Saturday, December 31, 2022

2022 - Acknowledgement and Gratitude

Thanks to having a blog, I made it a habit to look back at the end of the year. It serves me well to acknowledge the things that happened and also be grateful for having such wonderful people in my life. Especially as 2022 was again a year of manifold global crises affecting people in so many ways.

So, here's my personal review of the past year, by no means comprehensive or overly structured - just taking note of what came to my mind. I'm quite late with doing so this year, a fact that does fit my general feeling for this year very well. A bit rushed, running behind, somehow making it work in the end - and still feeling grateful for all the good parts.

Let's start with work.

  • My dear peers at Ada, especially my teammates and my fellow quality engineers. I appreciate having you every day, and especially when times are hard. Thank you so much for validating me and my expertise, for offering new opportunities to grow, and for your ongoing emotional support, encouragement and kindness. This company and position might not be an easy one, yet you make it worthwhile. I'm grateful. Let's continue using this opportunity to build quality into our products and make them even more meaningful and valuable for people.
  • Having switched companies was quite an endeavor and rollercoaster experience in itself, with all the good and bad and rewards and struggles and ups and downs. I don't regret it one bit! So much learning in here. I posted about some experiences in Onboarding Struggles and Strategies and A Time of Transition - Eight Months on a New Team. There's more to reflect on and share when the time comes. Yet just the mere fact of a new industry and business domain, new company and team, new tech stack and tooling was full of insights and growth.
  • My team is quite big and changed constellation so many times during one year I can hardly believe how much we achieved together. I mean, we had 19 team changes in 12 months - imagine what we could have done based on more stable relationships! Despite all odds, we managed to form a real team, foster our bond, support each other as we go, and learn a lot together. There's a lot to do and a lot of room for improvement - always doing a bit better helped us massively. The team came incredibly far in only one year, and I'm very hopeful for our continued journey together.
  • I personally felt that in certain aspects of whole team ownership I came farer with this team than with all others before. For example, having people take care of testing not only when I'm off yet also for longer periods when I'm around and have a different topic to focus on. This also gave me space to contribute in different ways to the team. Not only figure out further improvements close to testing and quality, yet also supporting development more with investigating and debugging issues, fixing them, or making identified improvements myself. Having this space did not only help increase the team's resilience, it also got me closer to becoming a more full-shaped generalist so I can shape-shift easier, jump to help with whatever needs doing with less friction, as well as fill even more different gaps. Granted, it's also the first time I had gathered as many pieces of the puzzle and every piece is helping me contribute in better ways.
  • I learned to love debugging even more! It's literally a skill I really like to hone, especially ever since a former colleague praised me (the "tester") for even knowing about debugging tools and not being scared to used them, and since Amitai Schleier amazed me back on my #CodeConfident challenge with his approaches that allowed him to figure out the issues way quicker than I was able to. Also last year, debugging brought my developer teammates and me (again, the "tester") together and allowed us to see how we can both contribute our skills there. It's a lovely intersection of investigation and exploration and choosing different approaches and perspectives and, and, and. Happy I could practice it this year in my new team as well. By the way, Julia Evans recently published an amazing zine on the topic, check out "The Pocket Guide to Debugging".
  • As we changed team constellations so many times, there was lots of onboarding (and offboarding) going on in my team. I've been jumping a lot on these opportunities. On the one hand, as I've not been able to spread it as much in the team as I hoped for in the beginning of the year. On the other hand, as it's yet another chance to practice explaining things in simple terms and improving my own understanding. Repetition is great here! And as everyone also asks different questions, there's always something new to learn and take as input for further improvements.
  • With my current team I held back much with formal knowledge sharing. I was quite conscious trying not to overwhelm them with everything else going on. So, I chose to focus on learning and sharing hands-on instead. Always iterating, always doing a bit better. Sometimes it was hard to live with "not good, barely enough"; practiced that as well in favor of more long-lasting change. Also across the company I know I could share my knowledge in more ways. Not that I didn't share any, yet there wasn't as much capacity going into that yet.
  • Lots of pairing and ensembling with my fellow colleagues, as well as working on different technical hands-on topics is what gave me lots of energy this year. I'd really love to see more of that. At the same time, I'd love to see less of the energy drainers this year - less non-transparency, unclarity, miscommunication, constant turmoil and uncertainties where more stability would have helped.
  • Lots of times this year I found myself overwhelmed, self-doubting, low on energy, always running behind, rushed and driven by external forces. I got personally challenged quite a few times throughout this year by different people. Sometimes I dealt with this better, sometimes not as well. Same with keeping my own boundaries. Especially when it comes to keeping my energy levels in check I struggled. I tried a few different things, some more successful than others. I took up personal coaching again to help me see different options and perspectives. I really would like to stay ahead of things again, realizing closer to the moment when things are going sideways and I should step back and recharge. I also practiced saying no to what drains me and more intentionally say yes to what gives me energy. Such a hard yet rewarding thing to do. All this again will help me cope better with unexpected things - those will always be there, it's life after all. Taking care of myself will also help me take care of those in my care better.
  • I practiced giving feedback, on different levels. Personal conversations (like the classic "the term guys is not gender-neutral and here's how it impacts me when you make this word choice"), as well as public praise of people showing behavior I'd like to see more of. Team feedback, in retros, with my managers, and more. And organizational feedback to senior leadership, especially on unhelpful cultural patterns I've observed over the year. I started asking for feedback as well more - another topic to practice more frequently. Finally, I also practiced receiving feedback, acknowledging it, and then making intentional choices what to act on and how.
  • I have learned a lot about leadership over the past years. Nearly every day this serves me really well. In specifics all the things that my dear former colleague Shiva Krishnan and I put together for our leadership workshop series last year. It helps me thinking and choosing strategies and approaches for specific situations. Whether I had picked the "right" one is hard to tell within the situation, sometimes we realize its impact only in hindsight. Yet just having a few thinking tools to help reflect and widen my own perspectives helps massively.
  • I observed several former teammates from my previous company continue growing and going their own way. Be it getting promoted and taking on new responsibilities, or changing companies to pursue their goals, or daring to create content for the wider community, like my dear former colleague Mateus Ferreira DurΓ£es. This is just awesome, one of the best things to see!

There's more than work, of course.
  • I honestly have the best cheerleaders of the world, and I'm super grateful. Way more people than I can name here. Whenever I share something good or bad, achievements or failures, lots of these people regularly make my day. Just showing that they are there does! Honestly, I believe we need to be there and cheer for each other more, it can't only be me who desperately needs this kind of encouragement. So, something for me to do more next year!
  • After many years I saw my learning partner Toyer Mamoojee in real life again! I cherish all our calls, yet seeing someone you worked with for over six years in person again is just amazing. Thanks Toyer for being on this whole journey together with me! I doubt I would have managed as much over the last years on my own. Thanks a lot for being in my life.
  • A new pact was born! After a break of a few years, Toyer and I finally agreed to a new deal as learning partners. I'm super excited (and scared again!) for this new personal challenge for 2023. My focus will be on all things application security - and luckily, it's going to be fitting really well with my work context. Really hope for more synergies and even more learning in this vast area of expertise.
  • I finally managed to unlock an achievement this year I waited for quite some time: I gave my first full day conference session this year! Thanks a bunch to Toyer Mamoojee and Agile Testing Days for making this happen. After many plans in the last years for full-day sessions, none of them became reality in the end due to lots of reasons. Yet Toyer's and my tutorial "Let’s lead quality together!" was finally it.
  • For nearly the whole of 2021 I had paired with Shiva Krishnan at my former company on a series of leadership workshops. We had built on a concept that Shiva ran a few times successfully already, decided to revise it completely - and something meaningful emerged. This year, being now at different companies, we brainstormed how we can bring these leadership concepts to the wider community beyond company boundaries. And we made the first step happen by giving a talk about our pairing journey and what helped us make it a fruitful one - the "Human Connection: The Key to a Beneficial Pairing Experience". Thank you Shiva for staying with me through all ups and downs!
  • I've again had the honor and privilege to speak at a bunch of conferences this year, as well as appear on other formats. It's been 15 sessions overall for me! Really glad to be able to give back to community, learn a lot from my peers there and connect with people. I also got to know a new conference with SoCraTes (finally made it there)! Especially grateful for Nicola Lindgren to recommend me to Scott Hanselman on the Hanselminutes podcast, for Janet Gregory and Lisa Crispin for recommending me to Henry Suryawirawan for the Tech Lead Journal podcast, and for them also to have me on their own Donkeys & Dragons series. I'm also really grateful I already have few events lined up for 2023 as well. More to be revealed, stay tuned.
  • I wrote a few more blog posts this year again. Still usually bigger ones and hence not too many, yet with this being the 13th post I've published more of my writing again compared to recent years, and I'm glad about it.
  • I reviewed and copy edited two books. One was the super cool collection of "How Can I Test This?" by Nicola LindgrenMike Harris, Suman Bala, Philip Wong, and Shawn Shaligram - thanks for having me! The other one was fiction - the fifth novel written by my best friend Marlene Guggenberger I'm so very proud of and who continues to put her trust in me. And I also want to thank my dear friend Thierry de Pauw for asking me for my thoughts and listening to them on several of his recent articles (they are amazing, check them out!).
  • Samuel Nitsche was so kind to reach out to Vernon Richards and me to check our interest to start a code reading club together. Absolutely yes, we were interested indeed! We've been so lucky that a bunch of awesome people joined in as well. It's a wonderful small group to practice in, and the sessions we had were a safe place to share and learn with each other. Special shout-out to Felienne Hermans and Katja for their inspiration on code reading clubs!
  • Remember the Testing Tour I've been on in 2018? Peter Kofler and I are pairing ever since on security testing, roughly once a month. Really grateful he's on this journey for so long with me! And there's always so much more to learn in this area.
  • I'm part of a power learning group that Toyer and I had started years ago. Unfortunately, in the past years we all lacked energy to continue our regular calls and stay in close contact. This is one of the things I'd like to see if more people have the appetite to revive it again. Really missing these people.
  • A few people reached out to me and thanked me for something in the past where I had helped them. Wow, what a feeling! It was a tiny thing in the past like providing a few thoughts on a question, for some it literally meant the world and had way more impact than I imagined. This is so encouraging to keep on doing this.
  • The whole Twitter situation has been incredibly sad for me. I owe a lot to this platform and the communities I've found there. I am really glad that other platforms do exist and communities can move, and still, it's personally really sad. I know it's way worse for many others who depend a lot more on this platform and specific communities there that won't be found any place else. I am very grateful for my privilege to be able to quite easily move to Mastodon where I found lots of people old and new.
  • For lots of things I want to improve on and allow myself to go in small steps, I try to find habits that work for me, mostly small daily habits. You know, really small steps, yet consistently. This year I did not take up a personal challenge at first as I was changing jobs. Checking in again with myself after the probation period passed, I realized things had been too hectic during this period and I needed a bit more time before I can really focus on a new challenge. Hence, I decided to add to my list of daily habits instead. I wanted to brush the dust of a few things I enjoy yet mostly didn't make time for anymore; recovering lost language and drawing skills, moving more, and the like. Oh my, did my habit list grow! On some days it's been honestly a lot, wouldn't recommend adding so many at once, and also not in several batches. Well, it still forces me to integrate them more smartly into my everyday routine. Yet overall, I'm happy with myself that even the youngest of these habits crossed the 180 days mark.
  • I've restarted a few things this year that I did a lot in the past. As mentioned already, practicing another language again (besides English). Drawing again (it's been ages). Getting myself a new bicycle and actually taking it for a ride (even longer ago). And also: finally restarting one of my most beloved activities in my free time: indoor volleyball (yep, not that easy in pandemic times). I deliberately tried to set aside time for these things and I don't regret it one bit.
So, looking back and summing things up for myself, I'm content and I'm grateful. Things are as good as they can be right now. I'm personally in a luxury position, being as privileged as I am. No, not everything is going well, I have my own share of struggles. And still. There's opportunity to keep things as good as they can be, and in some points they can also get better. For me, for others around me, for everyone. Let's always remember kindness and move forward together.

Life is good. Not always, but it can be. I'll try to make every day good enough, and enjoy it.

Tuesday, December 20, 2022

New Year, New Pact - Time for Another Personal Challenge

 Finally, it happened again: a new pact for 2023 had been born! If you're following my journey, you know I've done four big personal challenges so far, learning in public outside my comfort zone. In 2017 it was all about conference speaking, in 2018 I went on a Testing Tour, 2019 was focused on becoming #CodeConfident and in 2020 I set out to share #SecurityStories.

2020 was also the year I decided to pause my personal challenges due to so many other things happening, both in the world as well as in my career. In the past two years I've been working very intensely with two teams at both my former as well as my current company. Now that I'm settled in, I do need more stability in my relationships to ground me and navigate uncertainty and change from. This is what I expect and hope from 2023 and will do my best to make happen. 

With all that in mind, last Friday it was finally time to sit with my learning partner Toyer Mamoojee again and strike a brand-new pact, just like we did for the first time back in 2016. This time, while our endeavors have a different focus, we indeed even have a common theme again!


Brainstorming

Like every year, I took note of potential topics for a new pact and personal challenge over the course of the year. Anything that came to my mind, anything that intrigued me to invest more time on, and especially topics that scare me. Why that? To get out of my comfort zone and grow. It's been a common theme since I started with my personal challenges and while these are indeed challenging and scary, they got me far. So: scary it is again!

Here's my quite raw and only minimally edited list of ideas for 2023, with points noted down as they came to mind without re-ordering.

- open source contribution
- security
- accessibility
- app development
- call for weekly 90min ensemble creating an open source app together
- a project a month
- build intentionally insecure mobile app for practicing
- "everyday security" series
- "accessible security"
- asking for help; see Ady Stokesidea: "Maybe your next tour could be asking for help?"
- initiate pairing / ensembling with others
- deep dive focus weeks: learn foundations for a topic and share - deepen my generalist me
- series of how I test things, especially backend etc.
- anything that contributes to my vision of systemic inclusion and growth?
- feeling I'm doing the same over the past years, over and over again, also re-using a lot of what I've built before; yet there's so much more to learn and grow into, like Maaret continually does, expanding (see alos when she shared "When I do #ExploratoryTesting, I have hundreds of options I can generate on the fly. I’m again appreciating that some people see barely one option and we need to teach how to generate options.")
- do something I haven't done before, truly grow again; I've used lots of approaches the last years that had worked before, just built on them and refined them; yet didn't really reinvent myself anymore
- really do need my own topics again, not being driven from conference to conference alone, neglecting my goals and blog
- bug stories / debugging stories; maybe similar to 
Valerie Aurora's systems programming stories
- similar to observation notes taken at work: take live notes while working hands-on to convey approaches and thoughts
- how about: tackling any security practice challenge I come across, take notes as I go and publish them, join the community (actively!) and ask for help and pairs to work with (doing what scares me, joining this community always did, also asking for help)
- security could be complemented with at work practice and pairing with security folks
- accessibility could be covered by work initiatives; honing development skills could be combined with security or run on the side
- security makes a good talk / workshop topic as well, and grows career options
- join security conference
- with security I would pick up the theme started in 2020, revised
- theme for the year and overarching experiment worked better than having to come up with something new all the time
- a lot of brainstormed topics could just be smaller blog posts without such a big commitment (even recurring as series like my conference reports): how I test, debugging, bug stories, learning topics, etc.
- asking for help and security doesn't exclude each other either; security was scary enough I didn't join a community last time; could be practicing asking good security questions
- really about the question what scares me most that also grows me in the direction I want to grow (e.g. solo open source contribution might or might not help)
- I'm fueling my generalist skills every work day, I'm on it already, not scary
- what scares me most is security and building things
- could use Tanya Janca's Cyber Mentoring Monday
- join OWASP chapter
- use training budget to go on security conference
- mobile security would be new angle and relevant in AppSec
- nothing is as scary as showing my face in front of security people and communities
- joining and actively participating in at least one security community will let me understand application security better and allow me to solve five mobile security challenges
- practice debugging strategies and approaches (like Julia Evans shared), exercises; fixing bugs in unknown systems (hence requiring investigating and learning the system)

Now, what do you think made it as my chosen challenge for next year?


My Pact for 2023

My last personal challenge was on the topic of security, and I stopped it in favor of more important topics emerging in 2020. The topic is by far not over and I continued keeping it in my head for the next years, always growing myself a bit further. Still, it's a huge area and requires more focus to dive in properly. So here's what I'm setting out to do in 2023.

The challenge: Application security is my focus - especially everyday hands-on practical situations when designing, developing and building a mobile app. For security in general, the main reasoning from back in 2020 why security is scary remains. Yet I learned that security just like development is a team sport. So on top of the general scariness of the vast security field, my challenge now also includes people - especially joining new communities, as well as asking for help and feedback. Yes, I've done that in other areas in the past, and yet for security this feels different. This is a jump I didn't manage yet, as much as I'd like to. So yes, scary. 

The hypothesis: I believe that joining and actively participating in at least one security community for a period of six months will increase my understanding of practical application security in everyday work situations. I've proven the hypothesis when I have...
  • solved five mobile application security challenges,
  • explained how I solved them, and 
  • asked community members for their review and feedback to learn from.

The experiment: To prove or disprove the hypothesis, let's get more concrete.
  • I can join one or more communities, yet it's about staying six months and actively participating in any of them.
  • Challenges could be a variety of practice exercises on topics like threat modeling, SAST activities, security testing and more - as long as they would help me in everyday work, hence the focus on mobile.
  • Mobile application challenges cover the whole mobile system and architecture, including backend services.
  • To explain how I solved the challenges, I will write blog posts. I will edit my explanations based on the received feedback.
  • People to ask for review or feedback could come from the communities I freshly joined or the wider global community - yet it should be people I don't know in person yet at this moment in time.

Time line criteria: It always proved valuable for me to think about when to start, when to pause, when to stop.
  • Start: I will start only in 2023 as there are more todos on my desk before and I want to dive in with more focus.
  • Pause: Whenever I realize I neglect the self care I committed to (for three years I'm now using those defined in my last challenge), I pause for the week and take care of myself before continuing with the challenge again.
  • Stop: It's time to stop my challenge and evaluate my experiment overall when I've either proven the hypothesis or ten months have passed.

The Tag: I've made good use of a short identifier to be able to easily refer to my challenges. This time I thought about going for #LearnWithAppSecPeople. While it's not short like all my past challenges, it's expressive enough and not in use yet. And then I discarded the idea for not being snappy and sticky enough and went instead for #AskAppSec. Short and again an alliteration, what would be the chance!

That's it! Yet I'm already working on my security skills, so what exactly is scary here for me again? People, new communities, asking for help. Feeling inadequate and fearing I won't belong as much as I hope I would. And security being such a vast and complex field it's easy to feel very dumb, so building more confidence to be able to figure this out is required.

So, what's in it for me? I hope to increase my confidence, hone my skills, grow my understanding, increase my career options, grow in general thanks to scary things and new people, and also to apply my gained knowledge at work.

I shared that Toyer has a similar theme - and yes, he's now also focusing on security, eager to learn more. I'll leave it up to him to share more detail if he wants to, and if we're all lucky his journey might end up with a talk out of his lessons learned. What helps both of us is that security gained importance in both our work contexts and we're both hoping for certain synergy effects.

There's More for 2023

Although speaking itself won't be my priority next year, I will continue speaking at conferences, to keep learning together with various communities, and also create at least a new talk. I will start new initiatives at work, trying my best to use the foundations built this year to help us thrive more next year. I'll also try and continue not to forget myself and the rest I need next year - keeping my boundaries and energy levels in check as well as exercising self care.

It's not going to get a boring year, it might get busy. And still. I'm truly excited (and scared enough) for this new pact and challenge!