I’ve been wondering why startups take a different approach for the initial grants in year 1 vs refresh grants in years 3–4+? That is, when you join you get a big grant in year 1 with no more grants for 3–4 years. But once you start getting refreshers, you often get smaller annual grants (that still vest over 4 years) instead of another big grant.

From the employees’ perspective, it would be much more exercise- and tax- efficient if instead of “a new grant every year” (with an increasing strike price) we were given another large 4 year grant with…

I was recently asked to prepare some statements for new hires at my company about engineering growth.

What does it mean to grow as an engineer?

This is a very personal question. The “right” answer seems to be “to increase your impact”. In reality, this often means working on projects with larger scopes that cut across multiple teams, doing more collaboration or systems design/architecture, and frequently less deep dive coding. But, just like not everyone wants to go into management, not everyone wants to coordinate across 3+ teams to get something done. That’s what makes this personal. Fortunately, especially at…

My wife has started a women-focused coaching business, particularly around helping her clients improve their writing and communications. ( Get in touch if you need help!) Many of her clients are entrepreneurs and the writing is particularly marketing-oriented. This has been fascinating and awesome to watch.

At the same time, she’s going through the entrepreneur journey herself, first by publishing her debut novel and now with the writing/coaching business. …

Protecting Single-Page Apps like Angular, React, Vue, or Meteor from CSRF attacks

tl;dr — If your SPA uses a private REST API, use CORS and a CSRF Token header. If your SPA uses a public REST API, use a SameSite Strict cookie for mutating operations (if you only support newer browsers) or separate API security domains (if you support older browsers as well); public API clients just use OAuth Bearer tokens.

The world of web app security is a strange place. It’s a bit like playing whack-a-mole, because one security measure may often introduce a new security hole.

This post walks through the CSRF-vulnerability analysis I did recently for my company, and…

Having chartered and led my company’s “CLI Foundations” team, which built and owns their primary two CLIs, I’ve spent a lot of time thinking about CLI design. So when I stumbled upon this tweet today, I had to jump in:

There’s so much thought and effort put into “User Experience” design for the web UI, mobile experience, etc… but somehow the CLI experience is often overlooked. For companies and products with a technical audience, this is a huge gap in their product offering.

The answer to the tweet’s question, like everything in engineering (and product, and business), is “it…

Several years ago, I discovered that you could buy small businesses from their founders at a reasonable price. The size and nature of many of these companies make them very attractive as “lifestyle businesses”, or businesses that require part-time effort to operate and can yield good-to-high income for the owner’s living expenses.

Why is it that businesses are so much more powerful as cash generators than a “job”? One thought is that you can potentially disconnect your income from your time spent. But today I realized something else:

Its easier to grow earnings for a small business 10–15% year over…

There’s a ton of interesting articles on BiggerPockets about House Hacking. But I hear people saying it doesn’t actually work, or its not worth it, or you can’t literally live for free. So here’s the real-life numbers from my very first house hack, back in 2015.

Numbers at a glance:

  • Purchase Price: We bought the property for $300k with a 10% down FHA loan
  • Rental Income: $1000/mo rent from unit 1 and $1100/mo rent from unit 2
  • Mortgage, Taxes, Interest: $1800/mo mortgage (including taxes and insurance)
  • Repairs & Maintenance: A popular rule of thumb is that 1% of the purchase…

The funny thing about increasing your income in a household that’s pursuing Financial Independence is that it works so differently than other households.

If you start a side hustle that earns an extra $500/month, normally you may think “I’m already hitting my savings goals, so I’m free to spend this ‘bonus’ money however I please!” However, because you’re aiming for FI within a certain timeframe, you have to think about the relationship between saving and spending.

Basically, they play out like this:

  • you can spend it all.
  • you can save it all.
  • you can spend some portion of it.


The internet is full of discussions about the new tax law that went into effect for 2018. In particular, people seem to really dislike the new $10,000 cap on State, Local, and Property Tax deductions. The thinking is that this amounts to “double taxation” on anything over the cap, and that’s just not right.

But we should put this in context of the full changes to the tax code. The standard deduction was also increased substantially and, in general, marginal tax rates went down.

So let’s cut through the hyperbole and run some numbers. How does this actually affect your…

Last week I had the free Personal Capital consultation. My “advisor” had run a portfolio analysis based on my aggregated information in the PC dashboard for me and wanted to share the results. I was a bit intrigued with their so-called “Tactical Weighting” portfolio allocation approach and wanted to discuss it here today.

Personal Portfolio Review

To set the stage for the need for Tactical Weighting, let’s discuss a few things that my advisor highlighted as a bit worrisome:

  • cash holdings: I’m holding too much cash for my risk profile, both within investment accounts and in savings
  • geographic concentration: I’m almost entirely invested…

Cody A. Ray

Personal Finance Expert and Investor, Engineering Leader, and Business Strategist

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store