It's been a while since I last wrote down my thoughts about things that happened, things I've done, things that evolved. And a lot had happened since beginning of the year when I announced my personal challenge for 2024. I would have loved to share a lot more frequently about my endeavors in small social media snippets, yet the last months had been not only busy but energy-draining (due to other aspects). There simply wasn't any energy left to share what I'm doing, and I rather spent the energy available on the doing itself.
As I'm slowly getting back to a more sustainable pace, and back to the kind of busy that I personally like and that gives me energy instead of just taking it, I'm finally ready to share a few things.
So, how did I contribute in new ways in the last months?
New Work Contributions
At work, I completed my first backend feature. I've worked on the backend before, yet rather focusing on cleaning up legacy, adding tests, improving things, adapting existing features. Yet I simply never had the opportunity before to add a completely new feature. We currently only have one dedicated backend engineer in the team, so I'm once again filling a gap. Admittedly, a gap that I really like and am way more familiar with than with other endeavors.
I gave a bunch of company-wide learning sessions again, this time experimenting with two new formats. One on offering a dedicated public learning hour on all things security, one on sharing stories from my own team to initiate conversations how to grow the culture we want to see. Both formats were planned as a series of at least five sessions. Both had high quality (though low quantity) audiences so far, and people could take things with them after each session. I am calling that a success.
I've also learned a lot more about very domain-specific compliance topics, processes, audits, and more. These are not topics I'm keen on jumping on (especially compared to the other two), yet it's been another gap to fill and another contribution in a new way.
New Conference Contributions
Speaking at conferences is not a new thing for me anymore. What can be new, however, are new formats, new teaching styles, new session topics, new conferences, and new communities.
I decided to go for new topics and finally submitted my first security-focused conference sessions. I was thinking about this for a long time already, basically ever since I started to invest in security knowledge and skills. Yet it's an especially scary area to step into, and that accounts for conference sessions as well.
I managed to write three new proposals, two workshops and a talk. Two sessions are still waiting for the first conference to give feedback on, one is already accepted! I'll have the honor to give my brand-new "Capture the Flag Together: Security for Everyone" workshop at the free Software Teaming Online Conference 2024. And Lisa Crispin agreed to co-facilitate with me! It's going to be a lot of fun. I just love this conference, and I owe a lot to it. Fun fact, my all-time most booked workshop "Ensemble Exploratory Testing" also has its roots there. Very curious what happens to my new security workshop in the future, and in general to more security-focused sessions. At least the first step is done!
New Community Contributions
Finally, my courageous community contributions! So much to share from the very start. Right after having posted my personal challenge of the year, yet another initiative evolved. I can tell you I'm so very excited about everything. Depending on the initiative, I cannot always share everything publicly right away, yet there's enough to share already!
- Launch an open space security conference together with Claudia Bothe, Claudius Link, Dave van Stein, Janina Nemec, and Ulrich Viefhaus. The TL;DR version: it's happening for real! The Open Security Conference (#osco) will take place on 4-6 October 2024 in Rückersbach, near Frankfurt in Germany. A lot more folks joined as organizers since I last wrote about this initiative. We have further awesome supporters in the closer circle as well. Our website is public (and constant work in progress), first social media presences initiated on Mastodon and LinkedIn. Have you seen our amazing logo created by Janina Nemec? The event will be a full open space conference with the addition of two keynotes to kick it off - one amazing and well-known speaker is already confirmed. We're looking for sponsors, if you have a suggestion for us it's appreciated! Well, a lot more is coming and to be revealed as we go further. There's a ton of more work to be done, this initiative is indeed not getting boring at all. Instead, it's very exciting, and I'm really happy to have such a great organizer team to take this journey with!
- Create a security card game together with Martin Schmidt and Philipp Zug. This endeavor took shape as well over the last months. We already had a play session, trying out the game for the very first time. It was such a cool experience to test out the preliminary content and experiment with different game mechanics. And it instantly generated lots of more ideas to improve on. This is a really chill and fun activity and we hope to bring it to open space conferences and the world. Check out our Security Card Game Github org in case you want to follow along.
- Build a full-stack open-source practice platform as an ensemble with Ben Dowen and Vernon Richards. Yet another initiative I feel very hyped up about! We are taking the roles of the employees of the fictive company "Make-Believe Labs", taking on "Project Snack Shop" for a customer who wants to digitalize their well-running snack shop business by offering an online shop. For real, I just love this happening. We have an ensemble session each week, and we are all in. From our own vision, to the actual project offer and context, to the first proof of concepts, to team agreements, to design documents, to architectural decision records, exploring walking skeleton options with code, and more. This is just super awesome. We have so many ideas to build on this! We don't have an overarching Github org for this yet to follow along, but stay tuned, a lot more is brewing already.
- Offer Shiva Krishnan's and my leadership workshop series to the community. Ah, a longtime endeavor dear to our hearts. This series proved to be valuable to lots of people in the past, and it definitely helped both us grow immensely. Finally, the time has come to spread the word further and transform our workshops to an open community offer. This year we want to try it out with a small cohort. In the first instance, we won't have public registrations, yet will build on our networks for this first community proof of concept. If this goes well, there are plans for more afterwards! It's now really taking shape, and I'm glad to see this. Although access won't be public in the first instance, I'll see what I can share as we go along.
By the way, as if any one of the above wouldn't be enough (they clearly are), there are still further endeavors on my list that I'd love to start. I know, I know, I can't do everything at once, so I deliberately hold back for the moment, as above initiatives (as you can imagine) already fill my time very easily. They also give lots of energy! Lots of growth, too, and I'm not alone in either of them.
As I'm writing this, I'm looking back to the original hypothesis for my personal challenge. While above endeavors are indeed new contributions, quite courageous and also ambitious, I'm also very pleased to see that the hypothesis criteria will be very easy to measure indeed. I won't have any trouble to learn from these initiatives. Seems I'm on the right track, and that's providing me peace of mind already.
I am very much looking forward to see how each of these new contributions evolves over time. Truly exciting!