Finally, it happened again: a new pact for 2023 had been born! If you're following my journey, you know I've done four big personal challenges so far, learning in public outside my comfort zone. In 2017 it was all about conference speaking, in 2018 I went on a Testing Tour, 2019 was focused on becoming #CodeConfident and in 2020 I set out to share #SecurityStories.
2020 was also the year I decided to pause my personal challenges due to so many other things happening, both in the world as well as in my career. In the past two years I've been working very intensely with two teams at both my former as well as my current company. Now that I'm settled in, I do need more stability in my relationships to ground me and navigate uncertainty and change from. This is what I expect and hope from 2023 and will do my best to make happen.
With all that in mind, last Friday it was finally time to sit with my learning partner Toyer Mamoojee again and strike a brand-new pact, just like we did for the first time back in 2016. This time, while our endeavors have a different focus, we indeed even have a common theme again!
Brainstorming
Here's my quite raw and only minimally edited list of ideas for 2023, with points noted down as they came to mind without re-ordering.
- open source contribution
- security
- accessibility
- app development
- call for weekly 90min ensemble creating an open source app together
- a project a month
- build intentionally insecure mobile app for practicing
- "everyday security" series
- "accessible security"
- asking for help; see Ady Stokes' idea: "Maybe your next tour could be asking for help?"- initiate pairing / ensembling with others
- deep dive focus weeks: learn foundations for a topic and share - deepen my generalist me
- series of how I test things, especially backend etc.
- anything that contributes to my vision of systemic inclusion and growth?
- feeling I'm doing the same over the past years, over and over again, also re-using a lot of what I've built before; yet there's so much more to learn and grow into, like Maaret continually does, expanding (see alos when she shared "When I do #ExploratoryTesting, I have hundreds of options I can generate on the fly. I’m again appreciating that some people see barely one option and we need to teach how to generate options.")- do something I haven't done before, truly grow again; I've used lots of approaches the last years that had worked before, just built on them and refined them; yet didn't really reinvent myself anymoreValerie Aurora's systems programming stories
- really do need my own topics again, not being driven from conference to conference alone, neglecting my goals and blog
- bug stories / debugging stories; maybe similar to- similar to observation notes taken at work: take live notes while working hands-on to convey approaches and thoughts
- how about: tackling any security practice challenge I come across, take notes as I go and publish them, join the community (actively!) and ask for help and pairs to work with (doing what scares me, joining this community always did, also asking for help)
- security could be complemented with at work practice and pairing with security folks
- accessibility could be covered by work initiatives; honing development skills could be combined with security or run on the side
- security makes a good talk / workshop topic as well, and grows career options
- join security conference
- with security I would pick up the theme started in 2020, revised
- theme for the year and overarching experiment worked better than having to come up with something new all the time
- a lot of brainstormed topics could just be smaller blog posts without such a big commitment (even recurring as series like my conference reports): how I test, debugging, bug stories, learning topics, etc.
- asking for help and security doesn't exclude each other either; security was scary enough I didn't join a community last time; could be practicing asking good security questions
- really about the question what scares me most that also grows me in the direction I want to grow (e.g. solo open source contribution might or might not help)
- I'm fueling my generalist skills every work day, I'm on it already, not scary
- what scares me most is security and building things
- could use Tanya Janca's Cyber Mentoring Monday
- join OWASP chapter
- use training budget to go on security conference
- mobile security would be new angle and relevant in AppSec
- nothing is as scary as showing my face in front of security people and communities
- joining and actively participating in at least one security community will let me understand application security better and allow me to solve five mobile security challenges
- practice debugging strategies and approaches (like Julia Evans shared), exercises; fixing bugs in unknown systems (hence requiring investigating and learning the system)
Now, what do you think made it as my chosen challenge for next year?
My Pact for 2023
- solved five mobile application security challenges,
- explained how I solved them, and
- asked community members for their review and feedback to learn from.
- I can join one or more communities, yet it's about staying six months and actively participating in any of them.
- Challenges could be a variety of practice exercises on topics like threat modeling, SAST activities, security testing and more - as long as they would help me in everyday work, hence the focus on mobile.
- Mobile application challenges cover the whole mobile system and architecture, including backend services.
- To explain how I solved the challenges, I will write blog posts. I will edit my explanations based on the received feedback.
- People to ask for review or feedback could come from the communities I freshly joined or the wider global community - yet it should be people I don't know in person yet at this moment in time.
- Start: I will start only in 2023 as there are more todos on my desk before and I want to dive in with more focus.
- Pause: Whenever I realize I neglect the self care I committed to (for three years I'm now using those defined in my last challenge), I pause for the week and take care of myself before continuing with the challenge again.
- Stop: It's time to stop my challenge and evaluate my experiment overall when I've either proven the hypothesis or ten months have passed.
No comments:
Post a Comment