Tuesday, September 3, 2024

SoCraTes 2024 - A Community to Grow With

It's been my third time at SoCraTes this year. I'm very grateful that the organizers invited me as trainer once again, enabling me to come and experience this wonderful community event. It's been a blast. I've met lots of folks old and new, and enjoyed both casual and deep conversations. It was a pleasure exchanging experiences and knowledge. I've had a safe space to practice deliberately and hone my skills together with like-minded folks. Everyone growing, everyone at their own pace, everyone together.


Arrival Day

On the final leg of the trip to Soltau there's usually the first conference folks to meet. Perfect time to ease in and brace mentally for lots of peopling the next days. This time I had a really nice chat with Martin Schmidt and Juke Trabold, catching up on all things.

Once arriving at the hotel, more reunions were to be made. You could feel that everyone was excited it's finally this time of the year again, full of hope that good things will happen. Also, this conference takes inclusion seriously, and a big part of that are health concerns. They require on-site testing for Covid before even entering the hotel. Once cleared, we settled in and prepared for the first dinner together.

For conferences, I really enjoy meeting less folks at a time by arriving earlier than most people. It really helps me manage my load and have more quality time with folks. This night especially with Thierry de Pauw, their son, and Jana Fuerchtenicht - loved our conversation! And it was so good to see Micha Kutz again.


Training Day

SoCraTes is an unconference at heart. Since three years, they offer an additional training day with a more classic structure to provide foundations and to ease new folks' way to join the open space without knowing the exact program before. I assume this also helps with selling the event to their companies, especially if they never had the opportunity to experience the magic of such an unconference before.

Personally, I'm very grateful that I got invited as trainer for the third year in a row. And this time with another topic that's dear to my heart: security! It was the premiere for my brand-new workshop "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day".

But first things first. In the morning, I joined Marit van Dijk's "Code Reading" session. Now, this wasn't a new topic to me, as we both are in the same code reading club. That being said, it's always good to practice this skill - we read code way more often than we write it! Thanks to exercises from Felienne Hermans it's fascinating to learn more about your own understanding and mental model of code you read, no matter in which programming language, and especially what other people around you perceive and think. Also at SoCraTes, this session was a blast! Loved how people engaged and shared their own interpretations and pieces of knowledge which really helped figure things out together. There's always learning something new in these kinds of sessions. If you want to learn more about this whole topic, Marit offers a whole page of resources on reading code that's worth checking out.

Next up, I joined Thierry de Pauw's training on "Trunk-based development for regulated environments". Very relevant to me as I'm working on a regulated product at my current company. I've had the pleasure of reading lots of Thierry's excellent articles on the topic, like the "The Practices That Make Continuous Integration" or the "On the Evilness of Feature Branching" series. Already the beginning of their training resonated a lot with me. Thierry shared how often organizations conflate their approach to regulations with "regulation" - which is not the same thing at all! They pointed out that what folks mostly want to see is "do you do what you say you do", and the more rigorous ones add to that "get two people to look at it" and "have an audit of what happened". Thierry showed throughout their training how regulation and continuous integration principles aim for the same thing: risk reduction. They also emphasized that the deployment pipeline has three purposes: every part of the process is visible, it improves feedback, and it empowers teams. We also had the opportunity to craft our own pipelines using Emily Bache's pipeline game and a scenario as constraint. Lots of great conversations emerged from that!

Finally, it was time for my own training. Lots of people joined, more than I hoped for. It's always exciting to give a workshop for the first time at a conference, you never know if things will work out regarding the general concept - while the audience will always differ. I'm thankful to my dear InfoSec colleagues Tarik Kobalas and Honey Susan Kurian for their input which helped me improve the workshop before this first edition. Based on the feedback received from participants, I can say it went well! People enjoyed their time learning about threat modeling, secure coding principles, security testing approaches, and how we can detect malicious activity on our production systems. I'm already looking forward to the next opportunity to give this workshop.

After the trainings ended, it was dinner time. Loved the conversation with Michelle Avomo and her partner. It was a pleasure to reconnect with Claudius Link and Janina Nemec, two of my fellow organizers for the upcoming Open Security Conference, an idea that started at last year's SoCraTes. Playing the game SET together, of course! Just before that, we had a nice world café session as the official opening to the main conference. Three rounds with different groups of people, exchanging what brought us to SoCraTes, what this conference means for us, how we widen its impact. I met lots of first timers this way and we had a good time together.

 

Open Space Day 1

After a wonderful introduction to the open space and its principles by the amazing Juke Trabold, the first marketplace started and people began to queue up to share their session ideas and build the program together. Once again, it quickly became clear: there will be tons of interesting sessions, and I will only get to see a fraction of them. That's the beauty and the pain of any multi-track conference, yet for big open spaces like SoCraTes, it's showing even more. On the bright side of things, there will be sessions for everyone, no matter which topic, format, or experience level. We can all grow and learn from each other. 

Here are the sessions I've joined. If you're interested what other sessions had been offered this year, check out the schedule.

  • "Priorities, Priorities, Priorities" by Yorgos Saslis. So many things compete for our attention and claim to take priority - so how to decide what to do next? This challenge resonates a lot with me as it fits to the experience of nearly all the teams I've been at, and never so much as in my current team. In this session, people came together and shared their approaches of gauging what to tackle first, what's the most valuable thing right after - and to communicate accordingly and manage expectations. Wardley maps were brought up to help decide what to build ourselves and what not. An approach that stood out to me were business decision records - basically architecture decision records (ADRs) for business to document the reasoning of decision making at that time. If circumstances changed since then, we know more clearly if we can change the decision as well. The cost of delay was mentioned to help prioritization; I like to think of opportunity cost yet costs like this should be considered as well. People reminded each other that value is not always money, enabling or unblocking another team provides value as well.
  • "Making better decisions as a group" by Tobias Mende. After thinking about prioritization, this seemed a fitting session to continue with. Tobias gave a dry run of his upcoming new talk around collaborative decision making. I really relate to him sharing that poor decision making is costing companies a lot - seen that too many times when we sunk too much time and effort into a feature that didn't return the value we hoped for before pivoting (sunk cost fallacy, anyone?). But how can we make better decisions, together? From the options presented, two stuck out for me: consent with integrative objecting handling which focuses on said objections, and systemic consensing which brings forward the resistances of various levels that exist within the group. Tobias encouraged us to make decisions smaller, safer and more often - I can't agree more.
  • "Security card deck game" by Philipp Zug, Martin Schmidt and me. It was time to present our security card deck game project to a wider group, for the first time! Where better to share this than at SoCraTes, the very place the idea originated at? We were stunned how people showed up to see what we created so far. Philipp presented the background of the project. Martin demoed a first round - and we already received so much valuable input and lots of ideas how to evolve the game further. The crowd seemed to like the idea a lot, it was really encouraging to see such interest. We are also happy to have gained a new contributor in Julian Michelmann and are curious where the game will end up until SoCraTes 2025. Stay tuned!
  • "Capture the flag together - Security Testing" by me. I had already given this session at SoCraTes 2023 which made lots of enthusiastic folks show up and ended up in many fun follow-up sessions throughout the conference. Therefore, I was eager to bring this session to this year's edition just as well. I hoped to find again like-minded folks to practice security testing in a collaborative setting. You can imagine how happy I was when lots of people showed up once again, some from last year, lots who had not joined yet before. We had good fun practicing on Hack The Box!
  • "Baba is you" by Marco Emrich and Michel Grootjans. A few days ago, someone had mentioned a game to demonstrate and teach the mechanics and practices of ensembling, aka working on the same topic, same place, same time, same computer together. That game is Baba Is You, an endearing puzzle game that I can only recommend trying out yourself. It's been interesting to watch group dynamics unfold as the ensemble tried to work effectively together and solve the puzzles.

Dinner time! Yet beforehand, it's time for folks to announce what sessions they offer for the evening. Because the conference doesn't end as long as people don't let it! Lots of fun options were presented from playing boardgames, doing sports, learning Rust, solving coding katas, to whatever you can imagine. Well, SoCraTes 2023 taught me that I love doing capture the flag exercises in a collaborative setting, and that I find lots of enthusiastic people here to join me. My afternoon session confirmed that once again, so I offered to do even more of this in the evening. I was stunned how many people joined the evening edition, even a lot more than in the afternoon! We had such a good time. Just as last year, it got late! We didn't care, it was a blast.


Open Space Day 2

The second day started, another marketplace took place, offering even more awesome sessions to join. I took it slower in the morning and allowed myself to be kind and not join the first slot, yet rather engage in conversations, and prepare for my first session as facilitator.

  • "Smart Workshop Setups (Pull)" by me. A pull session in an open space is where you ask folks for their expertise, knowledge, or help on a topic you'd like to learn or a challenge you're facing. In this case, I decided to pull for support on smart setups for technical workshops, especially if it requires a more complex setup while folks might not be able to prepare a lot in advance. How to make these workshops as accessible and welcoming as possible so people can quickly get to a working setup and focus on the actual practice content? This is especially relevant for my next workshop on "First Steps in Mobile Security Testing"; my original setup idea unfortunately does not work out anymore, and while I have ideas how to make it work, I was curious what other folks would suggest. Lots of great ideas were gathered! I'm grateful for people taking time. I'll ponder more over them the coming weeks and might share more after said workshop. For now, let me say that pull sessions are awesome.
  • "Next Level Spring Boot for Hipsters with Kotlin" by Chris Welcz. It's always interesting to see what tools, libraries and approaches other folks use. In this case Chris demonstrated his usage of Kotest providing convenient test structuring and property testing capabilities. He also showed his preferred mocking library Mockk. You can find examples in his hipster-tdd and kotlin-beer repos. Good input to consider for the Snack Shop project I'm collaborating on!
  • "Passion Personality Test" by Gabrijela Hladnik. Models are flawed, and some can be helpful - especially to reflect about oneself. That's how I see personality tests as well - flawed, sometimes helpful. Gabrijela presented the personality test from Clarity on Fire around different passion profiles and how it helped her. This was the starting point for a very insightful conversations about personality tests as such. How much do we box ourselves in? Are labels we put on ourselves helpful? Why shouldn't we use tests to categorize others? How can companies misuse these kinds of tests? Which tests have scientific research as background, what are the driving motivators behind them, and especially what systems of oppression do they foster? Lots of food for thought.
  • "Securely saving passwords" by Fabian Blechschmidt. In one of my capture the flag sessions we came across the topic of rainbow tables, which inspired Fabian to give a talk on passwords and ways to store them. A great session to recap hashing algorithms, rainbow tables (of course), salting and peppering, and key derivation functions. Always good to brush up on foundations!

This concluded the open space part of the conference. It's traditionally closed with a retrospective. We had a really great conversation in our group, with lots of highlights and lots of things we'd like to see improve - and how we as participants can help improve them. Especially for an unconference, participants are essential to co-create the conference. This means that participants are also responsible for creating a safe and inclusive space and taking care that everyone gets that safe space to contribute if they want to. We collected various ideas for how we can do so better. These ranged from how to notice that I am overtaking a conversation and should shut up to give space, to ways to navigate a dominant conversation among few people and open it up to the rest of the room, to options to indicate to the whole group that space is lacking and we're currently not hearing everyone who might want to contribute.

Dinner time again, and then - who would have guessed - capturing even more flags together! Yes, as evening session hosted by me. And once again, folks came and tackled a fun challenge together. We built on the knowledge and approaches we learned about the day before, we tried a lot of things, got closer, got stuck, took hints, moved forward - and in the end found the flags. What a learning journey! A late night one as well again, yet so much worth it. Many, many thanks to everyone who participated, it was a real blast. Can't wait for more of these sessions next year!


Workshop Day

The last day arrived way faster than expected - time is flying at conferences like these. Traditionally, the last day is the workshop day, where people offer hands-on sessions of various lengths throughout the day. Already being very tired, I skipped the marketplace - I knew which session I wanted to go to this year anyway: the Code Retreat, hosted by Janina Nemec and Micha Kutz. I ended up arriving late, and already felt bad when entering the room seeing all tables being full and everyone being deep into the first exercise. Huge kudos to Janina and Micha for welcoming me in, recognizing my struggle and going to lengths for making me feel it's okay to stay and still join in. That mattered a lot to me and helped calm my brain down. Micha arranged a new table and offered to pair with me (thanks so much!) - until even more folks joined, and space was made for them as well.

Time to focus on practicing hands-on together in pairs. We tackle the challenge of Conway's Game of Life, which can be solved in countless ways so you will always learn something new in each round. Programming language, approaches, modeling, communication, and so forth. Always using TDD, and usually having additional constraints to consider each round. Always deleting the code at the end of each round and starting all over again with the next pair. There's a lot to learn about oneself as well in this exercise! In our case, we were given the constraints of strong-style pairing, then we were allowed at maximum one level of indentation, then we tried it as ensemble, and finally the rules changed. In my last rounds, I was part of a small ensemble together with Janina Nemec and Hadrien Mens-Pellen. I loved it as we brought up any misunderstandings as they arose, clarified them instantly, and aligned quickly on the way forward - super effective! We also made use of the Code Retreat card deck designed by Janina, and we pulled the card to use Object Calisthenics as our constraint during these rounds. Overall, I can really recommend joining code retreats; no matter which level of experience you currently have, you can take a lot with you from them.

To add to this: We were all really, really tired. That alone can teach a lot of lessons about ourselves, and how we cope with stressful situations then. Each round was challenging in its own way, one was especially challenging for me emotionally. I for one learned again that kindness, respect and consideration go a long way - for each other, and also for oneself. Very grateful to both Janina and Micha for granting us this space!

After the code retreat ended, many people had to leave the conference while some like me stayed until the next morning. We were all tired, so we decided to break things up a bit and get some fresh air. We went on a short walk in the beautiful moor surrounding the venue, visiting the famous Heidschnucken, moorland sheep from northern Germany. I was glad to get the chance to see them this year as I've missed out on them the last two years.

We had dinner, we had more conversations. People decided they still had the energy to come together for a round of lightning talks - some of the short like lightning, some rather ending up as longer thunderstorm sessions. All of them great! We learned about IntelliJ IDEA's AI assistant from Marit van Dijk, how cognition principles apply to software from Corstian Boerman, how things that start in noise get organized over time from Martin Schmidt, and about the power-law distribution and Adam Tornhill's work detecting it in code from Christoph Kober.

Even more tired, we decided to play What Beats Rock - which stuck with us for the rest of the evening until we finally called it a day.


Departure Day

Last chance for final conversations and final goodbyes. Everyone super tired, everyone very happy. The post-conference blues was being held off a bit longer while chatting on the train. More ideas were exchanged, plans for next year made. Until we finally had to part, taking a lot with each of us from this wonderful community space.

My head is energized due to new inspiration and ideas what to try. My heart is full of connections and the community spirit we experienced. My soul is calm thanks to the validation received through feedback and kudos cards, and smiling thanks to all those folks for whom I wrote kudos cards myself. Physical kudos cards are such an awesome concept! I'm ever grateful for each person who took the time to write a kudos card for me this year, you really make this conference even more special to me, and I can't even tell you how much your card means to me.

Next year, this conference will be a month earlier than usual. I plan to be there. Looking back at what happened between each SoCraTes instance I've been at since 2022, all the good stuff, all the growth, all the strong connections - I'm already curious what will happen until 2025.

Friday, August 16, 2024

Contributing in New Ways - Getting over the Hump

This year, my personal challenge is to contribute in new ways - courageous community contributions I haven't dared to do before. As opportunities arose, I took on a bunch of endeavors beginning of the year, which are both very exciting and, admittedly, time-consuming. While I've been aiming to share intermediate updates from time to time, I'm grateful for my past self deliberately decoupling my challenge from any writing efforts to reduce artificial pressure. Still, it does help me to sit and write down my thoughts from time to time. It's time now.


A Lot to Celebrate

It's been a lot to juggle this year. Well, I realize I've set myself up for that. It's one of those self-inflicted situations, which might be uncomfortable yet also come with a bright side: it's totally up to me. I can reduce things at any point in time. Or shift my main focus between endeavors. Right now, this is working out sufficiently well so that I didn't have to cut anything completely yet. In addition, there's an even brighter side: no matter how the rest of the year plays out and what else will happen, there are lots of things to celebrate already.


Open Security Conference

It's happening! It's actually happening. The very first Open Security Conference (#osco) will take place from October 4th to 6th in RĂĽckersbach, close to Frankfurt/Main in Germany. The event will be kicked off by two amazing keynotes before we then all learn together in the open space:

  • "OWASP Juice Shop 10th anniversary: Is it still fresh?" by Björn Kimminich, who's well known as project leader of the OWASP Juice Shop and a co-chapter leader for the OWASP Germany Chapter
  • "How to hack a company in one day or less" by Yvonne Johnson, who's an experienced red teamer and penetration tester

I'm so very curious about how the first osco plays out. A first event is always exciting! You're trying to set the space and constraints in ways to support your values and your goal. What of it helps and what rather hinders is something you'll only find out when you give it a go. We are starting small and learning as we go indeed. We've already gained lots of insights during the preparation so far. We can't do everything we'd like to do for the very first event, and yet it's a starting point that sticks to our principles and is based on our values. A starting point that hopefully helps establishing this new conference so we can build on it and evolve it further over the next years. Because cybersecurity is just a way too important area that's too often struck by gatekeeping and other barriers we're trying to lower and remove where we can to make it more accessible - for everyone interested.

We gained a better understanding on our individual and collective reasons for doing this in the first place, why we think there's a need and a gap to fill, what makes this conference special to set it apart from existing events in the security space. Not only for marketing osco and figuring out our target audience (which is a real challenge!) but also to make even more intentional decisions to shape it further. We'll continue to iterate on how we present the conference vision, just as we'll also continue learning to spread the concept of an open space conference format to cybersecurity which lots of folks seem not to be familiar with yet. Well, for now - we'd like to do our part in changing that!

As an organizer team, we had a tough challenge to overcome. We weren't quite clear on the direction to take on how to handle finances, which paralyzed us. Not much happened during this time besides going back and forth pondering about our options and worrying. It felt like treading water. I think it speaks for our group that we didn't break up at this point, that we indeed got over this hump and we came out stronger together. We made a feasible decision for the initial event this year and paved the way to create an underlying non-profit organization to sustain the efforts for next year.

Solving this big bump in the road meant we picked up speed again. We could finally open the registration, and we already have more registrations for this first event than we dared to hope for! There are still a few more tickets available, so if you're interested in participating in our inaugural event, go ahead and register now! And if you like what you read and want to help us spread the word on either LinkedIn or Mastodon, I would appreciate it very much.

I'm really grateful for my organizer team to be on this journey together: Claudius Link who came up with the initial idea, Janina Nemec, Ulrich Viefhaus and Dave van Stein who considered it a worthy cause to work on together. I'm also grateful to all supporters on our way. We had several initial thinking sessions, like with Tarik Kobalas, Jahmel Harris, Dan Billing and others. Several people contributed with lots of advice based on their expertise, like Mathias Verraes on organizing conferences, or Raphael Albert on the legal side of things. My thanks to all of them.

We're still learning lots of stuff and we won't get everything right from the start. We observe and listen to feedback, we adjust what we can right away, and we take note of what we can do better next year. That's what makes me hopeful that we're coming to stay.


Leadership Workshops 

Shiva Krishnan ran his series of leadership workshops many times in company settings. A few years back, I was fortunate to participate in one of his cohorts myself and got hooked - more people needed to do this program that I was drawing from so much! So I paired up with Shiva and we ran the next cohort together, until I changed companies. Thinking back, I'm still using those tools and ideas until today, and still continuing learning. Shiva and I kept in touch and thought about how we can bring this offer to community. Talks, writings, all good but not the same. How about bringing the actual cohort idea to community?

For a half-public first experimental community cohort, we reached out to our networks to find people who give us enough trust to get this started. We had first calls to present the workshop series, manage expectations transparently (it's a whole program after all and no small commitment), and answer any questions that came up. That alone already taught us quite a lot of what might be different for community cohorts compared to a company-internal offer. 

We indeed found a great cohort of six people who agreed to join us on our journey of bringing these workshops out there. We set up foundations like a shared communication channel with folks, clarified feasible lengths and frequencies for our remote sessions next to everyone's work. Everyone was eager to get started and looking forward to this endeavor. All we needed to figure out was scheduling now to run the first workshop.

Oh my. "Just" the first time slots. We knew scheduling is not the easiest task when it comes to these workshops, we've seen that in the company setting, yet always managed to find good solutions. Phew. What can I say, we really did not expect it to be that much of a struggle. We're only eight people. And yet, all our schedules differ in ways that make it really hard to find any overlaps. Like, any. Each time we thought we've now found a solution, more obstacles got in the way. And time keeps running. We brought everyone together to solve the puzzle, we made judgement calls and a few tough decisions to make this work. 

Let's see what happens with our latest option. In the end, we might need to rethink our whole approach. It's an experiment after all, and we're still learning from it even if it might not turn out what we planned it to be. But yeah, scheduling such a workshop series when you're all working at the same company, and you have the buy-in of people's managers is a lot easier. By far. We still hope there's a way that people can also benefit from the content and format of this series in the community space. In any case, we're grateful we got that far, and we definitely learned a lot which hopefully helps us in the future to bring this content and concept to a wider audience.


Security Card Game

This is probably the most relaxed of my endeavors. Martin Schmidt, Philipp Zug and I are trying ourselves, and absolutely enjoying ourselves with creating a new security-themed card game. Taking it as a deliberate practice project, we're learning a lot just thinking about it and evolving it further.

The game concept evolved quite a bit from the very first paper draft. We already played it several times with different variables and rules and gained more insights each time. We have both game engine and user interface to support our current ruleset, lots of cards already added, and it's honestly just providing us a good time. It's not balanced well yet, the game goal needs refinement, more content would help. We are currently only playing in collaborative mode all together, while having ideas for the future to simulate different company scenarios with people taking different roles to advocate for different strategies, maybe just going about their own (hidden?) agenda, or secretly sabotaging everything from the inside. Lots of potential paths - because in the end it's a game about decision making.

So, what is it about? You're employed at a fictive company. As time passes, you gain a certain number of resources available for you to invest in one way or another. Also, as time passes, more and more "oopsies" happen from a security point of view - a password got leaked, a vulnerable dependency wasn't updated, an internal website became accessible to the public. Do you close those doors to make it harder for attackers, or do you risk leaving them open for a while? At the same time, attacks are attempted by malicious actors. Sometimes they hit one of those open doors and you have to pay the price. Sometimes attackers don't find a target, or get impatient, or you just got lucky so you can counter the attack. All the while new employees need to be onboarded, security training can increase your skills, or it's just a normal day without anything bad happening. How do you make it through, will you still have resources left at the end? And how many oopsies did you leave unattended?

Well, curious? Just give it a try yourself! Get our latest release 0.5.5 and check out the current rules to get started.

Our next step is to share this game with more people at SoCraTes - we are fortunate that we can meet there again in one week's time already. It's the place where this game idea saw the light of the day in 2023, so it's going to be awesome to return a year later and play it with folks. I'm sure we'll be able to gather lots of feedback and future ideas for our game project. And hopefully people have a fun time with it, just as we do.


Snack Shop by Make-Believe Labs

Ben Dowen, Vernon Richards and I set out this year to fill a gap. We wanted to have a full-stack, open-source practice platform for all things product development. One that resembles real work scenarios close enough, with challenges people actually face so that gained skills could be applied. One that provides a safe space to hone all skills development, testing, architecture, UX, infrastructure, security, accessibility, you name it. One that offers opportunities for us to make use of it in teaching and coaching situations, e.g. for conference workshops and trainings. One that we could use to showcase collaboration dynamics, from ensembles to pairs to individual asynchronous work - both in live streams as well as through the artefact trail that we're leaving behind. When working on the project, we had good fun leaving a deliberate trail at times, sometimes showing rather commendable, sometimes less ideal behavior, so we can make use of them later.

What we're building is project "Snack Shop", a client project that the fictive company "Make-Believe Labs" took on. It's based on a brief from the owners of a bricks and mortar snack shop, who want to take their business online. Taking on various roles, we're working hard on a proof of concept system that we hope they will love.

The snack shop is composed of three services as of now:

  • A web frontend for users to interact with the shop, using React, written in TypeScript
  • A backend for frontend, often called BFF, to serve as single public gateway and orchestrator to various backend services - using the Nest.js framework, also written in TypeScript
  • A SpringBoot Kotlin backend service connecting to a MongoDB

What we're having as of now is a so-called walking skeleton. All components are running on their own and are integrated. It’s walking, and yet it’s still a skeleton. There’s a lot of work to do, and yet we can evolve it iteratively.

The first goal was to create a typical proof of concept. We were starting out rather well, taking deliberate architectural decisions, taking time documenting them. Then we received a first due date - and the rush began! Tradeoff decisions made it in just as they would in real life. A due date works wonders in cutting corners! Okay, we did that deliberately, and yet! We see what happens. We have pull requests that were sneakily just merged without communication, we have changes that do a lot more than what they claim, we have faulty descriptions, we have long waiting times for asynchronous work, we skipped good practices like test automation, input validation, and a lot more. Well, we took on this scenario and played the roles, yet I admit I felt those feelings myself. It was both fun to see patterns play out I've seen so many times, also in myself. Indeed, a real practice project! Oh, and yes we also had lots of good behavior and great collaboration, don't you worry about that.

What caused that due date? Good thing was we had a real one, which indeed pushed our project forward in the end. All thanks to Ben who was invited to the Automation Advocates meetup, and extended that invite to us. We chose to use our own new project and work on challenges together. In front of a live audience. For the first time. Well, the right kind of scary that really lets you grow! Not everything worked out, yet we felt we still did alright for a first time, and we learned more for potential future sessions. Because we want to do more of those live sessions. By then, the project will have evolved as well.

All in all, it's really evolving, slowly, and in waves, but steadily. And it's just fun to work on, practicing deliberately.  Ben is currently preparing for his next conference workshop "Coding Challenges: Prepare for Success in Technical Interviews" for TestBash Brighton where our project will make its second public appearance. If you have the chance, check it out! Personally, I'm already curious what he'll learn from that. Overall, I'm eager to get back to our Snack Shop once I'm on top of another topic I currently focus on. I'm happy I can be flexible to follow my energies here, plus I love that I always gain energy from our ensemble sessions.


Conference Sessions on Security

It's been a while since I started speaking at conferences. At times I look back at how many speaking engagements I already had and am both speechless and grateful. It's really been a ride so far, and I wouldn't miss it! So, while speaking at conferences is not a new thing for me, speaking officially and publicly about security topics certainly is a new contribution.

I'm very pleased to share that I am giving four different conference sessions on security topics this year. All but one are brand-new as well! I'm still in awe and very excited. Already next week the next session is coming up.

Finally taking this step that I've waited for quite some time is a big thing for me. I've paved this way since my first security pair testing sessions in 2018, diving deeper every year, and I'm quite enthusiastic about it.

That being said, it's honestly quite a lot of work. It's already a huge challenge for me to create three new conference sessions in one year on any topic, and all those in this huge area... It's a real stretch. It's scary and I'll certainly grow. It'll work out in the end, as always - and yet it's making me as uncertain and nervously excited as I haven't been in a long time when speaking at conferences.

Just recently I've learned that there's even more to celebrate in this space, I got accepted for yet another speaking engagement which is not public yet. I can only share that much: a dream came true for me. I hoped it might happen next year maybe, and now it's already there. I'm still speechless it happened. And very excited!


A Lot to Reflect On

Once again, I noticed that, while I had to force myself to sit and write down all of things above, it really helps me. Having my thoughts sorted, written out, and put out there is a relief from a perceived overdue task, it provides me dearly needed clarity, and it is going to help my future me as well when looking back on what happened and what I did over the years.

Truth be told, listing all the above feels quite good, despite the effort going into making each and every point happen. But how has it been for me in the past months? I've taken some notes for myself during this time. I wish I would have taken more, yet it is what it is, and that's what I got. I still want to persist them and show the other side of it. So here are my rather raw notes, jotted down over time, to keep as a reminder to myself.


May

I came to the realization that accountability works well for me, especially when I don't want to let others down. Yet I always prefer those tasks where I feel I gave my commitment to someone else over my own endeavors, so I'll always feel guilty. And always behind. Did I set myself up for failure? Or for learning to let go and do less?


June

I got so busy that I neglected where I get my energy from: celebrating, taking breaks, games, people conversations and feedback. I dearly needed that reminder.

Now I focused deliberately on de-stressing - and it worked! I'm already feeling a lot more relaxed.

I also re-aligned with people - I really needed this and the energy gained from it. Especially rediscovering the joy. For osco it was really liberating to make that financing decision finally and get over the hump, this allowed me to also start advertising the event again more freely. It's really hard to promote something if you don't know if it's going to take place for real.

Following my energies always served me well - just do the next thing I think of and can do right now. Taking small steps. Feeling good.

My new laptop also encouraged me doing something for the current projects, making it very easy and quickly accessible. It's a great side effect to have the nice combination to have various platforms available now for testing out my projects on different setups. Also, I'm building on the energy of "this is new, I instantly want to do something with it" that I usually get from shiny new things.

Also: I'm finally writing again, journaling these notes. Well, I knew I was better at reflecting and thinking in writing! And I'm so used to write on a laptop that's similar to my working setup - very interesting insight.

Oh, and movement and games of course! I finally did something just for myself again apart from these challenges. It's been way too long.

More sources of energy to take note of: sleep, breaks, tidying up, games, movement, emotions, focus, more intentional social media time.

Due dates help unless they get overwhelming.

 

July

Ben and I set ourselves a due date: until the meetup we're going full in, setting things up - but minimal in every regard! Cutting corners and taking shortcuts, like a real team will have to do if they need to present the proof of concept. We even set ourselves a code freeze a week before (editor's note: we ignored it and did changes until the day before the meetup, obviously).

I'm so glad we did this! This really pushed me to contribute and get into coding again! All my previous jest and unit test and Angular RxJS observable knowledge came to play! Plus my new bff knowledge, all combined - very, very useful, already proofing the concept.

Today I committed lots of changes - and it only took me a couple of hours overall to figure things out I haven't done before yet, very proud of myself. The last bit to add a bff endpoint was only half an hour in the end, including everything! Probably even less.


August

Still feeling overwhelmed with all challenges although most things are more under control now - mainly the time factor is pressing on me. How to juggle all those balls I've sent into the air? I know the answer - I need to drop some and pick them up again at a later point in time. And while it doesn't feel right right now, that's okay and in hindsight it'll also feel better.

I also know I need to force myself to sit down and do things one by one. I know afterwards I will feel better. But sometimes I have to do everything else before I can actually make it happen and sit down and do the thing I'm dreading. Once I've started, it's way easier for me to keep going until things are in shape again. It's about that initial sitting down when I lack energy. Habits could help me, yet I don't have as clear ones for these in place yet. Today I had to force myself to sit down. And again, and again, as this post didn't write itself in one long session. It was still important to do.

I need to wait sometimes to have energy again. Do other things. Just watch a TV show. Dive into the Olympics. Rest as my body told me to. All while feeling that time is running, while knowing I won't get far without sufficient energy. Today I finally had enough energy to get a few things done, even though I had to push myself.

What I'm writing in my initial draft is not very coherent, yet I have to get into just writing again - I can clear things up later, even if that takes more time. First, I need to get to writing again.

Switching contexts is - surprise, surprise - draining energy. And too many tasks on different topics all having due dates drain even more. I've experienced the same here.

I originally thought of posting heavily on social media regarding updates on each single endeavor - and didn't have energy or wasn't sure as I'm not alone on any of these, and it was costing too much to align on everything. In the end I just didn't.

This year I've left out my "stop when you notice you neglect self-care" clause - and guess what? I'm not holding myself accountable. I have rarely played any games, not read much of my fiction. For physical health and strength, I often only invested rather the minimum although I wanted to get in better shape again this year. The most I did was watching TV shows as I wasn't able to do anything else anymore. Often falling asleep on the couch or over a book as well. Hard lesson learned: don't skip self-care, however it looks like for you. Ever. Life is short anyway. I need to make time for things I deeply love. Games, books, volleyball.


A Lot to Keep for Next Year

Several of my endeavors won't completely stop with my personal focus on them at the end of October 2024, they will reach into next year. And yes, I already have further ideas for challenges next year (as if I haven't learned enough from overdoing yet - I haven't). Well, I'm taking note of ideas and leave the actual decision to end of the year, as always. Only making a call once I have more information to make it a good call.

For this year, there's still more to do. I'm looking forward to getting over the next big hump as well. I'm sure I will. And I'm already curious what I'll write in my concluding wrap-up for this year's personal challenge of contributing in new ways.

Monday, May 20, 2024

NewCrafts Paris 2024 - A Memorable Conference to Rave About

There are some conferences out there that you hear people speak highly of. NewCrafts is one of them, and I've waited for years for my opportunity to experience it. It finally happened! Thank you Maxime Sanglan-Charlier for having me this year. NewCrafts celebrated their tenth edition, and I celebrated my first. It was a blast.

 

The Day Before

Travels went well and I had planned to use some of my time before evening activities to go sightseeing. After all, it's Paris! I quickly realized, however, that I just didn't have energy for it, so opted for preparing myself for the conference and taking a break instead. Sightseeing will have to wait for the next opportunity to get there.

The evening before the conference, the organizers invited all speakers to a dinner. They treated us to a fabulous place at Radio France - quite an experience! Great place, great food, even better company.

It's such an awesome feeling to see more and more amazing people come together for these occasions. There are usually some folks that I know already from past conferences which ends up in lots of hellos and how have you been and what have you been up to. There are always speakers I haven't met or not really talked with yet, which allows forming initial bonds. Very exiting, somewhat overwhelming, and still much appreciated.

This time was my chance to re-connect and connect with folks like Romeu Moura, Thierry de Pauw, Elizabeth Zagroba, Marit van Dijk, ZsĂłfia Herendi, Sofia Katsaouni, Aki Salmi, Kenny Baas-Schwegler and Alberto Brandolini. Thanks for making this evening a great start into the conference!


Conference Day 1

It's quite a sight when you walk from the hotel to the conference venue and you're walking straight up to the Eiffel Tower. The venue itself turned out to be really nice, coffee and breakfast treats were served on arrival, and organizers provided a separate speaker room to get prepared. All ready to get started! The first day's program made our choice very difficult, all the sessions were intriguing - I'm glad I'll have a second chance for the talks I missed as all of them were recorded. Even though watching videos usually doesn't really work well for me, I have lots of incentive to do so this time.

  • Keynote: From Pilot to Transformation: Embracing the Reality of GenAI at Scale by Patrick Debois. I did not come with expectations for this talk and was pleasantly surprised that it provided more information about generative AI that I have not come across before, especially around the actual implementation, respective tooling and experience.
  • Team Transformation Tactics for Holistic Testing and Quality by me. I've done this talk a few times by now, and it constantly evolved further. According to people's feedback, this edition seemed to have resonated, and I'm glad it was recorded.
  • Human-centred system design by Trond Hjorteland. It was insightful to learn about the history of the Open Systems Theory, which experiments were run and how concepts evolved. The talk was packed full of insights and conclusions, there's a lot more to go deeper into.
  • Workshop: Architecture Modernization: Understanding your System's Current State using Service Blueprints by Indu Alagarsamy. I wanted to learn a new approach for my toolbox and see if it would help me with my challenges that often involve getting people across roles and teams on a shared page. And this workshop did just that! Service blueprints are diagrams that visualize the relationships between different components like people, systems, or processes that are directly tied to touchpoints in a specific customer journey. It's an approach originating from service design. It brings people together across roles as everyone can benefit from the shared understanding, and helps everyone making better decisions. Indu created a great space to try out creating a service blueprint hands-on, and reflect on the different variants we could use to adapt it to our needs.
  • Effective software design: The role of men in debugging patriarchy in IT by Kenny Baas-Schwegler. I loved seeing this session on such a crucial topic on the program and am really happy I could join it live. I very much appreciate that Kenny used his privilege to lead by example and address these difficult topics and convey very important messages that more people need to hear.
  •  Keynote: Don't Hit the Iceberg by Diana Montalion. I really appreciated the points made, along with the encouragement to do better and participate in creating a better environment together. The iceberg model helped convey the message of how things are connected and how systems drive different behaviors. A great reminder for all of us to look out for the invisible parts of the icebergs we encounter, every day.

A conference is not only the sessions you attend. All the informal times before, in between and after the program are invaluable to learn more. Lunch allowed insightful conversations, this time including Michael Plöd, Susanne Kaiser, Anja Kunkel, and Krisztina Hirth. Right after the conference, there were drinks and pizza served, and a meetup took place at the same venue. It sounded very interesting, yet I didn't make it there as I got caught up in lots of interesting conversations. Finally, as it usually happens at conferences, a dinner group formed for the evening. We all enjoyed some lovely quality time together along with nice food. For me a great chance to catch up with Joep Schuurkes, Kostas Stroggylos, and Markus Tacker

 

Conference Day 2

Time is flying if so many things are happening. The second and final conference day started, and had once again lots of good stuff prepared for us.

  • Keynote: Power Structures and their Impact on Software by Andrew Harmel-Law. I had high hopes for this keynote as I've seen the speaker with a brilliant talk before. This keynote even exceeded my hopes! Andrew not only presented what I've experienced myself in such poignant ways, they also used their privilege to call out systemic issues that we all must continue fighting to build a better world. My sincere, heartfelt thanks to Andrew for this absolutely wonderful keynote - it's been resonating with me more than I can express and I believe way more folks need to hear it! And on top of this, representation matters and we need to see more neurospicy folks on stage. Andrew included meta talk about themselves, and thus not only provided a role model but also helped normalize talking about the whole topic.
  • Workshop: Leveraging Team Topologies for software evolution by JoĂŁo Rosa. I hoped to learn more about team topologies, potentially uncover mismatches with my mental model about it, and also gain more practice to apply these concepts back at work. The workshop did all this and provided lots of hands-on opportunities to engage with the material. A few things really stuck with me. The core idea to reduce cognitive load and making it the base for our decision making. Shifting our thinking from problem solving to puzzle solving when it comes to designing teams and their interactions, and using the "yes, and" approach to find the next piece. Strategizing against the environment to change it, and intentionally re-shaping towards the future to have the organization aligned in business and tech. Really well structured, explained and facilitated workshop, with an impressive workbook to go with.
  • Shades of Conway's Law by Thierry de Pauw. I'm in awe of Thierry going through all this material on such a complex topic and condense the findings in such a concise manner. There's a lot to digest and think about, and this talk triggered just that. I'll need to keep on thinking about this and matching what I've heard and learned in the talk to what I experience at work, and then to see how I can apply the gained knowledge to help my organization (or at least a sub-part of it) to a better place. Really, so much food for thought in here.
  • My Team Is High Performing But Everyone Hates Us by Stephen Janaway. I hoped for an insightful story from the trenches - and I got one! Could relate with a lot of what had been shared, and loved the condensed playbook with sage advice for our own contexts. Really engaging presentation and great storytelling as well!
  • Bring meaning back to your retrospectives (no matter your role) by Sofia Katsaouni. At first, I didn't plan to come to this talk as I felt I had already engaged with the topic so much in the past, so what's there still to learn right now. After getting to know Sofia better, I decided to join nonetheless and give it a try, allowing myself to find serendipitous new insights. I was not disappointed! I really liked how the talk encouraged everyone to reflect on our own experiences and gain a deeper understanding on what likely happened in certain situations, and how we could approach similar ones differently in the future. Although nothing of what had been shared was completely new, the arrangement was unique and did inspire to take further steps and go deeper into the respective topics, once again.
  • Keynote: Technical Neglect by Kevlin Henney. I've heard Kevlin speak at a conference many years ago and had high hopes for this keynote, especially on the given topic of technical "debt" as it's often called. No disappointment here! It was an amazing and very insightful spotlight on what's so often happening, and also gave tangible advice on how to turn our ships around and get them back on course. This will be a talk I'll refer people to a lot in the future.

What about the rest of the day? During lunch time, I really enjoyed conversations with Vitaly Sharovatov, Minh-Tâm Tran, Elizabeth Zagroba and Joep Schuurkes.

When the conference was over, lots of people had to leave right away. Some people joined for another drink, and we once again found a wonderful dinner group to enjoy the rest of the evening with. Many thanks go out to Marit van Dijk, Mathias Verraes, Alberto Brandolini, Kevlin Henney, Michel Grootjans, and Stéfanie Loiseleur.

That not being enough, of course we ended up in the hotel bar before it was really over. So here's my shout-out to Indu Alagarsamy and Javiera Laso - thanks for the perfect closure of a memorable conference!

 

Conclusion

Would I recommend people to join NewCrafts? Yes, absolutely. Especially if you want to grow beyond your current position, role and expertise - if you are eager to learn more about the world and the socio-technical systems we're working in. You will not only hear about tech and culture topics that are relevant right now for your work, but also about all kinds of horizon-broadening topics to help you grow further as a human. Add to that a really smooth conference experience, and an inspiring crowd to learn with. People raved about this conference, hence I really wanted to go. Now I'm part of those people, and I really want to come back!

Sunday, March 17, 2024

Contributing in New Ways - Everything Everywhere All at Once

It's been a while since I last wrote down my thoughts about things that happened, things I've done, things that evolved. And a lot had happened since beginning of the year when I announced my personal challenge for 2024. I would have loved to share a lot more frequently about my endeavors in small social media snippets, yet the last months had been not only busy but energy-draining (due to other aspects). There simply wasn't any energy left to share what I'm doing, and I rather spent the energy available on the doing itself.

As I'm slowly getting back to a more sustainable pace, and back to the kind of busy that I personally like and that gives me energy instead of just taking it, I'm finally ready to share a few things.

So, how did I contribute in new ways in the last months?

 

New Work Contributions

At work, I completed my first backend feature. I've worked on the backend before, yet rather focusing on cleaning up legacy, adding tests, improving things, adapting existing features. Yet I simply never had the opportunity before to add a completely new feature. We currently only have one dedicated backend engineer in the team, so I'm once again filling a gap. Admittedly, a gap that I really like and am way more familiar with than with other endeavors.

I gave a bunch of company-wide learning sessions again, this time experimenting with two new formats. One on offering a dedicated public learning hour on all things security, one on sharing stories from my own team to initiate conversations how to grow the culture we want to see. Both formats were planned as a series of at least five sessions. Both had high quality (though low quantity) audiences so far, and people could take things with them after each session. I am calling that a success.

I've also learned a lot more about very domain-specific compliance topics, processes, audits, and more. These are not topics I'm keen on jumping on (especially compared to the other two), yet it's been another gap to fill and another contribution in a new way.


New Conference Contributions

Speaking at conferences is not a new thing for me anymore. What can be new, however, are new formats, new teaching styles, new session topics, new conferences, and new communities.

I decided to go for new topics and finally submitted my first security-focused conference sessions. I was thinking about this for a long time already, basically ever since I started to invest in security knowledge and skills. Yet it's an especially scary area to step into, and that accounts for conference sessions as well.

I managed to write three new proposals, two workshops and a talk. Two sessions are still waiting for the first conference to give feedback on, one is already accepted! I'll have the honor to give my brand-new "Capture the Flag Together: Security for Everyone" workshop at the free Software Teaming Online Conference 2024. And Lisa Crispin agreed to co-facilitate with me! It's going to be a lot of fun. I just love this conference, and I owe a lot to it. Fun fact, my all-time most booked workshop "Ensemble Exploratory Testing" also has its roots there. Very curious what happens to my new security workshop in the future, and in general to more security-focused sessions. At least the first step is done!


New Community Contributions

Finally, my courageous community contributions! So much to share from the very start. Right after having posted my personal challenge of the year, yet another initiative evolved. I can tell you I'm so very excited about everything. Depending on the initiative, I cannot always share everything publicly right away, yet there's enough to share already!

  • Launch an open space security conference together with Claudia Bothe, Claudius LinkDave van Stein, Janina Nemec, and Ulrich Viefhaus. The TL;DR version: it's happening for real! The Open Security Conference (#osco) will take place on 4-6 October 2024 in RĂĽckersbach, near Frankfurt in Germany. A lot more folks joined as organizers since I last wrote about this initiative. We have further awesome supporters in the closer circle as well. Our website is public (and constant work in progress), first social media presences initiated on Mastodon and LinkedIn. Have you seen our amazing logo created by Janina Nemec? The event will be a full open space conference with the addition of two keynotes to kick it off - one amazing and well-known speaker is already confirmed. We're looking for sponsors, if you have a suggestion for us it's appreciated! Well, a lot more is coming and to be revealed as we go further. There's a ton of more work to be done, this initiative is indeed not getting boring at all. Instead, it's very exciting, and I'm really happy to have such a great organizer team to take this journey with!
  • Create a security card game together with Martin Schmidt and Philipp Zug. This endeavor took shape as well over the last months. We already had a play session, trying out the game for the very first time. It was such a cool experience to test out the preliminary content and experiment with different game mechanics. And it instantly generated lots of more ideas to improve on. This is a really chill and fun activity and we hope to bring it to open space conferences and the world. Check out our Security Card Game Github org in case you want to follow along.
  • Build a full-stack open-source practice platform as an ensemble with Ben Dowen and Vernon Richards. Yet another initiative I feel very hyped up about! We are taking the roles of the employees of the fictive company "Make-Believe Labs", taking on "Project Snack Shop" for a customer who wants to digitalize their well-running snack shop business by offering an online shop. For real, I just love this happening. We have an ensemble session each week, and we are all in. From our own vision, to the actual project offer and context, to the first proof of concepts, to team agreements, to design documents, to architectural decision records, exploring walking skeleton options with code, and more. This is just super awesome. We have so many ideas to build on this! We don't have an overarching Github org for this yet to follow along, but stay tuned, a lot more is brewing already.
  • Offer Shiva Krishnan's and my leadership workshop series to the community. Ah, a longtime endeavor dear to our hearts. This series proved to be valuable to lots of people in the past, and it definitely helped both us grow immensely. Finally, the time has come to spread the word further and transform our workshops to an open community offer. This year we want to try it out with a small cohort. In the first instance, we won't have public registrations, yet will build on our networks for this first community proof of concept. If this goes well, there are plans for more afterwards! It's now really taking shape, and I'm glad to see this. Although access won't be public in the first instance, I'll see what I can share as we go along.

By the way, as if any one of the above wouldn't be enough (they clearly are), there are still further endeavors on my list that I'd love to start. I know, I know, I can't do everything at once, so I deliberately hold back for the moment, as above initiatives (as you can imagine) already fill my time very easily. They also give lots of energy! Lots of growth, too, and I'm not alone in either of them.

As I'm writing this, I'm looking back to the original hypothesis for my personal challenge. While above endeavors are indeed new contributions, quite courageous and also ambitious, I'm also very pleased to see that the hypothesis criteria will be very easy to measure indeed. I won't have any trouble to learn from these initiatives. Seems I'm on the right track, and that's providing me peace of mind already.

I am very much looking forward to see how each of these new contributions evolves over time. Truly exciting!

Tuesday, January 2, 2024

My Personal Challenge for 2024 - Scary New Grounds

In the last few years, I've taken on several personal challenges. These are things that initially scared me yet clearly helped my personal growth. You could also call each of them my "theme" of the year to focus on deliberately, as my learning partner Toyer Mamoojee framed it. For 2024, I am taking on my sixth one! 


Open Thinking

While working on my current challenge of the year, I am already taking note of topics that cross my path that would make yet another great theme for the following year. Here's my rough and raw list of thoughts that came to mind in the sequence I noted them down.

  • open source contribution
  • security
  • accessibility
  • app development
  • call for a weekly 90min ensemble creating an open source app together
  • a project a month
  • build an intentionally insecure movie app for practicing
  • "everyday security" series
  • "accessible security"
  • asking for help; see Ady's idea
  • initiate pairing/ensembling with others
  • deep dive focus weeks: learn foundations for a topic and share to deepen my generalist me
  • series of how I test things, especially on the backend side
  • anything that contributes to my vision of systemic inclusion and growth?
  • feeling I'm doing the same over the past years, over and over again, also re-using a lot of what I've built before; yet there's so much more to learn and grow into, like Maaret continually does, expanding
  • do something I haven't done before, truly grow again; I've used lots of approaches in the last years that had worked before, just built on them and refined them; yet didn't really reinvent myself anymore
  • really do need my own topics again, not being driven from conference to conference alone, neglecting my goals and blog
  • “Courageous Community Contributions” - finding new ways to contribute to the community (like I found new ways to contribute to a team and company over the years)
    • These are still scary!
      • List of a bunch of points - not revealing them here yet, you'll need to read on ;)
      • … leaving space for serendipity
    • What else I might do, yet not as scary anymore:
      • Paired blog posts
      • Paired conference sessions
    • Other things I’m already doing, that are not scary anymore:
      • Blogging
      • Public speaking
      • Security testing sessions with Peter Kofler
      • Code reading club
      • Learning partnership with Toyer Mamoojee
      • Daily habits and practice

As usual, the last idea grew and took shape in my head, and I kept adding to it. That's usually the candidate for the very next year, so here it is!


My Challenge for 2024

Here's the challenge of my choice for this year: "Contributing in new ways." Let's dive into this.

The challenge: I owe a lot to the various communities out there. I'm doing a lot to give back and especially pay forward through sharing on social media, blogging, and conference speaking. There are a lot more ways to contribute, though! I'd love to explore new options and pathways. This runs parallel to what I do at work: constantly re-inventing myself, my role, and how I contribute to teams and organizations. Going out of my comfort zone is how I've grown myself as a generalist. Therefore, I think I can contribute also in different ways outside of work. So here's my challenge to find new ways to contribute to communities and dare to try them - they only can't be the old things I'm already doing (while no one stops me from continuing what I want to continue).

The hypothesis: I believe that contributing to communities in new, courageous ways will add value to the communities I'm part of and grow my own knowledge and skills. I've proven the hypothesis when...

  • I have contributed in three new ways,
  • other people engaged with these contributions, and
  • I have learned three new things from each.

The experiment: In order to prove or disprove the hypothesis, let's get more concrete.

  • Contributions need to be courageous, something I haven't done yet that I find scary enough while being ready to give it a try.
  • Communities to contribute to are not limited, whether I'm already part of it or it's a new one I'm discovering on the way. Topics are not constrained either, as this is all about re-inventing myself by daring to contribute in new ways.
  • My initial options are not carved in stone. Instead, they are even prone to change, and that's welcome. I deliberately leave space for serendipitous new collaboration options.
  • There's no constraint on how much time these contributions require, whether they only take one hour or continue over many months.
  • If a contribution turns out to be not scary at all, then it's still a valid contribution to the community I can decide to pursue.
  • I choose to share anything about these contributions in any form I find appropriate. I am not limiting myself to blog posts for this challenge, nor do I require myself to write any.

Timeline criteria: It always proved valuable for me to think about when to start, when to pause, and when to stop.

  • Start: The fact that I've taken initial steps for a few courageous endeavors already in 2023 doesn't hinder me from including them in this challenge. The main focus will still start from now on.
  • Pause: Whenever I neglect the self-care I committed to, I stop to re-assess the situation and make a judgment call for how long to pause the challenge and get back on track to maintain the required energy. Pressing on without having the energy for it is a no-go.
  • Stop: It's time to stop my challenge and evaluate my experiment overall when I've either proven the hypothesis or it's the end of October 2024.

The hashtag: Initially, I opted for the following name and related hashtag to refer to this challenge: #CourageousCommunityContributions. Yes, I do like alliterations. This one's quite a mouthful, though, and I realized I'm not thinking about this challenge in this way. So I decided to take the words I use when I think about it, and that's #ContributingInNewWays. So be it.

Reviewing all this, I acknowledge the substantial risk that I open up too many topics and, hence, once again feel overwhelmed like in 2023. To mitigate this, I'm trying to build in as much freedom as possible to reduce unhelpful pressure. I don't want to lock myself in and instead still be able to respond to life. The constraints should be liberating. After all, I'll have to try it out and see how it goes.

Also, framing my challenges as measurable experiments allows me to document a starting point and afterward compare where I ended up with that initial state. So, hypothesis measurements are a tool to help me look back and spot differences. The most important metric will always be how much value I got from these personal challenges for my own growth. So far, it's always been worth it to dare take this journey.


It's on!

You might wonder, what kinds of contributions do I already have in mind? Here's a non-comprehensive list of currently prominent topics. As stated above, these options are prone to change. I'm sharing them here to make all this more tangible, help me reflect once I finish this challenge, and see if any of you would like to join me in any of these endeavors.

My journey already started with a few tiny steps on some of the listed topics last year. With old tasks closed and the new year starting, I now have a lot more focus to spend. I'm grateful for my wonderful conspirators, looking forward to our collaboration over the year, and I can't wait for what I'll learn on this challenge!