Tuesday, August 19, 2025

The Calmness Tide - It Comes and Goes in Waves

Remember I'm doing a personal challenge this year? It's all around my inner critic and finding calmness again while being content with steady progress, even tiny steps. To be frank, the first half of the year was rather packed and exciting. Not the easiest moment to find calm in everything, so what better time to do this challenge than this year?

 

What happened? 

Career-wise, I started a new job and also switched roles by doing so. As a security engineer, I'm now fully focusing on product security and all that comes with it. You could say I'm still a specialized generalist also in this field, yet that's food for thought for a dedicated post. 

Starting out at my current company was challenging in different ways than I expected. Over six months in, I can now share I definitely made the right choice when picking this role, company and team. I really enjoy my time there and the impact we can have together. At this place, I can go at a sustainable pace (and am even encouraged to do so). I can contribute using the knowledge, skills, and network I've built over many years. At the same time, I can learn so much more in an area that intrigues me every day. 

I love my new position as a security engineer. I found that it's both very similar to my past roles (e.g. with regards to building value in from the start, affecting change, fostering a collaborative learning culture, the holistic technical system knowledge, a whole variety of things to learn and do) - and it's also very different (now I'm focusing on security as one main quality aspect, and I'm in a central enabler team which brings different opportunities and challenges to face).

My team is just awesome. In the past, I've never joined a team where I encountered such maturity, accountability, and reliability in my team mates right from the start. We've grown into a real team in no time, and continue to find better ways to work together with each other and the engineering teams we support. Things like prioritization of the highest value initiatives, balancing reactive and proactive work, increasing resilience through sharing work, providing sounding boards and pairing. We even had first ensemble sessions. The usual, and yet from a different perspective. 

The company keeps surprising me in very positive ways, especially when it comes to upper leadership and acknowledging both achievements and shortcomings, plus their own accountability in this. Taking concrete actions to find better ways. Mind me, this is not taken for granted at all. Also, I do appreciate the culture that's currently in place and keeps evolving. Yes, there's room for improvement (wouldn't it be boring if not?), and yet: when it comes to working with the other engineering teams I've encountered folks being genuinely open to exchange insights and learn from each other. This makes it so much easier for everyone to make informed decisions together on what is feasible and worth doing to increase our product's security posture. 

Personally, I love that I worked on a variety of topics already. They went from improving the ease of vulnerability scanning, to security reviews and threat models, to assessing third party tools to integrate into our product. From investigating infrastructure alerts, to alert teams ourselves of new vulnerabilities discovered, to joining incident investigations. Discussing risk, thinking ahead on scaling and enabling teams. And many more. Well, there are lots of topics worth sharing and I'm going to see what I'll mold into future content.

 

That wasn't it, though.

Not by far. There are also the community things I'm pursuing next to work. Here's what I focused on during the first half of the year.

  • I'm co-organizing the Open Security Conference for the second year in a row. We've had to find ourselves in our new organizer team, and had quite some prep work to do. We're currently in the hot phase - registration is open, and the last operational bits need to get done to set things up for success. It's looking good though, and I'm really getting excited! By the way, we're looking for further sponsors to get the price down for everyone. In case you're interested or know companies who would, please reach out. We'd be truly grateful for your support!
  • The leadership workshop series that I co-facilitated with Shiva Krishnan for a first community cohort is now finally finished. Phew, that was some kind of a ride! It took us over a year, yet it's done and we've learned a ton. We were glad to hear from our cohort that this series was really valuable for them. It'll need further reflection how to move on in the future. For the current cohort format, we had heavily underestimated the difference between doing such things with colleagues at work or with community folks next to work, where personal schedules play an even bigger role. But we made it! At least for this year, this topic is actually concluded.
  • As a leisure side project, I'm still working on the security card game with my fellow co-conspirators. Slowly but steadily for real. The last SoCraTes really encouraged us to keep going. Good thing here is, while it still needs time investment, it's constrained and highly flexible, without imposed pressure. 
  • I've started my first capture the flag (CTF) team for real. We participated in our first CTF this year and it was a blast. We keep meeting regularly for practice, and looking out for further intriguing CTFs we can tackle together. I've learned a lot already through this fun deliberate practice setup, including that I still have a long way to go. These challenges can be super frustrating. "Easy" labels got a whole new meaning here - it really depends on what you're already familiar with and what not, and how much is in your "go to" list of things to try based on experience. And yet, they're so worth it. I love that this team is very collaborative, really tackling challenges together which makes it special to me.
  • That not being enough, I've joined my second CTF group after SoCraTes. It's not really a team to take on CTFs together, yet people are regularly coming together online to try their hands on practice machines and help each other as they go. This is another interesting opportunity for me. I've already seen it help me hold myself more accountable to practice during the agreed time even if no one else is online.
  • Of course there's not only the "calm" part of my personal challenge this year, there's also the "steady" part. Meaning, I'm working actively on learning topics. I've started with a variety of things and realized that while variety is nice when you just want to follow your energy, I need more focus to perceive progress as it's very small each day. Right now, I've reduced my options to mostly the CTF hands-on practice opportunities I described above and reading books. I'm moving very slowly yet steadily, while trying to keep my inner critic at bay. No matter how fast others consume such books (like, over a weekend, while it takes me months). On some days that's easier than on others! 
  • As I've done over many years, I'm still having both regular and on demand calls with community folks to exchange knowledge, ideas, and inspiration. Granted, they do cost time and yet they are a valuable investment into fostering my network and learning through serendipity. The good thing, more often than not, I'm regaining energy from such check-ins. They make me realize time and time again why I'm doing what I'm doing.
  • Conference season is starting in fall this year for me. I've paused things for the first half due to changing jobs. Every time I do so, I first have to figure out what's okay when it comes to speaking engagements and the off time that comes with it. I'm ever so grateful for my truly supportive and encouraging manager here! Again, not taken for granted. It makes it so much easier, though. So yeah, conference season starts in fall which also means preparation takes place before. Even though I'm giving sessions that I already gave last year, I still need to invest effort to arrange things. I have four conference speaking engagements lined up for the rest of the year (plus my own conference of course). At Agile Testing Days, I'm also co-chairing the brand-new security testing deep dive track. Enough to keep me busy for the rest of the year! 
  • Last, definitely not least: Physical health is keeping me pretty busy as well next to my mental challenge. Fortunately, nothing too bad so far, yet stuff that has built up over many years is now cashing in. It's more than enough that I needed to prioritize this and deliberately work on a few areas in a more focused way. The bad news is that this is also consuming lots of time and energy, while at the same time I clearly need more rest and sleep. The good news is that this effort is perceivably paying off (slowly, very slowly - I'm needing lots of patience).

 

The Challenge of No, Not Now, Not Anymore, Just No 

I realized a few things that would help me on my journey of struggling less. And most of these came rather quick and easy, like "I'm okay with only making little progress with my challenge topics". I was surprised how easy. Or being okay with balancing out my working hours every week. Others were fine too, like documenting influences on my health and indicators of calm. I was okay to document all the activities I'm doing, how much time I spend on them, and what I want to do differently in the future. I even managed to actually make some of these changes (at least temporarily). Yet then I struggled massively. I knew I couldn't go on doing everything, I had to cut things. Yet which? I had already cut them to only things I really want to do.

That made me realize, even though I'm saying "no" to lots of things already, I've accumulated way too many things that I've said "yes" to in the past and then just never let go. And I still say "yes" to new things as well. That simply doesn't add up, given I still have the same amount of hours every day that I can use to a highly variable degree that's different every day. So I tried coming up with a rather short list of things that are truly important to me as of now, and focus on those. Worked for a short while. This way, I even came up with yet a shorter list of things I claimed to be the main recipe to joy and calmness while learning! And then a very stressful period of six weeks followed, and I threw everything overboard. Maybe it truly is the recipe for me - and still I might not listen to it. So I created yet another new list of the things I'd like to transition my focus to. Plus a new version of my recipe, as you do.

And yet, nearly every week feels like a puzzle to solve, another round of Tetris (for the record, I hate Tetris), a house of cards that might collapse any moment an interruption occurs. It doesn't feel sustainable. At least not yet. Too often, it feels more like pressing on to make everything happen without stopping to think. Which also means, it's harder to celebrate achievements and enjoy the little moments for longer. It's harder to keep up my energy - even though I know I can do a lot if I have the energy.

One thing that did help me so far was pressing the pause button on blogging. It truly hurt and at the same time was a relief. Something simply had to go. Even though I wanted to take time to reflect on things publicly, I reduced it to my private space only. I still kept journaling throughout the year, and it paid off heavily so far. Not only to get some thoughts out of my head and documented for my future self, but also to see in hindsight how things actually progressed. All that, while only spending a few minutes per day on it, which is a huge difference compared to doing this more publicly on a blog or just social media, even when keeping things informal. What helped with this temporary decision was that I noticed I had stopped one thing for a whole while now, mostly related to my former work situation: posting public notes on social media on what happened day by day, what I learned, the experiments tried and insights gained. I simply didn't have the capacity and energy for it. My conscious decision to pause blogging for now was indeed a good one for the last months. Only these days are now starting to be way less hectic with more time to sit down and write about what's moving me. Let's see what happens.

There's more to cut, and cut for real. Probably a lot. Ruthlessly. To regain focus, headspace, and slack. Very tricky challenge for me. So this is by far not solved. Instead, I only became even more acutely aware of the issue. I do indeed spread myself too thin. I rush from one thing to the other, one due date to the next. It's a hamster wheel that keeps me from thinking. Yet calm thoughtful focus is what would help me most. Let alone that I also want to start (or re-start) other endeavors which do need time investment. More to think about.

So, probably the hardest thing that I'm still working on is shifting my priorities in how I (want to) spend my time. Haven't figured that one out yet. And as of today, that's strangely okay and not okay at the same time, and I still don't know what to do with it. 

 

The Importance of Being Joyful 

Speaking of slack. I really want to cut myself more slack. And I really keep struggling doing so. Slack for pure joy topics, like playing computer games. It's one of these things I truly do just for myself, no one else. In the last half year, whenever I had lots of tasks to do in front of me (like, every day), and yet I said "I don't care, I'll play a game first", that day was a good day. Preponing play before work seemed to somehow really wake me up, calibrate my brain and enable me to think. Any work I've done afterwards was way more effective than on other days. And these days felt good. I've found myself a new mantra this way: "Play first, work later". On bad days, it's still hard to unlearn the former "business before pleasure" indoctrination I grew up with. It just meant for me that play never comes as work never ends. I'm still optimistic that finally I can rewire my brain and replace this with the new narrative that works a lot better for me at this moment in time.

Another realization I've had was that I reserved "joy" for only those "pure personal joy without any other purpose" things. Like playing computer games as mentioned. Or... well, what else? Lots of other things also bring me joy, yet "they don't count" for my brain. Like enjoying a really nice cup of tea. Several times a day! So many different flavors! I could go on endlessly on how much joy this brings me as I absolutely adore tea, and it's my perfect example of finding lots of joy in the little things. Or how about reading fiction when already in bed? Yes, brings joy, yet nah doesn't count, that's just a normal thing I'm doing anyways. Nothing special. But that applies to lots of examples. Like watching an episode of a TV show during dinner. Or just taking a few conscious breaths of outside air. Or loving the rewarding payout of exercise (heck, even the time while I'm exercising). Or meeting friends I truly enjoy spending time with. Or when I realize I learned something new, that moment it clicked when another piece of the puzzle found its place. Why do I never count any of these as joy while they clearly are very joyful?

 

Paying Off Plenty 

Overall, the last months were a lot. Surprisingly or not, my calm and steady journey pays off. Not because I was always as calm as I wanted to be, or as content with very small progress as I'd love to be. But because I listened a lot closer to my own needs, to my own wishes, to my brain and my body. I keep observing more what's going on with me in each moment and what makes me respond in which way. I become aware on further things that impact me in certain ways. Through journaling, I realized that my inner critic got rarely loud and noisy this year which is great news, as this would render it useless. Only sometimes it did alert me to something that was actually a valid concern. Like at times when I realized I indeed don't know enough on a certain subject, or when I haven't invested enough time into honing a skill while others clearly had. The rest of the time, my inner critic was actually quite calm. It's almost as if trusting my inner critic to have something valuable to say, actually calmed it down.

Calmness comes, calmness goes, and then it comes again. I can trust that the phases when I'm not calm (like, literally last week when my mind once again ran wild fearing nothing's going to work out) are indeed just that, phases. Usually, it's because I lack clarity or structure, or feel overwhelmed when too many things need my attention at once. When that happens, my ability to think degrades and I spend more and more time on just managing that. Once I get through this period, e.g. by getting all my thoughts written down before me were I can see them clearly, then bringing structure to them so I can tackle one by one and hence get things done (even if slowly) - then I'm riding the calmness wave again. And things feel good. What helps here immensely, is that my work environment really calmed down thanks to having switched jobs. Now for the rest, it's mostly my own brain and body. I can work with that.

My plans for the rest of the year? Continue this challenge. Create content. And contribute to conferences. Lots of C's, as it happens. But not without the main ingredient for everything: calm.

Posted by at No comments:
Labels: , , ,

Sunday, August 3, 2025

SoCraTes 2025 - Coming Home

For the fourth time I've come home to SoCraTes, the International Conference for Software Craft and Testing. It already felt like coming home last year and I knew I wouldn't miss this edition. And it even felt more like home this year. I love this colorful crowd who are so eager to learn with and from each other. It's been a wonderful place for me to test out security-focused sessions that I could bring to conferences and find like-minded folks for lots of community initiatives I'm contributing to. Here's my report for 2025, to help my future me remember and maybe inspire more folks to give this awesome conference a try.

 

Arrival on the Day Before

I've had the pleasure to share my train ride with Martin Schmidt, a dear friend I met a few years back at SoCraTes, and hence slowly getting into the vibe of exchanging knowledge and experiences that would await us at the conference. Not only on all things tech and software, yet anything that moved us at that moment, ranging from personal lives, career situations, societal and socio-technical systems we're part of, hobbies, passionate projects, health, personal realizations, and more. Literally anything, as full humans. Which is what I love about this conference. We can't fully separate our work selves anyways - here we really don't have to.

SoCraTes cares for people. This shows from the start when we still tested ourselves for Covid before mingling with others - which was a great catch, unfortunately there were cases who then couldn't enjoy the conference. This evening, I've seen the first folks again I've already met the last years as well as new acquaintances. Like meeting Ruth Malan for the first time in person, after following her for a while on socials! Dinner time is perfect for this, checking in with each other, exchanging hopes for the next days. This is also why I love to come early when not as many people are there yet, it really eases me into the conferencing joy awaiting me without the mass of people instantly overwhelming me. 

 

Training Day

This year, I did not give an official training myself, so I was completely free for a change which was also really nice. The training sessions I've joined were the following.

  • "Know your tools: git" by Martin Schmidt. Yes, I do know git and used it for a long time. And at the same time, I'm well aware of all the things git also offers that I don't know about. Lastly, I usually always learn something new when joining trainings by other folks as they will structure content differently, explain things in different ways, and so on. Hence, I was curious about what I'll learn from Martin! I really appreciated that he had various modules prepared so the audience could choose what they were most interested in learning about. Same applied to exercises versus theory, kudos to him for listening to people's needs here! Martin had prepared a whole website for the git training with instructions and all kinds of useful commands - such a good resource to take with us. Conclusion: I indeed knew quite a bit about git before and yet I learned about features new to me that come in hand.
  • "Digital Dominoes: Understanding Modern Security - From Supply Chain Attacks to the life cycle of a vulnerability" by Avraham Poupko. Avraham reminded us that while most of software security is a discussion that assumes malice, that there's an evil person on the other side who wants to take away what we consider to be ours, that there's also the side where it's about negligence, like losing stuff. He walked us through the lifecycle of a vulnerability and emphasized that confidence in a company can be really shattered through CVEs - no matter if they are fixed or not. Avraham elaborated on supply chain attacks and what common attack patterns are, how trusted and yet verified sources are crucial. He left us with a few practical action items: security by design, not by accident; patch fast, patch smart; and monitor everything, question anomalies.
  • "The Evolution of Team Co-intelligence: from Knowledge Work to Learning Work" by Diana Larsen. I've been following Diana for a long time on social media. This was my first opportunity to meet her in person and join one of her workshops! It was such a great session. We both learned theory and could instantly apply it in the group exercises, observing the group evolve and grow together. Diana provided lots of tangible advice, and language to talk about and take action on observations we make at our work places. For example, she shared how teams need purpose, autonomy and also co-intelligence to be effective motivated teams. She defined co-intelligence as collective intelligence + collaborative intelligence + trust + learning-centered - sharing ten qualities. We walked through all the steps we have to achieve to really reach high performing, or even resilient learning teams - and as with so many things, it has to start with building trust. Diana made us think of what we bring to our teams, what we can do to build co-intelligence, and what makes learning leaders. All of this has resonated a lot with me and my experience within teams so far.

After training day, the main conference started with the official opening and the world café. This is a great opportunity to get to know more people early on. This year, we had a different question per room to think about as a group, and these questions went rather deep. Like "If you could send one piece of advice back to yourself from 10+ years ago, what would it be?", "What's a skill you wish you'd developed earlier in your career, but you're glad you're learning now?" and "What's the most valuable mistake you've made in the last year, and what did it teach you about your craft?". Pretty daunting to break the ice and get to know each other! Yet it was great to see people share and open up, trusting this process and the space. I admit, these questions made me realize a few things about myself as well.

 

Open Space Day 1

The main conference consists of two open space days. With this conference, this is truly special, as for an open space I've never seen a bigger crowd so far. At SoCraTes Germany, it's usually around 200 people, all co-creating the program of each day in the morning. You never know what exactly will happen, and yet there will be so many amazing sessions to choose from that fear of missing out is high. I learned over the years to just let it happen, go with the flow, and also listen better to my needs to take breaks or tackle a different task that's on my mind. And yet, of course, I also had to propose sessions myself. An open space is just too good an opportunity not to! Especially as this is chance to test-drive talks and workshops, to pull information from all those knowledgeable participants, to try something out together, to discuss societal topics, and so much more. Here's how my first open space day went.

  • Hallway track: I remember I was tired that morning and I couldn't decide which session I wanted to go to, there were many interesting ones. As it happens, I didn't have to in the end - as I met awesome folks in the hallway and just went with having a nice conversation there. Both insightful and helping my brain relax and ease into the day.
  • "Building Secure Enough Products" by me. I was really curious about what people experienced to be bumps when trying to build secure software, and what they perceived as boosters. Now that I'm in the position of security engineer, this was even more interesting to me to see what we can do at my company to foster a culture where security measures help people accelerate delivery of sound software and prevent the things that get in their way. Loved the engaged conversation and collection of topics! 
  • "Sticky-Business" by Corstian Boerman. Corstian shared a fascinating story with me last year which led to many and more conversations. Because one day, he had found an envelope with a USB stick in his mailbox. This year, I nudged him to host a session to share this story of reverse engineering a USB thumb drive and what he learned from it with more people and was hyped that he agreed to do so! Make sure to check out his slides.
  • "Capture the Flag Together (For Beginners)" by me. I admit, SoCraTes was THE conference where I started these sessions and learned to love them. Like, for real. I've started them as very collaborative, whole group ensemble sessions to find the secret flags and solve these security puzzles together, using Hack the Box labs as our safe practice space. We've already found quite a lot of flags in the last years, and this year I decided to host a beginner session first before continuing the fun discoveries during the evening times. Seems it was a popular idea! Lots of people joined and we enjoyed cracking a few of the starting boxes together in just an hour. Some of these folks then also joined the evening sessions; it seems they got hooked just as I did back in the days! I just love seeing folks having fun learning more about security and ways to get into a system - it teaches us a lot about what we need to do (or should not do) to prevent this and defend the system.
  • "What does non-patriarchal, anti-capitalist* software delivery look like?" by Andrew Harmel-Law (*) Intersectional (anti-colonial, anti-racist, anti-classist, anti-sexist, anti-ableist, etc.) & inclusive. We don't just build and run software; we live in our codebases). What a very interesting conversation on all kinds of company systems and choices to deliver software. Lots of people engaged and shared their experiences and open questions, the challenges and opportunities they see. Quite a heavy topic at this point in the day, and still such a very much needed space to have these kinds of conversations. We will need to continue them and run experiments to find out what we can do to do better.

Dinner time! Lovely conversations. And it wouldn't be an open space and definitely not SoCraTes, if there weren't evening sessions suggested as well. Well, I was eager to host "Capture the Flag Together (For Adventurers)" sessions, of course! This evening, we spent four hours trying to solve a seasonal machine. We had found the user flag, yet the root flag still eluded us. Getting really tired, we concluded the session by midnight and called it a day, with the intention of trying it again the next night.

Oh, and it wouldn't be SoCraTes if we wouldn't play games either! Like the already traditional rounds of SET together with my dear friend Janina Nemec and anyone else who wanted to join.

Yeah, late nights and lack of sleep also come along with SoCraTes for me. Yes, it would be a lot wiser to join those who go to sleep early. No, I still cannot do this. Yes, I'm still (sort of) regretting this every single day after. And yet. It's just so good and such a unique chance during the year.

 

Open Space Day 2

In the beginning, it always feels like we're going to have so many days together, so much time to check in with everyone and learn and enjoy ourselves practicing whatever we're up for. And then the second open space day usually comes a lot sooner than expected! Well, here it was, with further sessions.

  • Hallway track: Yep, yet again I started the day opting out from a formal session and instead having a great conversation in the hallway. Maybe I should make this a habit, it really helped my slow morning brain going. This time, we talked about our varied experiences with AI tools. We also wondered about the utter lack of beginner positions these days. I mean, where should all those senior folks that companies are looking for come from in the end?
  • "Navigating Spaces". What a beautiful session, thanks so much to the host for creating the space for it. Lots of people opened up and shared parts of their identity and their struggles to navigate the spaces we're finding ourselves in, even within very open ones. We shared what helped us so far, what tips we tried and more. These ranged from embracing discomfort, doing things anyways, that companionship helps just as well as avoiding assumptions. Looking for the little indicators and signs of shared connection. Really thought-provoking and just wholesome.
  • "Hack the Parrot - Prompt Injection" by Jan Gregor Emge-Triebel. I had it on my list for a long time to practice prompt injection using Gandalf. Finally, this was my chance to do it for real! Loved that Jan hosted this session. We all learned a lot trying to trick an ever-evolving Gandalf into revealing the secret password to us. Such good fun and oh so relevant in our daily lives, as it's getting harder and harder by the day to get around LLMs and other AI tooling.
  • "Micro-retros, macro-retros, ad-hoc retros, continuous improvement" by Diana Larsen. Diana introduced us to lots of advice and tips on how to really achieve continuous improvement. Instead of waiting two weeks, we can include very brief retros in our everyday work. Sometimes, we need more folks to come together and reflect, not just our teams. Sometimes, we need additional retros on demand. Yet what matters is that we really activate our own learning by finding the right cadence, learning at the right scale, learning as frequently as possible, and continually improving.
  • "Getting into Security - Career Options" by me. I didn't plan to give this session, yet I was kindly asked to do so by another participant. How could I say no? I wondered if it would be interesting for more people, and then quickly realized - yes indeed, it was! Didn't expect so many folks to join and listen to me sharing my own journey into cybersecurity. For me it was also great practice in impromptu improvised storytelling - such a good skill to hone. It was great to realize that there's real interest, I might end up making a full session out of it. People appreciated me sharing my non-traditional way into tech and security, daring more as I went. They asked lots of questions, like how my everyday job looks like, about penetration testing, about certificates, and much more. And I was totally blown away when one person shared that I'm THE security person for them, given my history of bringing security sessions to SoCraTes. Just wow! That's also the beauty of an open space: be prepared to be surprised. 

As the main part of the conference ended, dates for the upcoming sibling SoCraTes conferences were shared. The organizers were so kind to allow Janina Nemec and me to also plug our own open space conference, the Open Security Conference - which originated at SoCraTes 2023 thanks to Claudius Link. In case you're curious, registration is still open - maybe see you in October!

After a lovely dinner with my dear friend Thierry de Pauw and their daughter, it was time for evening sessions again. And, how else could it be, a bunch of courageous adventurers dared to look for the secret root flag in another round of "Capture the Flag Together (For Adventurers)"! We can proudly report, we did get it together within around 90min. And then we talked for another 90min. And then we got curious about further Hack the Box challenges, like for mobile. As the first one was really straightfoward, we dared more. And ended up sitting long past midnight to de-obfuscate a piece of decompiled software to finally also get that flag! Many, many thanks to every single one for joining me on these fantastic journeys. I really cherish going on them together with you all.

 

Workshop Day

The final day of SoCraTes is dedicated to workshops everyone can propose and host. I've often joined the code retreat this day, yet this year, Martin Schmidt, Philipp Zug and I wanted to host a session on our own security card game, one of those other endeavors originating at SoCraTes. Last year, we hosted a session to introduce the game to people and received lots of great input. This year, we wanted to show our progress and test out the new additions like reputation and game scenarios we've added. We had a small but lovely group who were super hyped about this game as it initiated such good conversations on all things security, and stories to share. Two of our participants even shared that the current state would already be good enough to use in workshops! Such lovely and really encouraging feedback. Once again, more ideas were gathered, and we'll continue working on this leisure-time, low pressure and fun side project.

In the afternoon, I had planned to join another workshop, yet things turned out differently. You know, as they tend to do at SoCraTes! Instead of another workshop, I had wonderful conversations with various folks keeping me company. Talks about organizing conferences, company cultures, career choices, computer games, creating IDEs, and so much more.

The day flew by, and more and more people left the event, going back home. As usual, I chose to leave the next day only, as this way I could ease out of this awesome conference space and still enjoy the company of the last people standing. The last years, we've found various fun activities to end this last day. This year, things happened differently. After having dinner, my table round got small, down to two people. And then it grew again organically with more and more folks joining in over the course of many hours. We had a wonderful round of around eleven people, mainly having a group conversation about anything. People showed their pieces of art and craft. People shared fun stories. We talked about the past and the future. Or sat silently with each other at times, just enjoying our company and being there together. And as the night grew longer, the group grew smaller again, until we finally also went to bed.

A very wholesome ending to a wholesome conference.

 

All in All 

My huge thanks go out to so many people I've met again this year, and many people I met for the first time. You all know who you are. You are all awesome at co-creating this place together. My special observation this year was that this time, I didn't have to spend energy on calling out unfortunate behavior, calming down dominant voices taking up all space, and instead holding space for everyone to share. Or non-inclusive language and the like. This year, folks were really considerate, at least in the bubbles I've been part of. It just felt good and allowed us to spend our energy on things we wanted to spend it on. This was a real glimpse of how it could be.

Did I mention this conference offers and encourages physical kudos cards? Years back, I was hesitant about this. Nowadays, I absolutely love them. It's such a fascinating thing to give someone a kudos card, thanking them for what they did or who they are, and seeing their eyes light up. It's incredibly touching to receive those cards as well. I hold mine dear over years to come.

Another thing I've noticed is that more and more folks seem to bring security-related sessions, and I love seeing it. We have even created a new channel for us security enthusiasts on the SoCraTes Discord, and sharing doesn't stop just because the conference ended for this year. I think we have something going on here. This crowd really likes to learn more and do better. And as always, they continue realizing they do know a lot that helps on this journey. Personally, the collaborative capture the flag sessions are really the banger. They bring all kinds of people together, create a great atmosphere, and facilitate us learning so much from each other. Going through frustrations together and also celebrating our wins. Just awesome and wholesome. 

I'm still processing all the insights and inspiration and energy I once again gained from SoCraTes. This conference has a fixed slot in my calendar also for next year. Therefore, my final shout-out goes to the organizers: Huge thanks for creating this wonderful space for all of us every year again and again! It's been awesome and getting better every year.

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)