whoami

I'm charlie, Staff Security Engineer on GitLab's Red Team. I have been at GitLab since March 2019, originally as a backend engineer. I have been writing software "professionally" since about the late 90s.

Over my backend engineering career at GitLab I was a backend maintainer, database maintainer and a subject matter expert on GraphQL, ClickHouse, Agile project planning and GitLab's Plan stage feature set. I also just really like processes, though I mostly analyse them and find failure modes, including "we have too many processes".

I made the jump over to Security and bring my knowledge of development processes, software engineering and years of experience developing the product to the Red Team side.

TMRG note

As a co-lead of the Global Voices TMRG. I advocate for APAC, southern hemisphere, remote, rural, immigrant, caregiver, and those in non-temperate climates.

As a Caregivers TMRG co-lead, I advocate for APAC, caregivers of neurodiverse dependents and end-of-life caregiving.

GitLab team members are welcome to contact me about any of these topics, or anything else, ideally over Slack DM.

Talks

I love learning and sharing knowledge. I also have discovered that I love combining unrelated topics and seeing what eventuates. It increasingly results in slightly left-field talks people seem to find interesting.

At any point there are about 5-8 talks in progress. Happy to repeat any of these.

• Beyond ‘delete my browser history’: infosec after death - Chcon 2024 (pretalx, recording)
  • On extreme unavailability, data control and digital remains.
  • What to do with your accounts before you die so your nontechnical whānau can wind your digital life down.
• Floating Points (public maths lecture and aerial silks performance, 14th September 2024)
  • On data, information, semantics of units
  • I gave this talk while also doing the silks moves.
• The Tale of the Curiously Empty String - Security Show and Tell, and Nelson Dev Group, April 2024.
  • A spooky poetry reading with props and in costume
  • On incident response, templating attacks and hierarchy traversal in Python
    • But actually about endpoint audits and hygiene
• My Kids Hack Me and it’s Awesome - ChCon 2023 (pretalx), Plan Team Day October 2023 and GitLab Summit 2024 Unconference session
  • On persuasion, rhetoric, and kids leveraging social engineering for ice cream.
  • A variation given January 2024 by 11yo, her first public speaking engagement at our local dev meetup (I Hack my Mum and It’s Awesome)
• An Approximate History of Accuracy (RubyNZ Retreat 2023, October 2023)
  • A history of measurement, humans’ relationship with error and the evolution of statistics and data aggregation.
• Hacker slang from 10* years ago (*base 32) (Nelson Dev Group, September 2023)
  • Terms used by “hackers” (people who tell computers what to do) circa 1991 based on Eric S Raymond’s excellent encyclopaedia - a hilarious demonstration of how technology has changed. 
• Calendar calculations with ncal/cal (Nelson Dev Group, October 2022)
  • Where did my 10 days go?? A thread pull into how ncal determines your location’s particular date of the Gregorian Calendar Reformation (spoilers: it’s weird).
• Lectures, University of Victoria, Wellington 2020-2022
  • Series of lectures on the Introduction to GitLab for third-year computer science students. (6 different lectures, March-May 2021, March-April 2022)
  • Plan and Portfolio Management using GitLab (June 2020) 
  • Agile Methods for Software Project Management (August 2020)
• GraphQL @ GitLab (Virtual Contribute, April 2020)
• Furniture Anarchy (Aspiration Summit 2017)
  • A tiny pop-up session about boring, solidly made furniture being best furniture based on Christopher Schwarz' woodworking philosophy.
  • I'm only mentioning this one because the title is cool 🤘
• Software is the closest thing we have to magic - Various keynotes at Rails Girls in NZ from 2014-2017
  • Being able to understand software gives you the power to create change in your world.
  • Christchurch 2017, Wellington 2017, Wellington 2016, Christchurch 2016, Motueka 2015 (also organised), Auckland 2014, Wellington 2014.

Values and way of working

I value authenticity and the GitLab CREDIT value system. It aligns very well with how I naturally work. I value collaboration, inclusion, iteration and transparency to strive for efficiency and results. I like enabling others in these things as well.

I want to be proud of my work. I'm happiest when I am doing interesting, impactful work that leverages my talents, working with a collaborative, low-ego team. I love doing technical work, but I also love helping others with technical work, whether it's programming or process stuff or questions around how to communciate impact.

I'm not interested in the spotlight or politics. I try to be authentic in everything I do. I enthusiastically give credit to others because I love celebrating the talent of those around me. I give and get help constantly.

I'm interested in the why, not just what including why people act the way they do. In the case of conflict, I try to understand the position of the other person, the reflection of what they value and how we can move forward leveraging the values commonality we share. Understanding the why is the first step to engagement and communicating value.

Nomenclature of projects is important to me to get engagement. It seems I have a talent for giving things silly names.

Task management

Like everyone else, I have a limited amount of time and energy. I try to be aware of my energy level and determine what my "limit" is and work within that. In other words, I avoid burnout by prioritisation of the most important things. I don't have any hesitation saying no to things if I know I won't be able to prioritise.

I am OK with splitting my attention across multiple things, but may need convincing that it's worth deprioritising something I'm currently doing.

I'm in a lot of channels on slack, and I like to pay attention to wider trends. I've coffee chatted with a fair slice of the company over my tenure at GitLab, I think it's probably over 1000 coffee chats with various people.

I like focusing on a few high-level initiatives, and check in with my manager to ensure how I'm spending my time aligns with wider strategy goals.