Tuesday 27th January issue is presented by Software Secured

My First Pentest: What Engineering Teams Wish They Knew Earlier

Most penetration tests serve auditors and compliance teams, not the engineers who are expected to remediate the findings.

Engineering-first pentests are built differently. They:

• Surface the blind spots attackers actually exploit

• Provide clear, actionable findings engineers can fix

• Are conducted with manual effort by experienced hackers

• Are designed for iteration

• Fit naturally into engineering and compliance workflows

Get Your Sample Report

The Shape Of Leadership

— Mike Fisher

tl;dr: “I’ve been thinking about these two patterns as a metaphor for leadership, because they reveal something important that many leaders struggle to articulate: there isn’t one “right” way to organize people. There are only patterns that fit the moment, and patterns that don’t.”

Leadership Management

Autonomy And Clarity In Leadership Styles

— Bjorn Roche

tl;dr: “Over the years I’ve gone back and forth about the right approach to management and leadership – should you give your team autonomy and trust to develop solutions themselves, or should you give them specific objectives and direct the team in a hands-on way? Should you come to the table with a strong point of view and get as much buy-in as you can, or build consensus by working with all stakeholders to come up with a plan together?”

Leadership Management

Why Pentests Break Engineering Workflows (And What Actually Works Instead)

— Sherif Koussa

tl;dr: After a few cycles, you begin to notice recurring negative patterns in penetration testing. The severity levels do not align with actual risks, leading to a loss of trust in the process. As a result, the report turns into a static document rather than a useful tool for teams. What should be a valuable exercise instead becomes a routine checkbox that fails to contribute to risk reduction. The most effective tests are those grounded in the app's technology stack, real-world risks, and appropriate fixes.

Promoted by Software Secured

Management Tests

Curiosity Is The First-Step In Problem Solving

— Will Larson

tl;dr: “Of everything I’ve tried, demonstrating curiosity is consistently the best technique I’ve found to reduce the cost of being wrong. These days, if I regret being wrong about something, it’s almost always because I engaged in problem solving before exercising curiosity. I feel this so strongly that “curiosity is the first step of problem solving” has become a steadfast engineering value in the organizations that I lead.”

Leadership Management

How I Estimate Work As A Staff Software Engineer

— Sean Goedecke

tl;dr: “The common view is that a manager proposes some technical project, the team gets together to figure out how long it would take to build, and then the manager makes staffing and planning decisions with that information. In fact, it’s the reverse: a manager comes to the team with an estimate already in hand (though they might not come out and admit it), and then the team must figure out what kind of technical project might be possible within that estimate.”

CareerAdvice

Take AI Agents From Playground To Production

tl;dr: Everyone is experimenting with AI agents and MCP servers, but how many are truly production-ready? Identity, auth, and access control are often the hidden blockers. In this on-demand webinar, we explore real-world MCP use cases, the agentic identity challenges teams hit in production, and actionable tips to build secure, scalable AI systems without slowing teams down. Watch the webinar now.

Promoted by Descope

Agents AI

Welcome To Gas Town

— Steve Yegge

tl;dr: “Gas Town workers are regular coding agents, each prompted to play one of seven well-defined worker roles. There are some other key concepts I’ll briefly introduce, along with the roles, like Towns and Rigs.”

ThoughtPiece AI

The Challenges Of Soft Delete

tl;dr: “Software projects often implement "soft delete", maybe with a deleted boolean or an archived_at timestamp column. If customers accidentally delete their data, they can recover it, which makes work easier for customer support teams. Perhaps archived records are even required for compliance or audit reasons. I’ve run into some trouble with soft delete designs. I'll cover those, and ponder ideas for how I'd build this in the future.”

BestPractices

I Got Paid Minimum Wage To Solve An Impossible Problem

— Ties Petersen

tl;dr: “Sweeping the entire Albert Heijn floor. Sounds simple. And should’ve been simple. But I’m a Computer Science student, with a problem: I can’t stop trying to optimize things that (probably) don’t need optimizing. So instead of just doing my job and, well… sweeping… I did what any “reasonable” person would do: I turned the supermarket floor plan into a grid graph, built a visual editor and wrote a C++ path optimizer using simulated annealing.”

DeepDive

Most Popular From Last Issue

Agentic Development Basics - Steve Klabnik

Notable Links

Fresh: Text editor for your terminal.

Napkin Math: Techniques for estimating system's performance.

PageIndex: Vectorless, reasoning-based RAG.

Skills: Public repo for agent skills.

Swark: Create architecture diagrams from code automatically using LLMs.