It’s been nearly two years since I moved from being an Individual Contributor (IC) to a Tech Lead Manager (TLM) - a hybrid role that combines the responsibilities of a manager with those of a senior engineer. When I was offered the role, I reached out to a few friends at companies that had TLMs. Their advice was nearly unanimous: “It’s a trap.” Clearly, that gave me pause. But also - of course it’s a trap. It’s all the responsibility of a manager and of an individual contributor. ...

This morning I spoke at MacDevOps:YVR on the topic of Staff Engineering. Than you to everyone who came, and a huge thank you to Mat, JD, and the rest of the MDO team for putting on such an amazing conference. Here are the slides and the resources I shared during the talk. Mac Admins Open Source Movember Influencing without authority

This afternoon I had the pleasure of presenting at MacAD.UK in Brighton on the topic of Zero Trust for Mac admins. Here are the slides and the resources I shared during the talk. Thank you if you came to see me speak, and a big thank you to the organizers for putting on such a great event. London Apple Admins Mac Admins Open Source MachineInfo Osquery Mac Admins Osquery Extension Managed Device Attestation Shared Signals Framework

This week, Mac Admins Open Source released a new tool called SOFA. SOFA is a machine readable feed of macOS and iOS update data - including CVEs. Of course, my mind immediately jumped to “this would be a great osquery table”, so the macadmins osquery extension was updated this week to include tables for both the security release information for macOS (sofa_security_release_info) and unpatched CVEs (sofa_unpatched_cves). In this post, I’ll show you how to use the new sofa_unpatched_cves table to investigate unpatched CVEs on your macOS fleet. ...

This week, I travelled to beautiful Gothenburg to speak at MacSysAdmin. Thank you to Patrik and the rest of the team for being such great hosts, and to all my friends, new and old, who made it such a fantastic week. My slides are available, and the video has been published on the MacSysAdmin site.

This morning I saw a major MDM vendor advertising an upcoming feature that will write scripts to manage your macOS devices for you using generative AI - sounds like the end of our profession, right? Let’s look at an example of a common IT task - keeping Chrome on macOS up to date. I asked ChatGPT to “Write me a script to keep Google Chrome updated on macOS”. It returned the following: ...

Last week, I gave my first conference talk in over three years - and it was about what took up most of my 2022 - deploying phishing resistant MFA. Thank you to the organizers of MacAD.UK, the other speakers and all of the attendees for making it a great event. My slides are available, and the video is on Youtube.

macOS 13 Ventura introduced Managed Login Items - a way to keep users informed about what LaunchAgents and LaunchDeamons are running on their devices and easily disable unwanted ones. We also eventually got a way manage these items on via MDM. However, the notification users get when we either update the LaunchAgent or LaunchDaemon plist itself, or when we replace the binary the Login Item loads is next to useless. ...

This time of year can be particularly stressful thanks to two words: performance reviews. It’s not that we’ve not done great work, it’s often that we either struggle with articulating the work we’ve done, and sometimes it’s just about remembering it all! If you get asked to do peer reviews, well - you get several times the fun, because you need to remember what work your colleagues did over the year as well as your own. ...

A few months back an email popped into my inbox from Patrik Jerneheim asking me if I would like to record a talk for this year’s MacSysAdmin - it took me all of three seconds to reply with “of course!”. I’ve been wanting to give this talk for a long time, and it’s really the product of several years working in close partnership with our security teams. The video can be found at the MacSysAdmin site.