"Security Is Our Top Priority" is BS

A couple of years ago I was asked to give a conference talk about software security. Well, actually I wasn't really asked, my company bought a sponsorship package with a speaker slot and I replied to the internal email asking for volunteers  🤣  Anyway, while preparing my talk, I realized a couple of important points about security that have not left my mind since: Security is limitless . You can always spend more effort to make things more secure. The same goes for quality, safety, employee happiness, etc. The needs of security are opposed to the needs of a convenient user experience . Improving one typically hurts the other. Now some organizations say "Security is our #1 priority". Really? You want to make something that has no limits your number one priority? I mean security is a good thing, but this seems a bit too simple? In fact, hollow marketing claims like that can make me a bit angry. In this post I'll help you understand what to make of statements like that

Always Optimize the Feedback Loop

Speed, I am Speed. -- Lightning McQueen Some thoughts about the impact of feedback loops in startups and software. Parts: Intro Framework Observations Take-away Intro Feedback delay is the time between doing something and seeing whether it was successful. If the feedback is slow, we have a "lagging indicator". It becomes hard to link causes and effects, and in consequence it becomes hard to optimize the performance. Fast feedback makes things easy . How quickly the feedback arrives is critical. If it takes milliseconds to seconds, it works at the speed of the brain and enables a state of flow . If it takes decades to centuries, it needs a multi-generational organization like a government or organized religion to run it. Somewhere in the middle is the realm of persons, teams and companies. A framework of feedback time Here's a quick table of feedback times, in three groups, with each roughly an order of magnitude difference. C   is the level where (large) organizations ca

[TSTIL] Mendix Cloud v4 - Part 2 - How to launch a complicated product

[ This is a part of " The Software That I Love ", a series of posts about Software that I created or had a small part in ] 2018 - Mendix Cloud v4 - Part 2 - How to launch a complicated product Note : This was a multi-year mega project (at least for my standards) and ran from about 2015 till 2018 when I left Mendix. It's still one of my proudest professional achievements. If you haven't yet, read part 1 about Cloud v4 . During 2017/2018 our team was doing a lot of things at the same time: Handle the operational fires in Mendix Cloud v1/v2/v3. Add new hardware with 50%-100% YoY growth, as well as handle all kinds of customer requests, like resizing VMs or adding more storage. These were all manual operations by our engineers. Migrate v1/v2 apps to v3 to ensure standardization. Build v4 which would make everything standard, scalable and self-service. It would be the solution to solve the chaos from v1/v2/v3. Fires? What fires? Running a 24/7 hosting operation for custome

[TSTIL] Dat Narrenschip

[ This is a part of " The Software That I Love ", a series of posts about Software that I created or had a small part in ] 2005 - Dat Narrenschip Around 2005 I started creating a website for my friend Jaap who deals in antique maps at I wrote most of this here: see How we ended up owning a framing shop next :  2005 - Porting an Atari tax program to Delphi previous :  2004 - The HP 49g

How we ended up owning a framing shop

As of last year my wife manages her art framing shop in Soest . It's an interesting business and here's how we ended up owning it. Shortly after taking over the framing shop, the local newspaper wrote an article about it. When I was 16 and living in Middelburg my mom introduced me to a bit of an odd man. His kids went to the same school as my siblings and his wife told my mom they needed a new website. My mom suggested I could help because I was always on my computer and she wanted me to do something useful. Thanks mom! Jaap (as he was called) smoked a lot, had long hair, and always listened to hippie music like Pink Floyd. Most importantly, he had a lot of interesting antique maps which he dealt in. His passion for the maps and the stories he told about them were incredible. His knowledge is encyclopedic, he can tell you exactly which edition of a map it is by subtle variations in the paper. I really liked him and we are friends to this day. One of the maps he showed me was on

How I learned to Innovate (a bit more) in Regulated Industries

Here's a short story about how I learned to innovate (a bit more) in regulated industries. In the summer of 2020, Yves Prevoo had got easee in the first Techleap batch. Pretty cool! I was invited to join one of the sessions for the CTOs in which Ali Niknam talked about his adventures. I didn't know anything about him then but I liked him right away as he also wore a black t-shirt and a Casio F91w, my standard outfit. I had been struggling with innovating in a highly regulated industry. I dreaded the yearly ISO 13485 audits and always had the feeling we were doing everything wrong or breaking some law that we didn't know about yet. It didn't help we didn't have anyone with Medical Device experience and it didn't help that we had a very strict auditor. To be frank, I really had no idea how to develop anything new and get it certified without going bankrupt from the clinical trials. I didn't know what to do or how to lead my team in an inspiring way because of

One year of Freelancing as Fractional CTO

I'm taking some time to recharge after struggling as a startup CTO for 5 years (with lots of ups and down). I have been working 40 hours a week in salaried positions from 2010 till 2023, and I decided to take it a bit easy. And with easy I don't mean to not work hard or to do simple work, but to not be 100% committed to a company for the long term. In June 2023 I started freelancing as a Fractional CTO. It's for complicated projects or for companies that don't need a full-time CTO yet. It's been really great. In the past year I've: Posted my availability once in my "goodbye to easee" LinkedIn post. Been hired by 5 companies, who all found me through my own network. Networked more than ever before. I suddenly have time for random meetings throughout the day. Have not started an LLC (BV), nor got insurance, nor opened a separate business bank account. Have signed only 1 contract for my freelance work (but some more NDAs) and almost never committed to a c