In January 2024, my comfortable tenure at Equal Experts came to an end and I went from 6 years of being a Java/Scala/AppSec consultant to being a head of engineering at a Middle Eastern fintech. This piece of writing explores what this means. I had been a tech lead before and certainly had plenty of experience of sitting at the table where decisions are made and have never had any qualms about sticking my beak in where it might not belong.

Have you ever struggled to find time for a workshop or a decent conversation? Because when you open your calendar it looks like this? Is it full of 1:1s Status Update Calls Readiness Calls Syncs Standups Project Updates Weekly meetings Biweekly meetings Sometimes it feels like “am I even doing any work”? I jest of course, because all these things are important. Without 1:1s we can’t build personal relationships, which helps us find the person behind a role.

I. Want. To. Scream. Not so long ago, I reviewed about 1,000 CVs (resumes). 500 for a frontend developer position, about 500 for a backend developer position. You might think I was crazy, why don’t I let an agency do the sifting for me? Well, that wasn’t the thing that made me scream. I spearheaded an initiative to reduce the TCO by 10.35% Or some such drivel. “Spearheading”. What is it with that word?

This post is all about sustainablity. And communication. And agile. Let me start from the beginning. I’m sat on the train, coming back from Lean Agile Scotland 2024 and I’m thinking about what I’ve heard, seen and done. The conference was great, and allowed for catching up with old and new friends, finding kindred spirits and having good food. Yes, the older you get, the more important the question of “where shall we eat?

Sheffield is the city of steel, and at the heart of it lies a lovely university building - the Owen building that hosted the North’s premier hacker con And I had been accepted to talk at SteelCon about AppSec and Agile and who wouldn’t want to drive over Snake Pass to cross into the wrong side of the Pennines. [Ducks]. Over the past year, I found myself going to quite a few community infosec events (I did the Northern BSides triathlon last year - Lancs, Leeds and Newcastle) and I feel like becoming part this family and have always felt really welcomed in this anarchic environment where leaf blowers and complaints desks take on special meanings.

After the fantastic experience of speaking at Agile on the Beach 2023 a year before, I was back for more agile. This meant more driving: again I took the motorway barge for the long road trip from the North West to almost the tip of the South West. For international readers, when I say North West, I mean England, somewhere near Preston, and the South West is in pretty Falmouth, Kernow (Cornwall).

Once again, I’m sat at Schipol Airport typing up my thoughts about a few days of refreshing Dutch DevOps Goodness! Ok, I admit one or five alcoholic beverages might have been involved too. This was my first DevOpsDays and it did not disappoint. My day started at 3am to catch a flight at 6am but because I was still awake at 1:30 and had decided sleep is for wimps, I arrived a little bit wired.

Following a quip on LinkedIn about the introduction of Recall in Copilot+ and Kevin Beaumont’s great piece about why this is a really bad idea from a security point of view, I got thinking: This is dystopian techno-fascism Kevin posited a disconnect in Microsoft that led to the creation of this feature and whether people really wanted it. Personally, I’ve got a brain like a sieve and would not know the command line without ~/.

Many conferences have a hallway track, I loved that Agile Manchester had a jigsaw track. The organisers put out a jigsaw on a big table where attendees could mingle over searching through the 2000 pieces and chat at the same time. Such a great way of breaking the ice. And such a brilliant metaphor. A complex task is achieved through self organisation. Teams self-select and offer assistance all without intervention and imposed coordination or management.

When I stumbled across a post that an encryption library offers a potential backdoor to SSH connectivity on Good Friday, my first thought was: why is it always on a Friday that these things drop? And then my second one: oh bugger, here goes my weekend. Now, I won’t go into the technical details, there are many, many, many, many better resources out there, but I can’t help thinking that this would/should force the software industry to think.