Public speaking

When thinking about building reliable software, we mostly focus on technology. While our tech stack, architecture, and good practices all matter, they are not what determines the reliability of our software.

Drawing from my experience of delivering software with strict SLAs, I'll talk about often overlooked foundations for creating software that doesn't flake. Spoiler: it's not about technology at all.

I'll go over aspects that can help or hinder the reliability of your software:

• Measuring performance and rewarding people
• Team composition and structure
• Ways to organize the work itself
• Balancing the boring with the exciting
• Common leadership mistakes that undermine your operations

WAs engineers, we’re used to thinking in algorithms where causality is clear and the same set of actions always produces the same results. When we apply algorithmic thinking to complex systems, however, our well-meaning actions often result in unintended consequences. Whether driving organizational change or fixing a small bug in your monitoring system, it’s not enough to consider the most immediate and direct result.

In this talk, I’ll go over examples of simple changes causing large scale unintended consequences, explain how to recognize when your actions could impact more than you wish for, share techniques for anticipating ripple effects so you can use them to your advantage, and help you become more adept at reasoning about complex systems.

Traditionally, security is all about creating obstacles and making it difficult to access data. This is at odds with our drive for a more smooth and faster development process. How can we keep the software we’re building secure without adding friction for engineers? Can security ever be something other than a costly nuisance?

In this talk, I’ll explain how to create a foundation for security by design, go over quick wins at the cross section of security and productivity that most companies overlook, and share my tips for building secure software without sacrificing productivity.

You’ll learn how to:

• Recognize patterns that promote security and those that hinder it
• Avoid wasting time implementing practices that make no sense
• Infuse a security mindset into your development process
• Understand what your CISO wants and when to push back

How to put a number on the cost of something that may not even happen? How to assign value to abstract and subjective constructs like “brand reputation” or “customer trust”? How do we know if we’re spending enough on security, and how to tell if we’re spending too much?

Assuming we have the budget for software security, where should we invest it? And in the absence of a budget, what can we do to obtain it?

In this talk, I’ll demonstrate a few basic techniques used in finance that we can use to gauge what is a reasonable spend in software security. I’ll also show how to recognize high-value activities, how to tell them apart from security theater, and share my tips for communicating your numbers with the executives.

All of us have an approach for deciding whether to build that next thing in house, get something off the shelf, or use an open source solution. I’d like to share a method I’ve used and refined over the years to simplify such decisions, and I’ve distilled it into a flowchart. Say goodbye to overthinking, decision paralysis, and projects that are doomed to fail!

There is always more work than time. We’re getting requests from leadership, co-workers, customers, all the while dealing with bugs, tech debt, and things we actually want to do. Sometimes everything seems urgent and has to be done yesterday, yet it’s impossible to do it all. In this talk, I’ll share how to recognize what work is worth doing, when to say no, and how to avoid getting stuck in a firefighting loop.