Tuesday, November 11, 2025

Attempting to Stay Calm and Steady - Concluding Remarks

It's done. Another personal challenge is in the books. The Calm and Steady challenge I picked for this year was an even more personal one than usual, targeting my state of mind instead of producing output. Reflecting on the past ten months, here are the insights I gained from attempting to stay calm and steady.

 

Calm Enough Is Enough

I keep preaching to iterate, to take tiny steps, and to run small experiments. It's no surprise that I've found it's the same with how I feel. Throughout this year I've learned that it's not about being perfectly calm all the time, posing as that steady rock to hang on to, not bending in storms. It's about weathering life well enough and being more like bamboo, that perfect example of resilience. I came to terms that I don't get there in one day, though, that it takes many steps, and that not all steps will lead in a helpful direction. But that's okay as long as I keep checking my bearings. Keep what helps right now to be calm enough and abandon the rest. Feel the feelings whenever I'm not calm, acknowledge them, know things will change again, and let the tides wash over me. It won't be great in the moment, and I'll be okay again afterwards. Taking all days together, I'll be calm enough.

 

Listen to Your Inner Critic

Since beginning of the year and my challenge, I made it a point not to ban my inner voice telling me I'm not skilled enough, don't know enough, am in the wrong place, or what not. Instead of scaring this inner voice away and pulling through nonetheless, I intentionally listened to what it had to say for a change. Well, when it comes to feelings or such inner voices, it's interpretations all the way down, so it might not be perfectly clear what it intended to indicate. That being said, I was pretty surprised that ever since I started the challenge, my inner critic rarely went wild; it happened only a few times when doubting some of my decisions that later on proved to be good ones. The other times it raised its voice, it had valuable things to say. Pretty valid things, and more often than not, they were actually correct. This was happening in situations when I was indeed missing skills or knowledge. But instead of beating myself up about it, I managed to take my inner critic's feedback as the indicator it is and used it for informed decisions. Like reading up on a topic to learn more about it. 

This might not sound like a big revelation, and yet it was for me. I realized I don't need to calibrate my inner voice as much as I thought I would - I just need to listen to it and then take it as the gift of feedback. I still have the full ownership on what I want to make out of it. I can discard it, act on it, take a mental note for the future, anything. It's up to me. And my inner critic can stay calm now, knowing that it will get heard when there's something to listen to.

 

Wait for the Energy 

I had a guiding mantra for quite a while: "follow your energy". I've heard this one first from Maaret Pyhäjärvi a long time ago, and I made good use of it over the years. Yet what if there's simply no energy to follow? For a specific task, or maybe for anything at all? This reminded me of a situation from many years ago. A former colleague saw me preparing for a meetup I hosted at my company, running around while also discussing tech initiatives, conference speaking, our internal community of practice, and everything. He had looked at me with astonishment and asked me where I took all that energy from. Back then, I found this question quite surprising, given how fortunate and lucky I am to work in a field I really, really enjoy so I also spend some of my free time on it. I often reflected back on that moment, especially during the last few years, when things felt really hard. When I barely had any energy anymore to still push for goodness and kindness and collaboration and doing great things together at work. Every day again, against the odds. That was the time of saying "our team is thriving - not thanks to the company culture, but despite it" on repeat. 

Having changed jobs this year really did me well to draw some energy again. At the same time, I tended to give it away instantly again and to too many parties, not leaving much for myself. I tried to act like I still had all the energy in the world which left me instantly depleted again. The only thing that actually worked was to tackle a task when I had the energy for this specific task. Sometimes that meant not doing anything at all for a while. Allowing myself to rest and just be. Waiting for that energy to show up eventually. 

 

Let People Wait

This one is super tough for me. I am a recovering people pleaser and this year I had a tough relapse, agreeing way too many times to things and constantly crossing my own boundaries. Or rather not having actual boundaries, letting other people eat up all of my time. The fact that I'm well connected with so many people - which I'm grateful for! - makes this such a challenge. I still want to please them all (well, most of them). There are still only so many hours in a day, though. Just jumping to everything at any time means there's absolutely no time left. Not for all of them, and not for all other tasks and commitments waiting. Let alone myself and my own needs. Nada. I learned I need to let people wait from now on. Spread things out. Disappoint them. Set actual boundaries and keep them for real. The implementation of this learning is still lacking; it will need many tiny steps. Eventually, I'll get there. 

Or rather: I'll get there again. Because interestingly, this is something I already did rather well around ten years ago. Yet while keeping people waiting for a day for a response was really long back then, nowadays it's a blazingly fast response time, given the amount of incoming stuff. Maybe I just need to redraw different boundaries, adapt them to today's reality. And not always let my own initiatives wait, I'm just tired of keeping myself waiting. I basically need a shield to blend out anything outside from time to time. Or rather: I already have a shield; I should use it more often. How do I know that? I do have the gift of focusing fully and forgetting the world around me. Shutting everything and everyone off and blocking them out, by activating this shield. That is my precious. I don't want to let others dictate how I spend my time more than I really need to. I don't want all the noise out there to drown me either. I want to reclaim my time. And I might choose to spend it less socially, more on my own, for my own sake.

 

Patience Pays Off

I need time. I know I usually need more time than others, on anything. Usually a fair amount of more time. I've not fully come to terms with that, yet there's also a good side to it. As long as I stay patient, I can learn and do a lot of things. I do need that time though. I need it for repetition, to familiarize myself with topics. Often in layers, continuously increasing understanding. Then I start to see patterns, areas that don't require as much cognitive load anymore, so I can notice new things and strengthen my understanding. It literally grows the more deliberate time I spend with something. I am a slow learner and I am a good learner - both statements are true at the same time. But I need the patience to let it happen. I see that a lot at work, especially when learning new domains, new services, new technologies. I'm trying different pieces of the puzzle, seeing where and how they fit, rearranging them multiple times as they go and show different versions of a picture. At some point, the puzzle fits better together. Never perfect, but mostly better. 

The other part where I see patience really paying off is my physical health. I've had several minor yet very annoying and limiting injuries for a few years now, one following or overlapping with the other. This year, a few topics really weighed on me, yet I knew I had to stay patient and try only very small steps and instantly retreat whenever I overdid it. And it paid off. For example, I'm finally able to kneel again, which I couldn't anymore since February. I know it's actually not that long a time frame when it comes to injuries, especially given my age, and yet. Time is perception, and at times I couldn't really see it ever getting better. I can't say how much I enjoy the newly re-gained range of movement. Well, there's more to regain. It'll come, with patience. It's time well needed and well spent.

 

Subtract Chaos

There's an amazingly insightful short video by Dr. Raquel Martin: "If you feel like everything’s slipping through you… You might not be a cup. You might be a colander. And it’s time to patch the holes." She explains how resting alone doesn't do it if you're trying to fill a leaky vessel. She points out we need to figure out what's draining us and patch that first - subtracting the chaos. Drains can be structural, relational, internalized, and due to identity suppression. Honestly, just watch the video and follow her in general - she has lots of wisdom to share.

When I saw this video, I felt it hit way too hard. Seriously. Chaos is exactly what I've been experiencing in the last months and getting rid of it proves to be a challenge. Getting to the bottom of this, especially when it comes to internalized messages and identity topics, will take a lot more time. Not to mention structural issues. For relational topics, well, as already shared, I need to set healthier boundaries. I have encountered people both in career and community who can suck the life out of me. Sometimes disguised in pleasantries on the surface, sometimes openly disrespectful. And those people take up way too much space in mind. My best friend recently shared such wise words when I told her about a conflict: some things don't need to be repaired. So true. Just like some people don't deserve my attention, time, energy, and feedback. Self care lies also in deciding which interactions I take and which ones not, when to mask and when to drop it.

I need to look out for those chaos factors. Rebuild my leaky colander into an actual cup, so I can fill it again.

 

Add Slack 

I've been thinking about how to make time and energy for all the other things I love and want to do. Some personal endeavors, some community initiatives, some professional growth topics. Because many of those activities will take up a lot of time. How to fit this into an overly busy schedule? I started tracking where I spend my time all day. And many days are just filled with answering messages, fulfilling commitments, and falling into bed again to rest enough to repeat this cycle over and over again. Every system needs slack, otherwise it's prone to fail. The problem is, I've been building more houses of cards than you might be aware of. My last ones completely collapsed the last weeks because one aspect one day just didn't work out just in time. 

Looking back at my past journal notes, tiredness and lack of energy, time flying due to days being way too packed, postponing things I want to do for myself are very clear patterns. I'm just keeping busy instead of stopping and thinking - even in such a good year as this one. It frightens me. Even a long life is way too short for that.

So, I need to add slack to the system again to liberate myself from the hamster wheel and constant pressure I've put on myself. Slack as in time that is not already reserved for certain activities or people. Time that is just there for me to use however I want to use it in that very moment. For no purpose besides my own.

 

My Recipe to Joy and Calmness While Learning

I've identified the following mantras for myself a few months ago. They still hold, so I'm sharing them here. They are quite personal as a recipe to experience both joy and calmness, while still continuously learning new things. They might become invalid in a few months, who knows. For now, this is what's helping me and what also helped gain the overall insights from my challenge that I shared above.

  • Play first, work later. Computer games really make my brain wake up, take up space, take me away from everyday things, and leave me energized. Afterwards, I’m way more effective and a lot calmer, for any kind of tasks or commitments.
  • Give your brain space. Taking breaks and stepping away from problems really works. Especially taking a shower, and movement in general. It just gives my brain the time and space to digest things and make new connections.
  • Care well for your body. Good sleep, proper rest, good nutrition, drinking water, exercising, changing posture, standing for work, sitting on the floor instead of chairs, stretching again, all of it. It just makes a huge difference how well I feel, and how calm I can be.
  • Go to bed before you're tired. This way I can slow down, still enjoy fiction, and end the day by ritual. And not just fall asleep on the couch and have my body literally shut myself down because I’m just extremely tired.
  • Write it down. Getting my thoughts down in front of me makes such a difference. It brings clarity, it creates structure, it makes me realize things and gain new ideas. Anything overwhelming, unclear, whatever? Write it down. I write to think and think in writing.
  • See waves come and go. Whatever turmoil is happening right now, inside myself or outside forces, it will pass. Emotions will come and go. Overwhelm does not stay and things will clear up. It’s okay. It’s just the nature of things.
  • Celebrate deliberately. Optimism is still one of my biggest energy sources and connectors with others. Celebrations go a long way, also for myself. So whenever something makes my day, big or small, let me celebrate deliberately and in public. It might inspire others as well and hence multiply our joy. 

 

What's my verdict on the challenge?

My insights focus mostly on calmness and peace of mind. Yet what about the steady part of my challenge? Well, I've done stuff indeed. Not too much, but pretty continuously. I'm strangely quite okay with that. Even if there's nothing much to show. I did learn things.

I've started a personal journal as part of the experiment and it proved invaluable, just as I gain lots of value from running a work journal for many years now. So, I'll keep journaling as part of my routine, even if more informally and less regular. 

Finally, let's look at my original hypothesis for my Calm and Steady challenge.

I believe that learning in ways that fit my own personal needs, every day for just a bit, combining theory and practice, will soothe my inner critic, and allow myself to focus on the joy of (re)discovering knowledge and skills while holding space for whatever else I want to use my time for during the year. 

I've proven the hypothesis when my inner critic focuses on their original task again to alert me on actual concerns, and I've had a good time with what I learned and worked on. 

To be frank, I didn't even remember I phrased the hypothesis like that, I thought it would require me to do more. Yet reading it again, it does not, in fact. Hence, I can indeed say: yes, my inner critic does an amazing job and I'm finally happy to collaborate with it. And yes, I did indeed enjoy the stuff I've worked on. I even did some things that I originally considered for a different challenge, like founding a CTF team. 

Well. It seems - calm and steady it is! Now if you'll excuse me, I'll need some slack time. And if you reach out but don't hear from me in a while, just wait a while longer. I might just have activated my shield and be taking my time to go at the only pace I can go. 

Posted by at No comments:
Labels: , , ,

Sunday, October 26, 2025

NDC Porto 2025 - Filled to the Brim

Another milestone achieved! After following them for years, I finally made it to my first NDC conference. What better first one than NDC Porto? This conference was special in multiple ways. It focused on workshops, it was a conference from a different community where I didn't know anyone yet, and it was placed in a beautiful city where I haven't been before and that invited exploring.

 

Arriving in Portugal 

There weren't too many feasible travel options, so I had to get up in the middle of the night when I usually would just go to bed. On the upside, it also meant I arrived already around noon. This meant I could not only catch a nice lunch, but also take my time to finalize preparations for my own workshop taking place the next day before heading out to get a first impression of Porto. What a beautiful, chill city this is - I really enjoyed the vibes, the friendly folks, the amazing food.

Whenever I'm at conferences, I like to check in with fellow speakers and participants early. This time, as I didn't know anyone yet, I realized once again how hard it is to get into contact with each other. This is where speaking shines with a usually hidden quality: you're having something in common with other speakers, you're usually connected through certain channels upfront, and you're usually staying at the same hotel so it's rather easy to meet each other at the hotel bar. This time, my accommodation seemed not have any other speakers hosted, though. I struggled to connect - a great reminder how I felt before becoming a speaker, and a great reminder to ourselves to make conferences a welcoming space, especially for newcomers.

In the end, I decided to use this first day as personal time off to accommodate. Probably a good idea, given how busy the last months were.

 

NDC Porto Conference Days 

The first conference day arrived, and the first challenge for me was to get to the venue in good enough shape - a longer walk combined with humid weather left me sweating. Well, that's one of the struggles of being a speaker. Good thing my workshop was scheduled for the afternoon and I had time to compose myself.

After getting some really nice swag (a proper backpack!) and grabbing some black tea to wake up my brain, it was time for the opening keynote: "Machines, Learning, and Machine Learning" by Dylan Beattie. Dylan reminded us how technology can make barriers to the meaningful things easier. Yet how should this work when we introduce randomness into the system? Reality is not deterministic, rather probabilistic - as is what we call "AI" nowadays. Yet it's here, so we have to decide for ourselves what we are going to do about it. Coding agents are good at problems we already solved. And still, when we integrate things like AI tools where the outcome is not guaranteed, we're in trouble - as variable-ratio reinforcement is highly addictive as we know from gambling and social media. Also, turning little programs into useful products (and knowing the difference between the two) will always need the human in the loop. Dylan left us with this thought: learn the foundations, learn to spot bullshit, and in best Douglas Adams manner: don't panic.

After the morning keynote, I joined Ardalis (Steve Smith)'s workshop "Clean Architecture for ASP.NET Core in Two Hours!". Two hours was indeed a challenge for so much content! We didn't have much time for exercises, yet Ardalis left us with a lot of material to study further at home. He walked us through a brief history of how software architecture evolved, presented the principles of clean architecture and showcased how these could look like for .NET projects. This was especially interesting for me as I'm now working on a product where .NET makes a big part of the tech stack. Check out Ardalis' clean architecture NuGet template to use as a starting point with ASP.NET Core.

After delicious food and first conversations with fellow participants, it was time for my own workshop in the afternoon: "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day". Giving this edition was a special occasion for me in multiple ways. First, this was a four hour version of my workshop. Second, the workshop room was far from usual - Alfândega Porto Congress Centre's Noble Hall is literally a huge hall in a historical building turned into a room for workshops. Third, we improvised to make the rather fixed two-person table setup work and still have meaningful group exercises. And finally, it showed me once more that all the preparation in the world cannot foresee everything. It's still good to be as prepared as possible to prevent things that are preventable, and have certain fallbacks in place - just in case. And yet, sometimes you learn right there in the moment. In this instance, this meant that people had to spend more time on setting things up as I intended - good thing we had more time to practice anyways! All worked out in the end, and I learned my lessons for the next editions of this very workshop. Also, it seemed like the majority of folks had fun and gained value out of the session - at least based on the feedback of them coming back after a half hour break in between, and the thoughts they left with me in the retrospective.

Many folks went to an organized wine tasting dinner during the evening. As I don't enjoy wine as much, I had decided to opt for different plans and in the end cherished a calm evening with delicious comfort food at a really nice place.

The second conference day came, and now that my own work was done, my focus was fully on participating and learning. This day started with a keynote as well: "Imagine If We Made It Simple" by Guilherme "Gui" Ferreira. Gui made it clear that easy is not the same as simple. Easy is what you are familiar with without friction - this is very subjective. For simple solutions, however, you'll have to fight for all the time, as this means breaking our own addition to complexity. But simplicity is what makes the essential part, and what makes our systems reliable. Gui encouraged us to keep asking if there's a simpler way to do things, and to try things out - many decisions are indeed reversible. He also encouraged us to get rid of what we don't need, against our very much learned drive to continuously add things instead. Removing complexity and making things simpler, however, can be a massive game changer. A "no" today enables a "yes" tomorrow. Let's instead aim for sustainability on the long run, not only in our solutions, yet also for as humans. Anxiety, pressure and stress are narrowing our thinking, so we need to allow failure and also abort initiatives without retribution - and hence co-create the culture we need to really go for simplicity. Boring tech that we really master and understand for the win! This way, we can do more with less and really go far. Gui left us with this condensed message: focus on what matters, subtract the noise, and win space to master what's important. A lot of food for thought.

This conference had lots of interesting workshops to offer, and yet I simply had to pick those that seemed most fitting to my current work. On this day, I picked the full-day training "OAuth 2.0 Security Best Practices" by Philippe De Ryck. As many of us, I had worked and seen OAuth in practice - and yet, this topic has lots of depths to explore further. Not surprisingly, this workshop validated existing knowledge, and provided lots of further insights - including options I had never heard about before, like Demonstrating Proof-of-Possession (DPoP) for high-security APIs. Philippe went through a lot of material with us, demonstrating concepts with a really useful self-made simulator, and doing his best to engage the audience with quizzes and other exercises to allow us to test our newly found understanding. Pretty tough to do for such a complex topic, yet it worked. Still, my head was spinning after such a full day of complex content.

In the evening, everyone was invited to stay at the venue and enjoy the party with food, a pub quiz, music and karaoke. I found another participant who was there on their own, and once things grew loud at the party, we decided to call it a day and instead explore Porto by night instead. This way, we enjoyed lots of views we might not have seen otherwise - what a great way to end the day!

The last conference day arrived, and yet again it started with a keynote: "The Power of Play" by Rob Conery. Rob showcased how people used play and playfulness throughout computing history to come up with great innovations. People coming together and finding joy in tinkering with things, in trying something to increase their own understanding. While play isn't always regarded as such, play is actually a pivotal thing to do - it's at the epicenter of innovations. Memes started this way. Flickr and Slack originated as a side effect from other endeavors. It's really about trying ideas and seeing which of them takes off. Most will actually fail, and that's totally fine - a few might stick in the end. Yet nonetheless, we're too often trying to replace fun and play with scrolling. We're busy all the time, right? So Rob reminded us to treasure the right now, go out and discover, make time to play. Even if it's a dumb idea - make time to do it anyways.

What better workshop to choose than another full-day security training by Philippe De Ryck? This one was a "Hands-on deep-dive into frontend security". This topic allowed for a few more exercises than the one yesterday, and it was yet again a great mixture of practice on known topics like UI redressing attacks and restricting framing, XSS (and why Angular does such an excellent job as a framework here), and CSP (and why it's generally such a great tool) with additional in-depth insights. If you have a chance to participate in one of Philippe's trainings, I can only recommend it.

And that was it for NDC Porto for me! My brain was fried after all the condense intake, my notes were plenty, and I could make a few new connections in this new community. It was definitely worth it.

 

More Reasons for Porto

A very dear former teammate lives very close to Porto, so we just had to use this opportunity to meet and spend time together. We had such a lovely evening together with his wife and a dear friend! Enjoying lovely homemade food, playing board games, reminiscing the time we worked together and catching up with all the things that changed since then. Many thanks for having me! It really filled my soul and heart.

One more day to spend in this beautiful city. Wandering the streets and enjoying the amazing urban street art. Visiting a few official sights. Just breathing in the atmosphere. Definitely enjoying the delicious tastes of the city. That's another aspect I love about speaking in different countries and cities: having the opportunity to explore the location and get a first impression. Taking some time off after a busy conference, calming down and being in the moment before everyday's busyness takes over again.

Thank you all for having me. 

Posted by at No comments:
Labels: , , ,

Monday, October 13, 2025

Open Security Conference 2025 - Marvelous Momentum

It's now exactly one week after the Open Security Conference 2025 ended. And I'm still amazed about what happened there. Co-organizing a conference means a lot of things. You put in effort to make this a great experience for everyone. You prepare for anything you can imagine that could happen so you're prepared in the moment (yes, we do have a threat model for the conference). And then the conference runs and you experience something you didn't expect yet for this second edition: that participants give testimonials and help spread the word for you. I'm so very, very grateful.

 

What's an #osco again?

The Open Security Conference, short "osco", is an open space conference. In a nutshell, it means that the people who come co-create the program and the space we're in. With some liberating constraints, beautiful things can happen in such a format, things you didn't expect - so be prepared to be surprised.

We organizers found that in our cybersecurity bubbles, the open space format isn't well spread or even known at all. Hence, we decided to fill this gap. Yet osco is more than just an open space conference for cybersecurity enthusiasts. It's also intended as a place where everyone is welcome who's interested in security and learning from each other. No matter their current roles, areas or levels of expertise. We wanted to focus on inclusion and break any gatekeeping in the industry. You can learn more about the osco values on our conference website. 

Oh and by the way, our little monkey mascot is also named "osco" - you can find their bio as well on our organizer team page. 

 

How I Experienced #osco25

Well, on the one hand, there's the organizer view. A lot of work is going into creating a fresh new conference and help it grow and evolve to become not only valuable for folks but also sustainable on the longer run. A lot of hours, a lot of energy, a lot of care. We deliberately and intentionally committed to ethical choices and not taking the easy routes as much as we can. It's not all perfect, we're also human and messing up at times, yet we committed to continue learning and doing better. And that's what we hope to spread as well among the crowd.

Last year, we had our very first edition, basically our proof of concept - and people told us "yes, we love having this space". This year, for our second edition, we were delighted to have doubled the number of participants. Having around 40 folks turned out to be the perfect size for lots of engaging sessions and interactions, for getting to know people better. We had such a lovely crowd indeed. And we got real lucky: no cancellations, no no-shows this time!

We also gained further sponsors this year to make this event more affordable. We're a non-profit event and splitting costs among everyone (besides keynote speakers who at least get their ticket covered; hopefully more in the future), so any support is helping us making this event more feasible. There are lots of ideas to make it more accessible for the future on top of that, yet we have to start from where we are and sometimes go smaller steps than we'd love to. 

Some might have noticed that currently, it's mostly me posting on our official social media accounts (feel free to follow osco on Mastodon, LinkedIn, or Bluesky). Last year, taking care of social media was pretty stressful to do during the conference while everything else was going on. Pretty overwhelming especially given it was our very first edition. This year, we included Bluesky as a third platform to reach more folks - which would have made it even more overwhelming to cross-post manually across three platforms. Hence, we chose to use a cross-platform posting solution which also allowed me to draft and schedule a lot of posts in advance, which I then could just adapt or post on the fly during the event. A massive helper that reduced my personal stress a lot, and it was an invaluable tool for live posting during the keynotes.

Well, there's a lot more that could be shared from an organizer point of view. But it's not the only perspective here.

Post by @lisihocke@mastodon.social
View on Mastodon

There's also my view as a participant. Because yes, all organizers are usual participants as well, while they do have their organizing hats on top. This was especially tricky at last year's first edition where there were so many unknowns (back then I didn't even know the venue myself yet). This year, things were so much smoother, and I truly enjoyed this ride. I had a lot of fun joining the sessions, learning and contributing, and also giving sessions myself.

My very personal highlight: several people I knew from various areas of my life decided to join osco - so osco was the place to get them together in one place for the first time. I was very excited about this and confident they would get along with each other very well. New connections had been made for sure! Special kudos also to my dear colleagues Rudolf Kärtner (whom I met at #osco24), and Lucas - it was a real pleasure having you both there.

Here's the overall schedule we co-created. We'll post it on our website as well for reference, just bear with us while we're resting for a while after the conference.

Post by @realn2s@infosec.exchange
View on Mastodon
Post by @realn2s@infosec.exchange
View on Mastodon

Now, here's how my own conference days looked like overall.

Thursday

  • Registration. Throughout the afternoon and early evening, people arrived and first conversations were had over delicious snacks and hot beverages. The registration itself is something I really enjoyed last year already. It's our first chance to make folks feel welcome and get them introduced to what we have. A few things always stand out, like people's pleasant surprise that photo consent is explicit opt-in (instead of the usual opt-out if it's an option at all), and that we support initiatives like the sunflower as a symbol for hidden disabilities and Daniela Schreiter alias Fuchskind's amazing communication cards as special helper for neurodivergent folks.
  • Dinner. Snacks aren't enough for sure! Before everything started for real, dinner was served and people could get a bit more familiar with the venue. 
  • Official conference opening. The original idea initiator Claudius Link and I had the honor to welcome everyone and introduce them to our conference. We shared the origins and main idea, the values we share, our goal. Getting to know our participants a bit. Having each organizer introduce themselves; it was real sad that two of us weren't able to join on-site this year, yet they were with us in the form of a lovely video greeting for everyone. Setting the space and getting everyone familiar with a few helper tools to make this space as inclusive as we can.
    Post by @mkalmes@hachyderm.io
    View on Mastodon
  • Opening keynote: "Building an AppSec Program from Scratch" by Mireia Cano. I witnessed a former version of Mireia's talk last year right after I got to know her - and I felt it would be the perfect opener for osco. I'm ever so grateful that Mireia agreed to take a leap of faith and do this! Her AppSec stories of what worked and what didn't were just fabulous and already initiated lots of conversations on the first evening, as well as ongoing throughout the conference. Check Mireia's point of view further down below to see that convincing her to come to osco wasn't only good for us. ;-) Also, check out all the live posts made during Mireia's keynote to get an impression of her keynote.
    Post by @OSCo@infosec.exchange
    View on Mastodon
  • Socializing at the bar. Some people went to their rooms to rest, some people opted for getting to know each other a bit before the first full day came. This was already a real good and promising start.

Friday

  • Open Space Marketplace. Claudius and I also had the honor to introduce everyone to the open space, explaining how we do things, the principles and the one law, and basically how to get the best out of it. This first marketplace of ideas already showed: we won't run out of awesomeness. Lots of people came up and offered a whole variety of sessions. Sessions can be talks or workshops, yet they can also be "pull sessions" aka asking people to share their knowledge, maybe ask for help to solve an issue they face, or invite people together to try something out for the first time, or practice hands-on, or just have a conversational knowledge exchange - you name it. Any format you can imagine. Topics can also range from anything cybersecurity (which is the main theme bringing us together), to socio-technical and social topics, to hobbies and other activities we'd like to share. Anything goes that's not against the code of conduct.
  • Hallway track. During the first slot, I'm usually tired and undecided. Additionally, as an organizer, I also feel the need to make sure everything's working out, so I decided not to join an official session right away. Instead, I ended up having a lovely hallway conversation with Sofia Borga on security champions (yep, one of my favorite topics indeed).
  • "Session on InfoSec awareness for fresh folx at a Fachhochschule, studying public infrastructure IT" by Janis. What a really insightful conversation. Raising awareness on security (and also privacy) topics is such a crucial core challenge many of us face. We gathered lots of ideas from what content to focus on to how people could experience the importance without causing real harm.
  • "Fediverse #Q&A #experienceSharing" by Konstantin Weddige. Yet another wonderful conversation sharing insights on all things Fediverse with its plentiful social platforms like Mastodon, PeerTube, Pixelfed and many others. Pretty sure this made more people join and try it out for themselves.
  • Lunch. Some sessions were held over lunch, and unfortunately I didn't make it there before they filled up. Nonetheless, I enjoyed the conversations I had a lot. 
  • "Help! I'm a security champion - exchange on how to champion security" by Sofia Borga. This was such an amazing session. Sofia shared her own journey as a security champion as a consultant for a customer project. All the bumps and lessons learned, what helped and what not. This resulted in a great exchange on what kinds of experiences people made so far with either running a security champion program or being a champion on it. 
  • "Capture the Flag Together (Beginners Edition)" by me. What can I say, I just love introducing people to the practice labs out there to learn more about penetration testing in a safe and ethical environment. It's like little puzzles which are intrinsically intriguing, while you have to use lots of the tech knowledge and things in your toolbox to solve them. Especially when doing this in a collaborative, non-competitive mode, it's an amazing tool. It helps showcase what folks already know that's useful in this situation, how a diverse crowd can help fill our own gaps, learn more as we go together, experience how to breach a system and also gain insights on what we need to do to prevent this from happening. Once again, I had a really nice crowd joining me. Lots of fun included!
  • Keynote: "History repeating itself" by Bianca Kastl. Just like with Mireia, I was so happy to see Bianca accepting our invite to give a keynote at osco this year. I've seen her and Martin Tschirsich's talk about the German electronic health record at CCC last year which left me very impressed, and I was following her since. Her keynote at osco was such a great reminder on what we already learned in the past, and an analysis on why we keep repeating similar mistakes. Make sure to check out the live posts for Bianca's keynote to learn more!
    Post by @mkalmes@hachyderm.io
    View on Mastodon
  • Evening news. This is where everyone comes together again to reflect upon what happened during the day, sharing thoughts and feedback, giving kudos. It's also the place to create our evening (and early morning) program. Lots of sessions came together, just loved seeing people use this space as well.
  • Dinner. For me, conversations over food are just awesome. Especially at conferences. Thoroughly enjoyed having proper time to talk before the evening program started.
  • "Capture the Flag Together (Adventurers Edition)" by me. Yes, I just can't get enough of these sessions. This time, no guidance was available - it was up to us to explore, get into the system and find the secret flags. And we did! What an awesome group to learn with. 
  • Lockpicking at the bar. The evening (or shall I say night) wasn't over yet. People tend to gather at the bar as the last stop to socialize just a bit more before bedtime. Some people played games, some just talked. I joined a group who tried their skills at lockpicking. I always wanted to try this out, yet missed my opportunities at past conferences so far. Now I finally had my hands on a first practice lock to learn how simple locks work and how you can exploit tolerances to make them open. Well, we didn't have much time that evening, yet it was enough to get intrigued and get myself an entry-level practice set for myself at home.
Post by @lisihocke@mastodon.social
View on Mastodon
Post by @lisihocke@mastodon.social
View on Mastodon

Saturday

  • Open Space Marketplace. From now on, my fellow co-organizers Janina Nemec and Christian Ciochina took over the moderation, and they did wonderfully. Once again, so many people queued up and presented their session ideas. Once again, we quickly had a program for the day where it was hard to choose which sessions to go to and hence which sessions to miss out on.
  • "Osco 2026" by Claudius, Janina and me. Just like last year, we organizers offered a dedicated slot to talk about next year's edition. Ideas, improvements, wishes, good things to keep. Also, answering any questions regarding organizing, and seeing if there's anyone willing to support our endeavors. We received so much invaluable feedback! Much appreciated, many thanks to everyone who came.
  • "Dark OSINT 4 Good" by Kristof Van Kriekingen. What an awesome talk, what a frightening scary world, and what an amazing initiative to use OSINT skills for good causes. I really don't want to spoil this one at all. If you ever have the chance to see this one, go for it. 
  • "Trust me, I'm lying" by Kush Mehra. Really interesting talk around all things deception tactics, honeypots, and other approaches to defend against adversaries. I hope this one becomes a full conference talk, more people should learn from it.
  • Lunch. Obviously! Great food, great conversations. Time to digest what we learned so far.
  • Organizer session. This was a closed, non-public side-track. Nothing I can reveal here as of now!
  • "Hacking Toys" by Sebastian Strobl. Really interesting session on all kinds of little offensive security tools, educational and fun. You might have heard of the Flipper Zero, yet there are more tools like the Wi-Fi Shadowapple, the PwnagotchiBjorn, or the PiSquirrel.
  • "SecCardGame needs content, ideas and other things" by Martin Schmidt and me. You might remember, I'm part of a little group developing a security card game as a no-pressure, leisure-time project. Where to present it better than at osco and ask people to playtest! (Such a pity Philipp Zug couldn't be there as well, we missed you.) Martin did an awesome job taking the lead for the session, explaining the background of the game, where we are now, how things are currently working. We played two different scenarios together with the group and found lots of improvement ideas! People also really liked it, which is in combination super encouraging for us to keep going evolving this little game of ours.
    Post by @inw@mastodon.social
    View on Mastodon
  • Evening news. The last full open space day came to an end. Once again, people shared which sessions impressed them or left them with insights, how they experienced this open space, gave credit where credit was due. We also invited them to a little continuous retro board until we all had to leave. And of course evening and morning sessions were announced as well. The highlight of this last evening's news: we had gathered tip money for the hotel during the conference, and now was the time to hand it over to the staff members. Super grateful for such awesome folks supporting us throughout, they fully deserved the applause!
  • Dinner. I found yet another little awesome dinner group - to all of you: thank you for letting me vent and rant with you in a safe space about the systems I grew up in! Really appreciated it.
  • "Capture the Flag Together (Adventurers Edition)" by me. Well, what can I say. Once I found like-minded people... it's really hard not to do yet another hacking session together! Once again, we found the flags. We had fun. We learned. Just having a great time.
  • Hanging out at the bar, playing SET. Of course it's ending at the bar, as every night. My fellow co-organizer Janina and I, we have the tradition to always play a game of SET every day we see each other. This osco, we didn't get around to do so yet. At least on the final evening, we had to correct this and it was just awesome. You know, when you're super tired, and you're playing a game really requiring your brain capacity - what could be more fun? Of course we're playing anyways!
Post by @lisihocke@mastodon.social
View on Mastodon
Post by @lisihocke@mastodon.social
View on Mastodon

Sunday

  • "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day" by me. I've given this workshop for the first time at SoCraTes 2024 and it seemed to land very well with that crowd. Hence, I decided to submit it to further conferences this year. It was indeed accepted for three events in the coming weeks. Therefore, I wanted to give it once upfront in a rather informal setting to get a feeling again for this workshop - what better place than osco? I decided to give it in a very relaxed way, adapted to our setting. And it seems people did enjoy it indeed! They learned, they contributed, they had fun, it initiated lots of conversations. What more is there to want. :)
    Post by @lisihocke@mastodon.social
    View on Mastodon
  • Lunch. Most people already had to leave at some time during the morning, so lots of goodbyes were already had. We had cleaned up most rooms already last night as we closed them, and the last bits were quick and easy to do just before lunch, especially with folks helping together. During lunch, only a small little group was still there. It was one more lovely conversation.
  • Train ride home. I was fortunate not leaving home alone. We were still three people, sharing the same train. So conversations continued until the very end, keeping the osco atmosphere alive. Very, very grateful for you two, you know who you are.

Arriving home, osco was officially over for me as well! As a participant that is, there's of course lots of follow-ups as an organizer. ;) Yet looking back as a participant, there are a few more notes to make.

    As those who didn't know me yet might have noticed, I'm not a morning person at all (yet have to get up even earlier for organizing) - and as the day gets longer, my day gets better. I'm an absolute night owl so while other organizers were among the first ones up (some even went running in the morning), I was with the last ones standing every night. I don't regret one bit.

    The hotel staff are super kind, attentive, and accommodating. The food at this venue is plenty and real delicious. The place and its surrounding landscape is beautiful. Everything is close together and perfect for an open space conference. Add to that the awesome folks we had - it's just perfect.

    Lastly: we did spread physical kudos cards and encouraged people to use them. This year, it worked super well. I've seen many cards with little notes of appreciation being exchanged. I handed out many myself, I got many back. I can't tell you how good both giving and receiving such little cards feels. Maybe try it out for yourself if you haven't so far and see what happens.

    Post by @lisihocke@mastodon.social
    View on Mastodon

     

    What Others Said about #osco25

    Let's have people speak for themselves! Here are my favorite posts people made during or after the conference. I'm still stunned what they had to say. 

    These were my personal highlights, yet there's more! Just look for the hashtags #osco and #osco25 on Mastodon, LinkedIn, and Bluesky.

    We also received lots of feedback what we should keep and what we can improve or try out for next year's edition. Lots of awesome ideas, I'm already curious which of them we can implement the next year and how the next edition will look like.

    Post by @F30@chaos.social
    View on Mastodon

     

    See you at #osco26!

    While we organizers still need to update our website (and absolutely take a break to recharge), I can already share one thing: there will be an Open Security Conference 2026 on November 5 - 8. Save the dates and see you there!

    Post by @OSCo@infosec.exchange
    View on Mastodon
    Post by @inw@mastodon.social
    View on Mastodon
    Post by @realn2s@infosec.exchange
    View on Mastodon
    Posted by at No comments:
    Labels: , , ,

    Tuesday, August 19, 2025

    The Calmness Tide - It Comes and Goes in Waves

    Remember I'm doing a personal challenge this year? It's all around my inner critic and finding calmness again while being content with steady progress, even tiny steps. To be frank, the first half of the year was rather packed and exciting. Not the easiest moment to find calm in everything, so what better time to do this challenge than this year?

     

    What happened? 

    Career-wise, I started a new job and also switched roles by doing so. As a security engineer, I'm now fully focusing on product security and all that comes with it. You could say I'm still a specialized generalist also in this field, yet that's food for thought for a dedicated post. 

    Starting out at my current company was challenging in different ways than I expected. Over six months in, I can now share I definitely made the right choice when picking this role, company and team. I really enjoy my time there and the impact we can have together. At this place, I can go at a sustainable pace (and am even encouraged to do so). I can contribute using the knowledge, skills, and network I've built over many years. At the same time, I can learn so much more in an area that intrigues me every day. 

    I love my new position as a security engineer. I found that it's both very similar to my past roles (e.g. with regards to building value in from the start, affecting change, fostering a collaborative learning culture, the holistic technical system knowledge, a whole variety of things to learn and do) - and it's also very different (now I'm focusing on security as one main quality aspect, and I'm in a central enabler team which brings different opportunities and challenges to face).

    My team is just awesome. In the past, I've never joined a team where I encountered such maturity, accountability, and reliability in my team mates right from the start. We've grown into a real team in no time, and continue to find better ways to work together with each other and the engineering teams we support. Things like prioritization of the highest value initiatives, balancing reactive and proactive work, increasing resilience through sharing work, providing sounding boards and pairing. We even had first ensemble sessions. The usual, and yet from a different perspective. 

    The company keeps surprising me in very positive ways, especially when it comes to upper leadership and acknowledging both achievements and shortcomings, plus their own accountability in this. Taking concrete actions to find better ways. Mind me, this is not taken for granted at all. Also, I do appreciate the culture that's currently in place and keeps evolving. Yes, there's room for improvement (wouldn't it be boring if not?), and yet: when it comes to working with the other engineering teams I've encountered folks being genuinely open to exchange insights and learn from each other. This makes it so much easier for everyone to make informed decisions together on what is feasible and worth doing to increase our product's security posture. 

    Personally, I love that I worked on a variety of topics already. They went from improving the ease of vulnerability scanning, to security reviews and threat models, to assessing third party tools to integrate into our product. From investigating infrastructure alerts, to alert teams ourselves of new vulnerabilities discovered, to joining incident investigations. Discussing risk, thinking ahead on scaling and enabling teams. And many more. Well, there are lots of topics worth sharing and I'm going to see what I'll mold into future content.

     

    That wasn't it, though.

    Not by far. There are also the community things I'm pursuing next to work. Here's what I focused on during the first half of the year.

    • I'm co-organizing the Open Security Conference for the second year in a row. We've had to find ourselves in our new organizer team, and had quite some prep work to do. We're currently in the hot phase - registration is open, and the last operational bits need to get done to set things up for success. It's looking good though, and I'm really getting excited! By the way, we're looking for further sponsors to get the price down for everyone. In case you're interested or know companies who would, please reach out. We'd be truly grateful for your support!
    • The leadership workshop series that I co-facilitated with Shiva Krishnan for a first community cohort is now finally finished. Phew, that was some kind of a ride! It took us over a year, yet it's done and we've learned a ton. We were glad to hear from our cohort that this series was really valuable for them. It'll need further reflection how to move on in the future. For the current cohort format, we had heavily underestimated the difference between doing such things with colleagues at work or with community folks next to work, where personal schedules play an even bigger role. But we made it! At least for this year, this topic is actually concluded.
    • As a leisure side project, I'm still working on the security card game with my fellow co-conspirators. Slowly but steadily for real. The last SoCraTes really encouraged us to keep going. Good thing here is, while it still needs time investment, it's constrained and highly flexible, without imposed pressure. 
    • I've started my first capture the flag (CTF) team for real. We participated in our first CTF this year and it was a blast. We keep meeting regularly for practice, and looking out for further intriguing CTFs we can tackle together. I've learned a lot already through this fun deliberate practice setup, including that I still have a long way to go. These challenges can be super frustrating. "Easy" labels got a whole new meaning here - it really depends on what you're already familiar with and what not, and how much is in your "go to" list of things to try based on experience. And yet, they're so worth it. I love that this team is very collaborative, really tackling challenges together which makes it special to me.
    • That not being enough, I've joined my second CTF group after SoCraTes. It's not really a team to take on CTFs together, yet people are regularly coming together online to try their hands on practice machines and help each other as they go. This is another interesting opportunity for me. I've already seen it help me hold myself more accountable to practice during the agreed time even if no one else is online.
    • Of course there's not only the "calm" part of my personal challenge this year, there's also the "steady" part. Meaning, I'm working actively on learning topics. I've started with a variety of things and realized that while variety is nice when you just want to follow your energy, I need more focus to perceive progress as it's very small each day. Right now, I've reduced my options to mostly the CTF hands-on practice opportunities I described above and reading books. I'm moving very slowly yet steadily, while trying to keep my inner critic at bay. No matter how fast others consume such books (like, over a weekend, while it takes me months). On some days that's easier than on others! 
    • As I've done over many years, I'm still having both regular and on demand calls with community folks to exchange knowledge, ideas, and inspiration. Granted, they do cost time and yet they are a valuable investment into fostering my network and learning through serendipity. The good thing, more often than not, I'm regaining energy from such check-ins. They make me realize time and time again why I'm doing what I'm doing.
    • Conference season is starting in fall this year for me. I've paused things for the first half due to changing jobs. Every time I do so, I first have to figure out what's okay when it comes to speaking engagements and the off time that comes with it. I'm ever so grateful for my truly supportive and encouraging manager here! Again, not taken for granted. It makes it so much easier, though. So yeah, conference season starts in fall which also means preparation takes place before. Even though I'm giving sessions that I already gave last year, I still need to invest effort to arrange things. I have four conference speaking engagements lined up for the rest of the year (plus my own conference of course). At Agile Testing Days, I'm also co-chairing the brand-new security testing deep dive track. Enough to keep me busy for the rest of the year! 
    • Last, definitely not least: Physical health is keeping me pretty busy as well next to my mental challenge. Fortunately, nothing too bad so far, yet stuff that has built up over many years is now cashing in. It's more than enough that I needed to prioritize this and deliberately work on a few areas in a more focused way. The bad news is that this is also consuming lots of time and energy, while at the same time I clearly need more rest and sleep. The good news is that this effort is perceivably paying off (slowly, very slowly - I'm needing lots of patience).

     

    The Challenge of No, Not Now, Not Anymore, Just No 

    I realized a few things that would help me on my journey of struggling less. And most of these came rather quick and easy, like "I'm okay with only making little progress with my challenge topics". I was surprised how easy. Or being okay with balancing out my working hours every week. Others were fine too, like documenting influences on my health and indicators of calm. I was okay to document all the activities I'm doing, how much time I spend on them, and what I want to do differently in the future. I even managed to actually make some of these changes (at least temporarily). Yet then I struggled massively. I knew I couldn't go on doing everything, I had to cut things. Yet which? I had already cut them to only things I really want to do.

    That made me realize, even though I'm saying "no" to lots of things already, I've accumulated way too many things that I've said "yes" to in the past and then just never let go. And I still say "yes" to new things as well. That simply doesn't add up, given I still have the same amount of hours every day that I can use to a highly variable degree that's different every day. So I tried coming up with a rather short list of things that are truly important to me as of now, and focus on those. Worked for a short while. This way, I even came up with yet a shorter list of things I claimed to be the main recipe to joy and calmness while learning! And then a very stressful period of six weeks followed, and I threw everything overboard. Maybe it truly is the recipe for me - and still I might not listen to it. So I created yet another new list of the things I'd like to transition my focus to. Plus a new version of my recipe, as you do.

    And yet, nearly every week feels like a puzzle to solve, another round of Tetris (for the record, I hate Tetris), a house of cards that might collapse any moment an interruption occurs. It doesn't feel sustainable. At least not yet. Too often, it feels more like pressing on to make everything happen without stopping to think. Which also means, it's harder to celebrate achievements and enjoy the little moments for longer. It's harder to keep up my energy - even though I know I can do a lot if I have the energy.

    One thing that did help me so far was pressing the pause button on blogging. It truly hurt and at the same time was a relief. Something simply had to go. Even though I wanted to take time to reflect on things publicly, I reduced it to my private space only. I still kept journaling throughout the year, and it paid off heavily so far. Not only to get some thoughts out of my head and documented for my future self, but also to see in hindsight how things actually progressed. All that, while only spending a few minutes per day on it, which is a huge difference compared to doing this more publicly on a blog or just social media, even when keeping things informal. What helped with this temporary decision was that I noticed I had stopped one thing for a whole while now, mostly related to my former work situation: posting public notes on social media on what happened day by day, what I learned, the experiments tried and insights gained. I simply didn't have the capacity and energy for it. My conscious decision to pause blogging for now was indeed a good one for the last months. Only these days are now starting to be way less hectic with more time to sit down and write about what's moving me. Let's see what happens.

    There's more to cut, and cut for real. Probably a lot. Ruthlessly. To regain focus, headspace, and slack. Very tricky challenge for me. So this is by far not solved. Instead, I only became even more acutely aware of the issue. I do indeed spread myself too thin. I rush from one thing to the other, one due date to the next. It's a hamster wheel that keeps me from thinking. Yet calm thoughtful focus is what would help me most. Let alone that I also want to start (or re-start) other endeavors which do need time investment. More to think about.

    So, probably the hardest thing that I'm still working on is shifting my priorities in how I (want to) spend my time. Haven't figured that one out yet. And as of today, that's strangely okay and not okay at the same time, and I still don't know what to do with it. 

     

    The Importance of Being Joyful 

    Speaking of slack. I really want to cut myself more slack. And I really keep struggling doing so. Slack for pure joy topics, like playing computer games. It's one of these things I truly do just for myself, no one else. In the last half year, whenever I had lots of tasks to do in front of me (like, every day), and yet I said "I don't care, I'll play a game first", that day was a good day. Preponing play before work seemed to somehow really wake me up, calibrate my brain and enable me to think. Any work I've done afterwards was way more effective than on other days. And these days felt good. I've found myself a new mantra this way: "Play first, work later". On bad days, it's still hard to unlearn the former "business before pleasure" indoctrination I grew up with. It just meant for me that play never comes as work never ends. I'm still optimistic that finally I can rewire my brain and replace this with the new narrative that works a lot better for me at this moment in time.

    Another realization I've had was that I reserved "joy" for only those "pure personal joy without any other purpose" things. Like playing computer games as mentioned. Or... well, what else? Lots of other things also bring me joy, yet "they don't count" for my brain. Like enjoying a really nice cup of tea. Several times a day! So many different flavors! I could go on endlessly on how much joy this brings me as I absolutely adore tea, and it's my perfect example of finding lots of joy in the little things. Or how about reading fiction when already in bed? Yes, brings joy, yet nah doesn't count, that's just a normal thing I'm doing anyways. Nothing special. But that applies to lots of examples. Like watching an episode of a TV show during dinner. Or just taking a few conscious breaths of outside air. Or loving the rewarding payout of exercise (heck, even the time while I'm exercising). Or meeting friends I truly enjoy spending time with. Or when I realize I learned something new, that moment it clicked when another piece of the puzzle found its place. Why do I never count any of these as joy while they clearly are very joyful?

     

    Paying Off Plenty 

    Overall, the last months were a lot. Surprisingly or not, my calm and steady journey pays off. Not because I was always as calm as I wanted to be, or as content with very small progress as I'd love to be. But because I listened a lot closer to my own needs, to my own wishes, to my brain and my body. I keep observing more what's going on with me in each moment and what makes me respond in which way. I become aware on further things that impact me in certain ways. Through journaling, I realized that my inner critic got rarely loud and noisy this year which is great news, as this would render it useless. Only sometimes it did alert me to something that was actually a valid concern. Like at times when I realized I indeed don't know enough on a certain subject, or when I haven't invested enough time into honing a skill while others clearly had. The rest of the time, my inner critic was actually quite calm. It's almost as if trusting my inner critic to have something valuable to say, actually calmed it down.

    Calmness comes, calmness goes, and then it comes again. I can trust that the phases when I'm not calm (like, literally last week when my mind once again ran wild fearing nothing's going to work out) are indeed just that, phases. Usually, it's because I lack clarity or structure, or feel overwhelmed when too many things need my attention at once. When that happens, my ability to think degrades and I spend more and more time on just managing that. Once I get through this period, e.g. by getting all my thoughts written down before me were I can see them clearly, then bringing structure to them so I can tackle one by one and hence get things done (even if slowly) - then I'm riding the calmness wave again. And things feel good. What helps here immensely, is that my work environment really calmed down thanks to having switched jobs. Now for the rest, it's mostly my own brain and body. I can work with that.

    My plans for the rest of the year? Continue this challenge. Create content. And contribute to conferences. Lots of C's, as it happens. But not without the main ingredient for everything: calm.

    Posted by at No comments:
    Labels: , , ,
    Subscribe to: Comments (Atom)