria for choosing inputs and pursuits in life.

High in quality
Takes time to create and/or consume
The benefits are spread over time rather than all at once

This seems like an interesting approach to building life systems that generate long-term health and happiness.

Notes


At some point I’d love to assemble a giant collection of examples of diluted/extracted and slow/fast things in the world. Foods, experiences, pursuits, goals, payoffs, etc.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

I just realized something today, and I want to share it in its raw form.

I’m angry with San Francisco because it has turned me into someone who can walk by a suffering human and pretend not to see them.

I have always looked down on people capable of doing that. And now I’m one of them.

I pass ten people an hour who are suffering from drugs or mental illness, and who clearly need help. A few dollars could absolutely help them in that moment, at least a little, at least for a few minutes or hours.

But I give money to one out of twenty—based on some internal Robin Hood scanner that detects a threshold of Pure Suffering that I made up in my own head. It feels good to use that test and to see the light come back green. It feels good to give. But even having such a test is disgusting. And meanwhile the other nineteen people get ghosted.

So I’m mad at San Francisco.

But is that right? Is that really who I’m mad at?

I’m more mad at myself. For allowing myself to become someone capable of ghosting someone in need.

But then I work through that.

I pay lots of taxes.
I’d happily pay more if I thought it would help.
Who abandoned these people?
Why don’t they try harder?
Reagan was a monster for shutting down the mental hospitals.
I hate the big pharma companies.
I hate the city for tolerating this.
I hate myself for not having a solution.

San Francisco is a perverted caricature of kindness. It’s about helping the unfortunate the way Stalin was about equality and solidarity.

The price of Stalin’s purity in the city was Gulags in the country. And the price of San Francisco’s moral cowardice is city streets overrun by a zombie population that the thriving pretend are invisible.

How broken are we as a society that we can carry on a normal conversation while ignoring the abject suffering of fellow humans? After a few days the shock wears off. After a few months you hardly notice. And after a couple years it’s like they’re invisible.

Shame on us. Shame on me for being one of us.

I grew up in the East Bay, and I used to very rarely see homeless people. Outside of San Francisco I generally help. Probably 80% of the time, depending on circumstances. And it makes me feel good.

My life philosophy demands that I do. So little of what I have could do so much for someone else. It’s just math morality. I am compelled. As a matter of life choice.

But in San Francisco I would go poor trying. And even worse there wouldn’t even be much acknowledgment in most cases. There’s no cosmic exchange of kindness. Only a mark getting tricked into parting with a small amount of coin.

So now I get confused for a tourist, because locals don’t give money to the regulars on the street.

Amazing. How fucking cynical do you have to be to write such a hideous sentence?

Like I said—I’m angry.

I’m angry with San Francisco. I’m angry with myself. I’m angry at the people on the street. I’m angry that nobody is taking care of them. I’m angry that I’m part of that nobody.

It’s not like the solution is hard and I can’t do it.

It’s functionally impossible.

What’s the solution?

Anyone who’s suffering on the street, determine if they are mentally ill, on drugs, are fully functional and got shafted by the economy, or if they just decided to abstain from the capitalist grind.

Build hospitals for the mentally ill. Get the drug addicts into programs. Help the temporarily homeless get shelter and support and a new job. And tell the hippies that they have to get off the streets?

I have no idea what to say to someone who could work but doesn’t want to, and who tells you it’s a free country and they choose to hang out on the sidewalk. On one hand I am all about artists exploring the raw world, and I embrace their journey. On the other hand I’m like, “Get a goddamn job like the rest of us. Nobody you see walking past you actually wants to be working; they do it because they have to.”

Anyway, doesn’t matter. I think the percentage of those types in the San Francisco homeless population is probably extremely low. Most are legit suffering for reasons out of their control.

I just don’t see how we’ve come to this.

A slow-moving army of zombies. Thousands of them, all over the streets. Screaming outbursts. Needles everywhere. Human feces on the streets. And people just pretend it isn’t happening.

It’s fucking surreal.

Not that it’s happening. That it’s been normalized.

Bernie can’t solve this. Hell he’d break it even worse I think.

And Trump would just scoop everyone up and dump them in the ocean. Or in prison.

I don’t see a solution from any candidate in any party right now.

So I’m mad about that too.

I’m just mad.

This is not how any of this is supposed to work. Not in one of the richest cities on the planet. Not anywhere.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

It’s strange to think about, but both the extreme left and the extreme right tend to be populist in nature. That’s not always true, but it’s true now with candidates like Sanders and Trump.

What makes them populist is not any particular policy, but rather a narrative that says the everyday person is being trampled upon by the elites, and this candidate—whether that’s Trump or Bernie—is meant to be the strength that stops that from happening.

In Trump’s case, he says it’s the liberals and elites and silly government that have become the oppressors. They’re the elites. They’re the ones who’ve damaged the fabric of the nation that used to prioritize the everyman. And he’s going to make things great again.

That’s a clear narrative. And a populist one.

For Bernie it’s even more clear. There’s too much separation between the rich and the poor. Billionaires are paying way too little in taxes. Healthcare costs too much. Etc. Etc. Basically the rich are thriving, and everyone else is suffering. And he’s the guy to turn that around and make the rich pay their share and bring prosperity back to the masses.

That’s a clear narrative. And a populist one.

In my mind, both are broken for different reasons, but I’m not interested in talking about overall policy here.

What I’m interested in is something I hear from Elizabeth Warren, which is someone who looks perilously—if I were her advisor—like a light version of Bernie.

One of her main narratives, which is either implied or explicit in both Bernie’s and Trump’s rhetoric, is that you used to be able to thrive on a single basic salary, and that we need to return to that.

In this way, quite ironically, she and Bernie are actually talking about making America great again too.

They think the problem is corporate greed, Malignant Capitalism, wealth inequality, and all the boogeymen of the left. Trump’s version of this is even more based in fantasy, becuase it’s about bringing human manufacturing jobs back to prominence, and back to America.

They have different ways of getting there, but both are making the critical error of not realizing that something fundamental has changed between 20-60 years ago and today.

The story isn’t that Leftist Elites have given away all the good (white Christian) Americans’ jobs. And it’s not that Corporate Greed has sucked the life force out of everyday jobs that used to support an entire household.

The real story, and the reality that we must face as a civilization, is that most human work is simply less valuable than it used to be due to automation.

Yes, a minimum wage job used to support a household. Yes, there used to be tons of manufacturing jobs that paid quite well and supported entire communities. But those were not stripped away by the evil genius political machinations of the opposition.

They were stripped away by progress.

American manufacturing is actually quite healthy; it simply needs fewer humans to function. And those minimum wage jobs are still there; they just don’t pay as much anymore.

Political policy does not have the power to oppose the economics of technological change, and it’s foolish to try. Repeat after me.

Automation is reducing the value of human work.

Automation is reducing the value of human work.

Automation is reducing the value of human work.

This is the truth that any clear-headed politics must deal with, and that’s why I was such a supporter of Andrew Yang. He actually called this out as our primary challenge going forward, and was looking for ways to address it.

Bernie, Warren, and Trump are all trying to make America great again by returning to the past, but that’s not the way time works.

Time moves forward.

The only way to make everyday jobs great again is to make automation shitty again. And that just isn’t going to happen.

Anyone serious about fixing things for the average worker needs to find a way to provide them both income and meaning in a world where the types of jobs they used to do are no longer valued as much.

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

.errordiv { padding:10px; margin:10px; border: 1px solid #555555;color: #000000;background-color: #f8f8f8; width:500px; }#advanced_iframe {visibility:visible;opacity:1;}#ai-layer-div-advanced_iframe p {height:100%;margin:0;padding:0}

—

If you get value from this content, you can support it directly for less than a latte a month ($50/year) which also gets you the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

Negotiating how much you make at your jobs is one of the most important things you’ll do in life.

This structure applies to many salaried positions but usually not jobs that pay hourly.

Unfortunately, many are quite unprepared for the process, and that starts with not realizing there are multiple layers to a complete compensation package, with salary being only one of them. I decided to go ahead and write this piece after seeing a number of Twitter threads where there were vast ranges of compensation for similar jobs, and realized that I could possibly help with awareness.

The key thing I want you to take away from this piece is that you need to be negotiating Total Compensation—not just salary—for your next role.

The technical term for compensation is actually remuneration (re-MOON-eration), which people invariably pronounce as renumeration (re-NOOM-eration).

Ok, now that you know that Total Comp (as they call it in the biz), is about a lot more than just salary, let’s look at the individual pieces. You can think of Total Comp as having the following 8 components. Yes. 8.

Sign-on Bonus: Your sign-on bonus is a cash amount you receive immediately after starting, but it’s often broken into two or more pieces. For example, one half after 6 months or a year. A decent sign-on bonus would be something like 1/4 of your first year’s salary, and a great one would be half or more. Keep in mind that bonuses are taxed like gifts, which means you only get a bit more than half.

Sign-on RSUs: Sign-on RSUs are an extremely important component of your compensation package. This is often the most important chunk of equity you’re getting in the company, and could even drive how much you get in the future. Use your research to determine how much it should be, but the range should be somewhere between 2-4X what you make in salary.

Salary: While the whole point of this article is to stress how salary is just one component of overall compensation, it’s still a crucial one. Salaries pay bills, while RSUs, raises, bonuses, and other types of compensation are a lot less tangible. Salaries are often the most regulated and restricted within companies as well, so you can’t easily ask for something 1.5 or 2 times higher than is being offered. The only exception to that is if you happen to know that those numbers are possible but simply aren’t being offered to you. The best advice is to 1) find the bands for your position if possible, 2) do your research on what others are making in similar roles, 3) ask for the top of the band, and 4) if they’re still not getting close, tell them that you just need to be slotted as a higher position to get you into the salary range desired. Finally, if they’re unable or unwilling to budge, either get that extra amount through another part of the overall package, or tell them you’re not interested.

401K: Many companies in non-growth industries don’t have RSUs as part of their compensation plan. For those industries, one of the most important aspects of your compensation is your 401K, which is basically a way to stash away money without it being taxed when it gets withdrawn. What you want to look for here are 1) does the company have one at all?, 2) do they do matching?, and 3) how much matching do they do?, and 4) do they allow matching beyond the no-tax limit?. In general the more matching they do, up to higher percentages of your salary, is better. And if they do so above the no-tax limit of around 18K/year, that’s even better.

Some companies adjust compensation quarterly rather than annually, and this is especially popular in sales-oriented jobs.

Raises: Raises are usually given anually, and they tend to be fairly locked down as well. They’re usually based on some combination of your performance (merit), the performance of your local team, and the performance of the company overall. Again, try to find out as much as possible about what’s normal for the company, and shoot for the high-end of that. But this is one of the values that’s likely to be fairly static.

Different industries weight compensation to different parts of this stack.

Bonuses: Bonuses are similar to raises in that they’re usually defined by HR for a set period of time for set types of positions, and they tend to not get negotiated much. Just make sure you’re not being offered some bonus amount that’s lower than other people, based on any data you have.

Stock/RSUs: RSUs are where you can make up a lot of ground on salary and bonuses if those aren’t as pliable as you’d like. Companies often have far more freedom sweeten deals with stock than any other component. If you feel like you’re significantly low on salary, see if you can get where you want with more stock. Also keep in mind that there are different types of stock-based compensation, and that RSUs are generally preferred. Finally, do keep in mind that stock is only as valuable as the company is, and that depends on many factors. The leadership, the product, the economy, etc. Factor that all in when you’re thinking about how much value a company’s stock has relative to salary.

Pay inequality is a big problem in tech, especially for underrepresented groups like women and minorities. The best way you can help is by sharing yours. I’ll go first.