These are my personal rules for writing about work in public.
Default Rule
If information is not already public, I treat it as confidential.
Usually Safe
- High-level lessons learned about product, engineering, and operations.
- Public technical concepts and my own opinions.
- Links to already-public Whalebone content.
Do Not Publish
- Customer or partner confidential information.
- Internal metrics, roadmaps, timelines, negotiations, or pricing details.
- Internal screenshots, private tooling details, incident internals, or detection logic.
- Vulnerability details that are not already publicly disclosed.
Needs Approval First
- Any post naming a customer or partner.
- Any post sharing concrete numbers, timelines, or visuals from internal sources.
- Any post where I am not sure whether content is already public.
Review Path
- Manager + Marketing/PR review for sensitive work-related posts.
- Security review when content includes technical security details.
Disclaimer
Views are my own and do not represent Whalebone.