Monday, January 5, 2026

Back to Building - Make Problems Smaller

New year, new challenge! Wait, yet another one? To be frank, I did consider not doing a personal challenge this year and go with the flow instead. Things are challenging as they are, especially given the state of the world, and I'd rather focus on joy to counter-balance things while preparing for those very things getting worse. This thought popped up and vanished again. Because on the other hand, why not? I have too many things I want to do, and my yearly challenges help me focus on upskilling on specific topics. Therefore, I continued collecting ideas for themes during the last year and noted them down as they came to see how my thinking evolved. Here they are, as raw as they come with a few redactions. I've tried lots of different variations - read them at your own wish to get a glimpse into my head.

Well - likely it’s going to be preparing for any useful security certification. Or activism. Not sure if there’s going to be anything in between.

What I’ll keep up is conference speaking and organizing osco. Not sure if anything else, I need time and space also for newer things.

Last years had a social and a mental challenge - it's time again for a technical one!

Hack the Box (HTB) Academy, sharing publicly

Study security, would also give more content for sessions

Private challenge: art. Or fitness challenge, now that my body should be fine enough by then.

The year after it could be all around creation: build & art. Building with code mostly.

Other things I might focus on: read fiction, play games.

Build. Tools, code, that app and BFF and backend I wanted for so long. No need to share or talk prematurely. Just build and make errors and learn. Also: build my fitness. Maybe also: build my knowledge (e.g. HTB Academy). Could even be the osco community, it's on the radar as well. Maybe it's the theme that matters. Build it up.

Hypothesis: put in the time, regularly. And it will grow.

Not daring enough?

Maybe a fitness challenge indeed then. Definitely daring. Or gaming. Both. Don't know.

Study, get fit, prepare - 1 public, 1 personal, 1 private challenge

Activate. Re-activate.

Build a program per day.

Build. Build insecurely. Build securely.

Scaling. Finding ways to do things with less effort, higher impact.

Scaling slack. Both (scaling and slack) is super scary and I learned to avoid it. Both apply to both work and personal time, even sports. For security, private hobbies, even social impact.

Personal challenge: tech only. ONLY! Only hands-on. ONLY. No excuses.

Build mobile Android app with Node TS BFF and .NET backend service. Just that. Publish it. Like really ship, often. Then iterate.

That's it. No excuses. In general. Regarding tech. Exercising. Drawing. Games. Anything. No excuses.

Variant of bigger test app for all kinds of purposes (including actual usage in production): Android app with Node TS BFF and .NET backend service with SQL database and another Kotlin backend with MongoDB - for practicing different frameworks and also simulate microservices more realistically. Just that. Publish it. Like really ship, often. Then iterate.

Scaling might mean to use scary new tools and constrain them. Have a tool to extend my reach and speed myself up. Become not afraid to use tools and know what to look for and what to secure.

Have a scrapbook for my own learning. Have it visual for scaling goals and things to learn and certifications to do, etc.

Do it now challenge. Not postpone it further. Whatever it is. No matter if it makes sense or not.

Allowing myself to fail. And hence even try, no matter if I fail. I'll learn.

A new allower message: It’s okay to be behind and go at my own pace.

Only experience can give me experience.

Go at your own pace but keep on keeping on moving.

This speaks to me: https://mastodon.sdf.org/@Lichtenbergian/115673218133345093 making the way into the calm space to create in, through all the tasks around us 

It's not about what I do. It's what others do because of my actions. It's not about me, it's about the bigger picture.

Optimize for slack; to think, ideate, experiment, fail, learn, and scale.

Looking at all these notes, this year, there are many themes and none really stands out. For work, the theme of the year will be indeed scaling. For my personal challenge, here are many themes - with scaling overlapping with work:
  • Scaling (impact)
  • Slack
  • Building
  • Fail at my own pace and gain experience
  • Certificate / trainings
  • Societal change & activism
  • Fitness
  • Art
  • Games
Scaling goes both ways - it's not always up, sometimes we need to go smaller. Especially for experiments and failure safety.

Interesting article: Do Things that Don't Scale

One challenge for me, for work, for society? Constraints: 3x sports per week, 2h games. Reading fiction and art as well or as options?

I'm usually falling back to busyness instead of doing the thing. Because being busy and having no time is familiar, comfortable, cozy. And that thing would require energy and is scary and I could fail.

No excuses. Do the thing. #DoTheThing

I see theirs and what they do and I feel jealous. Instead of also doing stuff myself. Especially bad when they say I inspired them to do x, and they outrun me with ease on the very topic. For many years, I defaulted to doing things together, to trick my brain to make time for things - yet then didn't do anything outside these times, and didn't dare much on my own anymore, feeling I needed the others anyways. Sharing frustration felt better than getting stuck on my own feeling, like it's me (and it was me indeed). Only very slightly and slowly recovered a bit this year (aka 2025). 

The main personal development goal: build the actual real-life use case app for both personal use and demonstration purposes I always dreamt of, tried two times and never fully dared to go all in. Would support the scaling through building scheme where I'm weakest (through community and education I've done already, building only super small). Would be hands-on, tech, development and security. On my own, as much as possible. Constraints: find time to play games, read fiction, meditative drawing every week. To have slack, give my brain space and joy for new thoughts.

My private personal goal is on fitness. Have a concrete target for strength, mobility, running, coordination - ask my coach what's feasible and makes sense for me. So here I would invest in movement, health, nutrition, sleep, everything. Also, it's been a long time since I've had a sports goal, it's about time again.

Both are just do the thing, no excuses goals.

CTFs would still be on the side without pressure, as I go - to learn. Or maybe even during work time. But not the one and only, as getting back closer to development is even more crucial for me. The testing one is nice for exploits though and demonstration. So this is just a supporting activity, not the main content. Maybe in 2027 I'll go for formal education and a certification then.

#BuildItUp #DoTheThing #NoExcuses #Scale4Slack #BuildTheScale #BuildToScale

The last one triggers an image: a stairway as a scale, to scale a mountain or wall, building it up to literally reach higher ground or more people for more growth and more impact

Fitness goal: stay pain-free & gain mobility needed for starting weight lifting (chest, wrists, ankles, etc.)

The joy of building :) tools, stuff, community, muscle, coordination, anything :) detracting the hardship or hurdles to even start

#ShowUp #BuildTheThing #JustBuild

Well now. What to make of all this? In the end, I believe I have a few most prominent challenges in these notes, yet they fit different spaces or parts of my life.

So I figured I first draw out what else is coming in 2026 for me.

  • Speaking at conferences. I'm not going to stop any time soon. It's time to draft and propose new sessions, and if they get accepted, create them. This takes a considerable amount of time and is pretty public. If I do paired sessions, there's also collaboration efforts to consider.
  • Organizing the third edition of the Open Security Conference. This is a collaborative endeavor by design, and very public indeed. I already know it'll take me some time during the first half of the year, and a lot of time during the second.
  • Evolving the security card deck game. Fortunately, this is a low-pressure, deliberately slow-going leisure project. It's still collaborative, and it'll need time and care, yet this is one of the most sustainable endeavors I do.
  • Practicing with my CTF team. Collaborative as well, yet nicely paced and spread out. As long as I don't overdo by adding an enormous amount of private practice, it's very combinable with the other endeavors.
  • Communing with community folks. As every year, there'll be remote sessions with various people I got to know over the years. Some to check in, some to share advice or exchange experiences, some to work on something together. These happen all year long and they do take focus and energy, yet they are invaluable and they also tend to be pretty controllable as long as I spread them out enough.

Besides those personal development and community initiatives, there's work with its own challenges and measures. Mostly around scaling through education, building tools, and a security champion program (can't wait for it to start!). 

There's also a fitness and physical health challenge to reach: to increase my body control and mobility range so I can pick up barbell training again (and this will help volleyball and running of course as well). As long as old and potential new injuries don't stop or slow me down of course. 

Mentally, I need to keep slack in the system not to overwhelm myself once again, but to stay able to think and enjoy all the things. Play some games just for fun. Stuff like that. Yet something else would really help me move forward and get across a bump I'm facing again and again.

 

The Challenge

Keeping all of the above in mind, let's talk about the scary thing I want to tackle. I want to finally do the thing that I tried a few times but never gave the attention it would have needed. The thing that I started, then usually postponed, and finally dropped again in favor of other things. I want to get back to building software.

For a very long time, I wanted to build my own application. To use it myself and solve a real problem. To use it for demonstration purposes. Just to practice. I've tried with my #CodeConfident challenge. I tried together with others on the SnackShop during my Contributing in New Ways challenge. I tried countless attempts to get something started on my own, and dropped them all.

There's more to it. Every time there's a problem to solve, I come up with a solution and try it out manually. Now if it works, instead of building a helper tool, I tend to keep doing the thing manually - to be fair, which is often the fastest and pretty fine as long as I don't overdo. Only when I see there are aspects involved that make manual execution very unfortunate, like too much data to go through, or repeating a task too often, or it becomes too error-prone, I start building and automating. Usually with as little effort as possible to achieve my goal, e.g. writing a small shell script to just do the job. Trying to avoid overengineering where I can.

The problem here is not the smart use of time or experimenting with what would solve the problem (e.g. rather changing a process than making a faulty one faster). It's taking away opportunities from myself to learn. It's keeping me hesitating to just create throw-away scripts that solve one problem one time. To build a small service that serves one purpose. That might not be polished, and yet good enough for now. It takes away building up experience in building. Because sometimes the best answer is indeed to build. 

This is becoming even more of a problem now that I'm in a central enabler team where we do not develop a product ourselves - now there's no feature to implement myself or bug to fix to keep honing my building skills. We're only starting out on building tools and there's so much other (valuable) work to do that easily eats up all my capacity. It's also becoming more relevant now that I'm in my new role as security engineer, focusing on application security. We can't get out of touch with reality of building software. I've been in the trenches for many years, and I don't want to lose those building skills. (I'm aware there are lots of other building skills I'm still exercising, like building teams or communities or cultural systems. Yet software development is still core.)

So, back to building it is. That being said, what I cannot take this time is too much pressure and too much collaboration effort. I have both already covered with my other endeavors. For this challenge, I will choose to build on my own and in private as much as possible, yet build. I'll probably again take notes in my own coding journal - privately. I might choose to publish things, or maybe not. It's not the point this time. The point is to show up for myself. To build. To do the thing. No excuses. To keep building even if I throw things away or not use them more than once, or even at all. To just build, and build up the respective skills.

But is it scary, you ask? Shouldn't these personal challenges... actually challenge me? Oh hell it is. It means I don't have excuses anymore (as I keep repeating myself). It means I know I have all the means, nothing's stopping me - besides me, myself and I. And my fear of being judged. By others, and especially by myself. And that's scary, even though I've worked on calming my inner critic. Yet that critic also understood pretty well when I'm not knowing enough yet. That I need to get back to the basics, the foundational building blocks, and put them together myself. Building programs, tools, actual products. Building further understanding as I go. I'm scared of failing and learning, even though I preach such a growth mindset in various ways for many years.

Well. No excuses. Do the thing and get into the habit of just doing the thing. Or rather: Build humbly but build. I need to set myself up for success as well, not for failure by expecting overly huge things and results or instantly getting disappointed or frustrated with myself that I'm - surprise - still lacking the practice. Managing expectations will be huge. Yet I really want to hone the skill I never had much opportunity to hone at work and when I had, too often chose not to. Now that I do have lots of opportunity to practice security at work, building up my builder skills is what I can focus on in my private time. 

These days, I was reminded that learning is not a constant straight line but comes in waves. Trying something new (or even familiar on a bad day) will result in worse quality, less skill. We can only evaluate our progress on longer time frames (hence these yearly challenges in the first place). We need to be okay with doing something badly in order to do it at all. Anything worth doing is worth doing badly - as long as it's not causing harm.

Enough of the pep talk. 

 

The Hypothesis 

If you would only realize how many times I've rewritten this section, how much I've kept on adding thoughts, challenging my actual challenge over and over to uncover what's really moving me that I'm still shying away from. The truth is, it's all in the process! I often need to write and rewrite and start all over in order to realize what's my most valuable hypothesis here to tackle my challenge. This time, I struggled even more and it took longer than usual. Finally, here's the leanest, simplest hypothesis I found that narrows it all down.

I believe that consistently investing time in building software will hone my skills to make problems smaller. I've proven this hypothesis when I've made at least 3 real-life problems smaller through building within 300 days.

This is why I call this challenge "Back to building - make problems smaller". The core is going back to building, as I've started out in the last years but never followed up for real. At the same time, there's no need to solve the problems completely - that's too much pressure and unrealistic. Just tackle a part of a problem so the load and pain are reduced. Basically, just make it a tad smaller problem. 

The problem itself could be scaling. It could be giving better advice from the trenches or conveying knowledge through showcases. It could be reducing repetitive manual work and making it less error-prone. It could be offloading cognitive load. It could be creating a product I'm using myself. Whatever. Just an actual problem made smaller. This way, I hope I'll not only train my building skills but also recognize more of those opportunities to reduce the problem space as I go.


The Experiment

To test the hypothesis, here's the experiment: I run my very own #Challenge321; inspired by the many #100DaysOfX, #100DayProject and #75DaysOfX challenges out there that I love following. In those challenges, there are certain strict rules - I chose to adapt them and make this my own as follows.

  • For 3x100 days (aka 300), I dedicate at least 21 minutes of time each day into a specific topic, to build up momentum and a habit of spending time deliberately on what's important to me. That's why I call it my #Challenge321. 
  • The three topics:
    • #100DaysOfBuilding - building software to make problems smaller. From designing to developing to testing to fixing flaws to operating, this will include everything that goes into building products, helper tools, or the like. Basically, spending continuous time on this. I can use this time as I wish in the moment. I can build a full-blown product, no matter at which scale. I can build multiple pieces of software - tools, scripts, libraries, anything. I can use them or not. Keep them or throw them away. As long as I keep building.
    • #100DaysOfMovement - literally getting that movement in for health and fitness. That's a rather common challenge to do. What I do doesn't matter as long as it gets me moving. Volleyball, running, even walking. Stretching, strength exercises, etc. As long as it helps me get moving it's fine - even better if it helps me move towards my fitness goal to increase my body control and mobility range so I can pick up barbell training again.
    • #100DaysOfGames - playing computer games for pure joy and mental health. Casual games don't count here for once - I have so many absolutely stunning and exciting games in my library, I finally want to enjoy them to the fullest. This activity is also a perfect timeout for my head during busy days. It's only for me and no one else, and hence it's a perfect way to maintain my mental health and recharge my batteries. It's also about that "play first work later" mantra I built up in 2025 during my Calm and Steady challenge.
  • I can choose to do only one of these three topics each day in 21 minutes and rotate through, or I can mix and match those three, e.g. do all of them in one day within a good hour. That's why the minimum time limit is deliberately low. I simply don't have excuses not to carve out that time per day. This is promising to work even on busy days, also considering all my other endeavors and tasks. If I continue beyond the 21 minutes on a topic, that's totally fine as well. I'll take it where my energy goes - yet the activity only counts once per day, I can't save up for future days.
  • It's okay to miss days (e.g. for conferences or whatever else life has planned for me). It's also okay to have different counters on each of those three topics. The only constraint is that I have to finish all three of them within exactly 300 calendar days. That's from January 5th until October 31st (inclusive). Hence, the experiment stops at the latest on October 31st. If I finish within 100 days already, that's fine too. At the very moment I reach 100 on all three topics I can choose to evaluate my overarching challenge right away or continue and extend beyond 100 days for each topic, whatever I wish to do at that moment in time.
  • I'll keep track of my progress for each challenge and the days that passed. Other x days of x challenges often require you to keep track publicly and to share your insights and experiences. I'm not mandating myself to do that each day, I might do it whenever and wherever I want to. I'm confident my track record of past personal challenges are good enough to prove it's fine to hold myself accountable.
  • To enable myself to evaluate my hypothesis in the end, I'll also keep track of how many real-life problems I've solved through building during these 300 days.

I'm well aware that this experiment basically consists of three challenges to tackle a challenge to achieve an overarching challenge - and yet, bear with me. I believe it's a great way to ensure I do test out my hypothesis for real, one that keeps me going and also has liberating constraints baked in. I don't want to end up once again not investing in my own joy and health, here it's literally part of the game.

Also, I believe that not doing all of these within 100 days but choosing my own pace within 300 days makes all of them pretty sustainable and feasible, even combined with a busy life and lots of other endeavors. Every third day would already make me achieve each challenge - so if I do each of those 3 times per week I'm already doing very well. And that's very reasonable. Even for movement, that would be the default already as of now. No energy for one thing? No problem, just tackle one of the other topics! Also, two of them are energy-giving, only one is the scariest, and all are targeting different areas. It's basically #300DaysOfNoExcuses.

Usually, I keep just one hashtag or tag line in my head to refer to my personal challenges. It helps me keep my theme for the year in mind and collect my posts on them. Well, I guess this year, I have a whole bunch of fitting hashtags, a real collection - and that's okay just the way it is: #BackToBuilding #MakeProblemsSmaller #Challenge321 #100DaysOfBuilding #100DaysOfMovement #100DaysOfGames #300DaysOfNoExcuses #DoTheThing

 

Let it begin!

This time, all constraints are already baked in. So that's it. It's on. Wish me luck!

Posted by at No comments:
Labels: , , , ,
Subscribe to: Comments (Atom)