Sunday, March 17, 2024

Contributing in New Ways - Everything Everywhere All at Once

It's been a while since I last wrote down my thoughts about things that happened, things I've done, things that evolved. And a lot had happened since beginning of the year when I announced my personal challenge for 2024. I would have loved to share a lot more frequently about my endeavors in small social media snippets, yet the last months had been not only busy but energy-draining (due to other aspects). There simply wasn't any energy left to share what I'm doing, and I rather spent the energy available on the doing itself.

As I'm slowly getting back to a more sustainable pace, and back to the kind of busy that I personally like and that gives me energy instead of just taking it, I'm finally ready to share a few things.

So, how did I contribute in new ways in the last months?


New Work Contributions

At work, I completed my first backend feature. I've worked on the backend before, yet rather focusing on cleaning up legacy, adding tests, improving things, adapting existing features. Yet I simply never had the opportunity before to add a completely new feature. We currently only have one dedicated backend engineer in the team, so I'm once again filling a gap. Admittedly, a gap that I really like and am way more familiar with than with other endeavors.

I gave a bunch of company-wide learning sessions again, this time experimenting with two new formats. One on offering a dedicated public learning hour on all things security, one on sharing stories from my own team to initiate conversations how to grow the culture we want to see. Both formats were planned as a series of at least five sessions. Both had high quality (though low quantity) audiences so far, and people could take things with them after each session. I am calling that a success.

I've also learned a lot more about very domain-specific compliance topics, processes, audits, and more. These are not topics I'm keen on jumping on (especially compared to the other two), yet it's been another gap to fill and another contribution in a new way.

New Conference Contributions

Speaking at conferences is not a new thing for me anymore. What can be new, however, are new formats, new teaching styles, new session topics, new conferences, and new communities.

I decided to go for new topics and finally submitted my first security-focused conference sessions. I was thinking about this for a long time already, basically ever since I started to invest in security knowledge and skills. Yet it's an especially scary area to step into, and that accounts for conference sessions as well.

I managed to write three new proposals, two workshops and a talk. Two sessions are still waiting for the first conference to give feedback on, one is already accepted! I'll have the honor to give my brand-new "Capture the Flag Together: Security for Everyone" workshop at the free Software Teaming Online Conference 2024. And Lisa Crispin agreed to co-facilitate with me! It's going to be a lot of fun. I just love this conference, and I owe a lot to it. Fun fact, my all-time most booked workshop "Ensemble Exploratory Testing" also has its roots there. Very curious what happens to my new security workshop in the future, and in general to more security-focused sessions. At least the first step is done!

New Community Contributions

Finally, my courageous community contributions! So much to share from the very start. Right after having posted my personal challenge of the year, yet another initiative evolved. I can tell you I'm so very excited about everything. Depending on the initiative, I cannot always share everything publicly right away, yet there's enough to share already!

  • Launch an open space security conference together with Claudia Bothe, Claudius LinkDave van Stein, Janina Nemec, and Ulrich Viefhaus. The TL;DR version: it's happening for real! The Open Security Conference (#osco) will take place on 4-6 October 2024 in Rückersbach, near Frankfurt in Germany. A lot more folks joined as organizers since I last wrote about this initiative. We have further awesome supporters in the closer circle as well. Our website is public (and constant work in progress), first social media presences initiated on Mastodon and LinkedIn. Have you seen our amazing logo created by Janina Nemec? The event will be a full open space conference with the addition of two keynotes to kick it off - one amazing and well-known speaker is already confirmed. We're looking for sponsors, if you have a suggestion for us it's appreciated! Well, a lot more is coming and to be revealed as we go further. There's a ton of more work to be done, this initiative is indeed not getting boring at all. Instead, it's very exciting, and I'm really happy to have such a great organizer team to take this journey with!
  • Create a security card game together with Martin Schmidt and Philipp Zug. This endeavor took shape as well over the last months. We already had a play session, trying out the game for the very first time. It was such a cool experience to test out the preliminary content and experiment with different game mechanics. And it instantly generated lots of more ideas to improve on. This is a really chill and fun activity and we hope to bring it to open space conferences and the world. Check out our Security Card Game Github org in case you want to follow along.
  • Build a full-stack open-source practice platform as an ensemble with Ben Dowen and Vernon Richards. Yet another initiative I feel very hyped up about! We are taking the roles of the employees of the fictive company "Make-Believe Labs", taking on "Project Snack Shop" for a customer who wants to digitalize their well-running snack shop business by offering an online shop. For real, I just love this happening. We have an ensemble session each week, and we are all in. From our own vision, to the actual project offer and context, to the first proof of concepts, to team agreements, to design documents, to architectural decision records, exploring walking skeleton options with code, and more. This is just super awesome. We have so many ideas to build on this! We don't have an overarching Github org for this yet to follow along, but stay tuned, a lot more is brewing already.
  • Offer Shiva Krishnan's and my leadership workshop series to the community. Ah, a longtime endeavor dear to our hearts. This series proved to be valuable to lots of people in the past, and it definitely helped both us grow immensely. Finally, the time has come to spread the word further and transform our workshops to an open community offer. This year we want to try it out with a small cohort. In the first instance, we won't have public registrations, yet will build on our networks for this first community proof of concept. If this goes well, there are plans for more afterwards! It's now really taking shape, and I'm glad to see this. Although access won't be public in the first instance, I'll see what I can share as we go along.

By the way, as if any one of the above wouldn't be enough (they clearly are), there are still further endeavors on my list that I'd love to start. I know, I know, I can't do everything at once, so I deliberately hold back for the moment, as above initiatives (as you can imagine) already fill my time very easily. They also give lots of energy! Lots of growth, too, and I'm not alone in either of them.

As I'm writing this, I'm looking back to the original hypothesis for my personal challenge. While above endeavors are indeed new contributions, quite courageous and also ambitious, I'm also very pleased to see that the hypothesis criteria will be very easy to measure indeed. I won't have any trouble to learn from these initiatives. Seems I'm on the right track, and that's providing me peace of mind already.

I am very much looking forward to see how each of these new contributions evolves over time. Truly exciting!

Tuesday, January 2, 2024

My Personal Challenge for 2024 - Scary New Grounds

In the last few years, I've taken on several personal challenges. These are things that initially scared me yet clearly helped my personal growth. You could also call each of them my "theme" of the year to focus on deliberately, as my learning partner Toyer Mamoojee framed it. For 2024, I am taking on my sixth one! 

Open Thinking

While working on my current challenge of the year, I am already taking note of topics that cross my path that would make yet another great theme for the following year. Here's my rough and raw list of thoughts that came to mind in the sequence I noted them down.

  • open source contribution
  • security
  • accessibility
  • app development
  • call for a weekly 90min ensemble creating an open source app together
  • a project a month
  • build an intentionally insecure movie app for practicing
  • "everyday security" series
  • "accessible security"
  • asking for help; see Ady's idea
  • initiate pairing/ensembling with others
  • deep dive focus weeks: learn foundations for a topic and share to deepen my generalist me
  • series of how I test things, especially on the backend side
  • anything that contributes to my vision of systemic inclusion and growth?
  • feeling I'm doing the same over the past years, over and over again, also re-using a lot of what I've built before; yet there's so much more to learn and grow into, like Maaret continually does, expanding
  • do something I haven't done before, truly grow again; I've used lots of approaches in the last years that had worked before, just built on them and refined them; yet didn't really reinvent myself anymore
  • really do need my own topics again, not being driven from conference to conference alone, neglecting my goals and blog
  • “Courageous Community Contributions” - finding new ways to contribute to the community (like I found new ways to contribute to a team and company over the years)
    • These are still scary!
      • List of a bunch of points - not revealing them here yet, you'll need to read on ;)
      • … leaving space for serendipity
    • What else I might do, yet not as scary anymore:
      • Paired blog posts
      • Paired conference sessions
    • Other things I’m already doing, that are not scary anymore:
      • Blogging
      • Public speaking
      • Security testing sessions with Peter Kofler
      • Code reading club
      • Learning partnership with Toyer Mamoojee
      • Daily habits and practice

As usual, the last idea grew and took shape in my head, and I kept adding to it. That's usually the candidate for the very next year, so here it is!

My Challenge for 2024

Here's the challenge of my choice for this year: "Contributing in new ways." Let's dive into this.

The challenge: I owe a lot to the various communities out there. I'm doing a lot to give back and especially pay forward through sharing on social media, blogging, and conference speaking. There are a lot more ways to contribute, though! I'd love to explore new options and pathways. This runs parallel to what I do at work: constantly re-inventing myself, my role, and how I contribute to teams and organizations. Going out of my comfort zone is how I've grown myself as a generalist. Therefore, I think I can contribute also in different ways outside of work. So here's my challenge to find new ways to contribute to communities and dare to try them - they only can't be the old things I'm already doing (while no one stops me from continuing what I want to continue).

The hypothesis: I believe that contributing to communities in new, courageous ways will add value to the communities I'm part of and grow my own knowledge and skills. I've proven the hypothesis when...

  • I have contributed in three new ways,
  • other people engaged with these contributions, and
  • I have learned three new things from each.

The experiment: In order to prove or disprove the hypothesis, let's get more concrete.

  • Contributions need to be courageous, something I haven't done yet that I find scary enough while being ready to give it a try.
  • Communities to contribute to are not limited, whether I'm already part of it or it's a new one I'm discovering on the way. Topics are not constrained either, as this is all about re-inventing myself by daring to contribute in new ways.
  • My initial options are not carved in stone. Instead, they are even prone to change, and that's welcome. I deliberately leave space for serendipitous new collaboration options.
  • There's no constraint on how much time these contributions require, whether they only take one hour or continue over many months.
  • If a contribution turns out to be not scary at all, then it's still a valid contribution to the community I can decide to pursue.
  • I choose to share anything about these contributions in any form I find appropriate. I am not limiting myself to blog posts for this challenge, nor do I require myself to write any.

Timeline criteria: It always proved valuable for me to think about when to start, when to pause, and when to stop.

  • Start: The fact that I've taken initial steps for a few courageous endeavors already in 2023 doesn't hinder me from including them in this challenge. The main focus will still start from now on.
  • Pause: Whenever I neglect the self-care I committed to, I stop to re-assess the situation and make a judgment call for how long to pause the challenge and get back on track to maintain the required energy. Pressing on without having the energy for it is a no-go.
  • Stop: It's time to stop my challenge and evaluate my experiment overall when I've either proven the hypothesis or it's the end of October 2024.

The hashtag: Initially, I opted for the following name and related hashtag to refer to this challenge: #CourageousCommunityContributions. Yes, I do like alliterations. This one's quite a mouthful, though, and I realized I'm not thinking about this challenge in this way. So I decided to take the words I use when I think about it, and that's #ContributingInNewWays. So be it.

Reviewing all this, I acknowledge the substantial risk that I open up too many topics and, hence, once again feel overwhelmed like in 2023. To mitigate this, I'm trying to build in as much freedom as possible to reduce unhelpful pressure. I don't want to lock myself in and instead still be able to respond to life. The constraints should be liberating. After all, I'll have to try it out and see how it goes.

Also, framing my challenges as measurable experiments allows me to document a starting point and afterward compare where I ended up with that initial state. So, hypothesis measurements are a tool to help me look back and spot differences. The most important metric will always be how much value I got from these personal challenges for my own growth. So far, it's always been worth it to dare take this journey.

It's on!

You might wonder, what kinds of contributions do I already have in mind? Here's a non-comprehensive list of currently prominent topics. As stated above, these options are prone to change. I'm sharing them here to make all this more tangible, help me reflect once I finish this challenge, and see if any of you would like to join me in any of these endeavors.

My journey already started with a few tiny steps on some of the listed topics last year. With old tasks closed and the new year starting, I now have a lot more focus to spend. I'm grateful for my wonderful conspirators, looking forward to our collaboration over the year, and I can't wait for what I'll learn on this challenge!