This is the second part in a series expanding on the conference talks I have given this year about the path to Staff Engineer and beyond. In the first part, I discussed what Staff Engineer really means and how it differs from management. One of the hardest shifts on the path from senior engineer to staff engineer is learning that your job is no longer just to solve problems. At the senior level, that is what you are valued for. You take on hard work, you ship, and you do it well. But at Staff, that is only part of the job. ...

This post is the first in a series expanding on the conference talks I have given this year about the path to Staff Engineer and beyond. These talks have resonated with a lot of people who feel stuck between senior engineering and management, unsure of what comes next. Over the next few posts, I will break down what Staff means, how to grow into it, and how to lead without giving up the craft. The second part is already live: The Path to Staff Engineer, Part 2: From Problem Solver to Problem Finder. ...

It’s been nearly two years since I moved from being an Individual Contributor (IC) to a Tech Lead Manager (TLM) - a hybrid role that combines the responsibilities of a manager with those of a senior engineer. When I was offered the role, I reached out to a few friends at companies that had TLMs. Their advice was nearly unanimous: “It’s a trap.” Clearly, that gave me pause. But also - of course it’s a trap. It’s all the responsibility of a manager and of an individual contributor. ...

This morning I spoke at MacDevOps:YVR on the topic of Staff Engineering. Than you to everyone who came, and a huge thank you to Mat, JD, and the rest of the MDO team for putting on such an amazing conference. Here are the slides and the resources I shared during the talk. Mac Admins Open Source Movember Influencing without authority

This afternoon I had the pleasure of presenting at MacAD.UK in Brighton on the topic of Zero Trust for Mac admins. Here are the slides and the resources I shared during the talk. Thank you if you came to see me speak, and a big thank you to the organizers for putting on such a great event. London Apple Admins Mac Admins Open Source MachineInfo Osquery Mac Admins Osquery Extension Managed Device Attestation Shared Signals Framework

This week, Mac Admins Open Source released a new tool called SOFA. SOFA is a machine readable feed of macOS and iOS update data - including CVEs. Of course, my mind immediately jumped to “this would be a great osquery table”, so the macadmins osquery extension was updated this week to include tables for both the security release information for macOS (sofa_security_release_info) and unpatched CVEs (sofa_unpatched_cves). In this post, I’ll show you how to use the new sofa_unpatched_cves table to investigate unpatched CVEs on your macOS fleet. ...

This week, I travelled to beautiful Gothenburg to speak at MacSysAdmin. Thank you to Patrik and the rest of the team for being such great hosts, and to all my friends, new and old, who made it such a fantastic week. My slides are available, and the video has been published on the MacSysAdmin site.

This morning I saw a major MDM vendor advertising an upcoming feature that will write scripts to manage your macOS devices for you using generative AI - sounds like the end of our profession, right? Let’s look at an example of a common IT task - keeping Chrome on macOS up to date. I asked ChatGPT to “Write me a script to keep Google Chrome updated on macOS”. It returned the following: ...

Last week, I gave my first conference talk in over three years - and it was about what took up most of my 2022 - deploying phishing resistant MFA. Thank you to the organizers of MacAD.UK, the other speakers and all of the attendees for making it a great event. My slides are available, and the video is on Youtube.

macOS 13 Ventura introduced Managed Login Items - a way to keep users informed about what LaunchAgents and LaunchDeamons are running on their devices and easily disable unwanted ones. We also eventually got a way manage these items on via MDM. However, the notification users get when we either update the LaunchAgent or LaunchDaemon plist itself, or when we replace the binary the Login Item loads is next to useless. ...