Highlights From The PH Software Industry’s Biggest Conference of 2020
Despite the global pandemic, the Philippine software industry stands strong and resilient. The Philippine Software Industry Association or PSIA, which is the premiere non-stock, non-profit organization of around 160 software and Information Technology service companies in the Philippines, virtually held SOFTCON.ph last December 7–11, 2020. This year’s theme, called “CODETAGION,” served as a venue to spread actionable ideas and practical solutions. SOFTCON.ph is the country’s premier event and biggest conference for the software industry for promoting and celebrating the world-class products and services of the Philippines’ Information Technology industry. It is also the biggest gathering of industry leaders and technical experts in IT and software development. This key event brought the best minds both local and abroad and discussed the progress of the country’s IT industry, key trends observed in the marketplace, opportunities and challenges that industry players face, and the vision of technology as it drives today’s businesses. PSIA’s membership is a dynamic ecosystem of players from small and medium scale enterprises to multinational software giants. Founded to be the bridge between the software industry and the government, PSIA partners with government institutions to provide capability development services and trainings to member and non-member entities in the industry.
This online conference was attended by individuals such as software business leaders, software engineers, start-up founders, start-up community stakeholders, local and national government officials, support sector service providers, C-level executives, and IT professionals.
It was my first time to attend this kind of conference that is really targeted to professionals in the field of IT and software development and the software industry, in general, that’s why I was more than grateful and thankful for the amazing opportunity. This was also the second time I participated in a virtual conference in the midst of the pandemic.
Honestly speaking, there were way too many things to unpack from this jampacked five-day virtual conference that spanned across different sectors in the IT industry, but I will try my best to mention the stuffs that are worth the highlight.
So these are my takeaways (Warning: It’s a bit long post [~15 minutes read]):
Green IT: Responsible Software in a time of Climate Change
In reality, software is harmless; it doesn’t consume energy or emits some kind of harmful discharge. But the problem lies in the way it is developed for use and then the way it is used. [Sanjay Podder & Adam Burden (Accenture)]
With that, I realized that I need to be responsible as well with regards to my digital habits (purchase, usage, maintenance) as it impacts the environment.
- Implement an eco-friendly Information Technology by developing responsible software in the time of climate change. This will help reduce the carbon footprint of IT, cloud computing, and software while also unleashing its full potential.
- As a developer, I should always think about performance and bandwidth consumption by making my apps load fast.
- Don’t do spaghetti code, and have an efficient and optimum way of coding and designing.
- Avoid redundant data, optimize queries in your database, and implement a better Entity Relationship Diagram.
- As much as possible, either use lesser loops or nested codes, or avoid them. Follow coding standards to achieve good and optimal performance of your software.
- I should be a responsible software developer and always look at the performance of my code.
- Do lesser meetings, video calls, and paperwork in coming up with the software.
- Moving into the cloud (as it’s cheaper) instead of on-premise and using serverless is encouraged.
- Not all cloud services are created equal, so I should also consider where the cloud services provider gets their energy to power up their ecosystem. Cheapest cloud services also may not always and necessarily be the greenest option.
- Whenever I decide on making changes in my organization’s IT infrastructure, I should always find a spot where it makes business sense. I need to make sure that technology brings value to our business and is also in line with our business goal.
- It’s not easy to go green, but it can be done.
From the trenches: Effectively Scaling Your Cloud Infrastructure and Optimizing Your Code for Speed
If possible, use database replicas for read operations, and a separate database for inserting, updating, and deleting operations.
Evolution of State Management in Applications
Businesses and startups want and choose the right and best tools for their projects.
The New Developer Agenda and Why We Need to Master It
- Don’t just write code. Solve the right problems.
- It’s never been a better time to be a developer.
- The culture of innovation is the synergy between these four dimensions: Technology, Processes, Data, and People, which allows organizations to drive sustained innovation.
Badass Engineer: Beyond “developer”
- ‘Badassness’ is measured by our peers, not us, not even our boss.
- We should be honest with ourselves.
- Not everyone needs to be the world’s best or ‘badass’ engineers.
- But we should know where we are and what it takes to go to the next level.
Refactoring for the Lost and Confused: How to start paying down technical debt
“There are two ways of constructing a software design. The first is to make it so simple that there are obviously no deficiencies. The other way is to make it so complex that there are no obvious deficiencies. The first method is far more difficult.” — C.A.R. Hoare
Can Businesses Adapt and Capitalize from the New Norm
- Digital transformation is impacting all industries and is now a business imperative, not a luxury.
- Digital transformation is rethinking business through the adoption of ever-evolving technology solutions to address key business challenges and maximize stakeholder value.
- Agile development and delivery is the “new way of working” in the digital world.
- Agile operating structures foster a cross-functional and collaborative culture.
- A new mindset, requiring proactive shepherding of behaviors and skills, is fundamental to accelerate the Digital First initiative
- Development based on signed off user requirements will not work; agile development (Scrum methodology) is the only way to handle unpredictable and changing end-user needs
- The capacity to adapt, innovate, and reinvent is mandatory to survive and grow.
- We are at an inflection point; leverage the inflection point. Don’t waste a crisis, reinvent the business.
- All successful companies in the recent past were driven by business model disruption — fundamentally enabled by technology/IT
- Disruptive models never come from redesign; as current management rarely revamps a business
- Customer-centric thinking is far more important than the understanding of technology — future end-users should drive solutions and prototypes
- End-users will change their mind as they see interim solutions; Agile/Scrum methodology is to be followed in the development
- Rethink the structure and management team of software companies
Leveraging the Cloud for Digital Banking Transformations
- The DIGITAL in digital transformation refers not to applications per se, but more to the pace of change of technology and how we access and consume financial services because of it
- It’s more than just about digitizing existing channels and services.
2020 Cyber Threat Trends
We are continuously challenged by platforms used for communication, the devices that we use, and the networks where data is transmitted.
5 trends of the cyber threat landscape:
- COVID-19 accelerates the need for adaptive security
- New, sophisticated Tactics, techniques, and procedures (TTPs) target business continuity
- Masked or noisy cyberattacks complicate detection
- Ransomware feeds new profitable, scalable business models
- ‘Connectedness’ has consequences
Security operations centers find they need to tap into tactical, operational, and strategic threat intelligence to identify trends and technologies that threaten business continuity
- Think “anytime, anywhere”
- Be transparent
- Inspire calm and confidence
- Where possible, simplify
- Build for resilience
Fintech Trends: Open Innovation and Open Platforms
Open innovation is the practice of businesses and organizations sourcing ideas from external sources as well as internal ones
Closed VS Open Innovation
In closed innovation, ideas come only from within the company, much of the ideas get filtered out because chosen only are relevant to the core competencies of the company
While in open innovation, ideas come from in and out of the company, is faster, and can monetize more ideas
Open Innovation models:
- challenges
- Hackathons (create a prototype within x number of hours)
- co-creation labs
- Startup-corporate partnerships
- Startup incubator/accelerator
- Startup acquisition
- Internpreneurship (leveraging interns)
Open Platform is a software system based on open standards, such as published and fully documented external Application Programming Interfaces (API).
A platform is a business based on enabling value-creating interactions between external producers and consumers (e.g. Shopee, Grab, Uber, Airbnb)
Platform ecosystem players:
- Platform(s) are providers (the entity that interfaces for the platform)
- The Owner is the controller of platform IP; the one who decides who can participate and how
- Producers are the creators of the platform’s offerings
- Consumers are the buyers/users of the offerings
Fintech (financial technology) is a new technology that seeks to innovate the delivery and use of financial services.
Fintech trends
- Digital-only banks: continuous reduction of branches, challenger banks re-bundling of products, challenger banks consolidation
- Cloud and data economy: data is the new oil
- Cloud is no longer a matter of differentiation but of survival
- Cybersecurity: sophistication behind simplicity, stability, scalability, digital identity, fraud detection
- Open banking and open finance: API-based economy, banking-as-a-Service
- Payment innovations: instant payments, frictionless, QR, face, biometrics, proprietary to open network, slow/complex to fast/simple, experience-rich
- Artificial Intelligence as an enabler: AI as an enabler, hyper-personalization, big data, conversational, augmented, mixed reality, machine learning, deep learning (almost everything)
- Platforms: from competition to collaboration (product>solution>platform)
- Regulatory technology and supervisory technology: regulatory re-think (government-focused), regulatory technology, supervisory technology
- Blockchain: blockchain, crypto/digital currencies, smart contracts, decentralized autonomous organizations
- Big tech: feel the power of Facebook, Alipay, WeChat, Alibaba, Amazon, and Google
- Embedded finance: not even feeling the boundaries
- Open innovation and open platforms are key enablers of major financial technology trends
- Bank 4.0 is about embedded banking and will be more evident in the coming years
- AI and blockchain solutions will bring more disruption inthe financial industry
- Big tech companies will play a bigger role in the future of finance
- Platform model and Open APIs will be crucial for businesses to collaborate to innovate and to survive.
- The future of finance is open
The Lost Art of Input Validation
Myth: A framework prevents common web attacks
Truth: It only helps, not totally prevent
- Owning and using a hacking tool is punishable by law unless you are licensed to do so
- Hacking vulnerability depends on the programmer, not on the programming language used
- 70% of vulnerabilities can be solved by input validation
List of best practices when validating inputs:
- syntactic (context) and semantic (form)
- Whitelisting (allow, a better option) VS blacklisting (block)
- canonicalization (put everything in the simplest form, separate database of UTF-16 and ASCII)
- regular expressions (RegEx)
- client-side VS server-side validation
- encoding (ASCII or UTF-8) (canonicalization)
- file upload validation (upload verification, upload storage, public serving of uploaded content, beware of “special files”)
Design Sprints are Taking Over the World
Design Thinking VS Design Sprint
- Design Thinking is the source of the design sprint, while Design Sprint is the application of design thinking
- Design Thinking is the ingredients, Design Sprint is the recipe
- Design Sprint is not an Agile Sprint, although they have some similarities.
Design thinking is a structured way of solving any type of problem for your organization, your customers, or even yourself. It provides an opportunity to be creative, positive, and innovative and to take ownership of not just problems, but also solutions.
Design thinking seeks to shortcut the process to avoid building the wrong thing and to also be tightly knit with the customer. Designers can’t do it without the person they’re designing the product for, regardless if it’s an internal or external customer.
- Understand (empathy, define the problem)
- Create (ideate, creation ends in ideas)
- Deliver (prototype and test, delivery ends in reality)
- The designer will never have a perfect idea the first time, it’s all about iterating the design
- It’s normal to feel uncertain
- ‘Vuja de’ the problem as if it never happened before or that we have no idea about it
- Explored the problem with fresh eyes, with a child’s eyes, with a beginner’s mind.
“Hey guys, let’s ‘vuja de’ the customer experience!”
- Reframing the problem and narrow it down
- Separate the problem from the solution
5 Rules for better brainstorming
- Defer judging
- There are no bad ideas
- Quantity over quality
- Ignore hierarchy
- Bring a brick, not a house
“The best way to have a good idea is to have lots of ideas.” — Dr. Linus Pauling
ISO 9241–10, also called the standard for user-centered design
- The design is based upon an explicit understanding of users, tasks, and environments
- Users are involved throughout design and development
- The design is driven and refined by user-centered evaluation
- The process is iterative
- The design addresses the whole user experience
- The design team includes multidisciplinary skills and perspectives
Designers need 3 things:
- Two different parts of the brain: divergent (creative, crazy, open-minded) and convergent (analytical, logical, judging)
- A problem to solve
- A safe space for unleashing your latent creativity
How might we is about positively framing a specific problem or an opportunity
- ‘How’ is recognizing that solutions exist (solvable)
- ‘Might’ is exploring possibilities, some of which may not work (freedom to have the wrong idea)
- ‘We’ means doing it together by collaborating
- So it’s important to have a good framing of the problem (frame it right)
- It’s about positively framing a specific problem or an opportunity
“All children are artists, the problem is how to remain an artist once he grows up.” — Pablo Picasso
Creative confidence:
- Whether we believe it or not, we are creative!
- It’s not just about aesthetics, it’s about showing the work early on
- A design sprint is a four-day process for rapidly solving big challenges, creating new products, or improving existing ones. It compresses potentially months of work into a few days.
- A prototype is not necessarily the whole complete thing, but something enough that the users can test out, see if it’s the right thing or not, see what direction we are going
- A Design Sprint should ideally have six people. The key people involved should depend on the problem area.
Continuous Testing as a Digital Transformation Accelerator
“Every business will become a software business, build applications, use advanced analytics and provide SAAS services.” — Satya Nadella, Microsoft CEO
The 3 types of businesses in this world:
- Fully digital
- Starting to be digital
- Slowly dying
Concerns of digital transformation:
- Innovation
- Time to market
Why does testing impede innovation?
- Complexity — a transaction spans a wide array of technologies
- Late defect discovery — late defect discovery derails development schedules
- Process cadence mismatch — traditional testing cannot keep pace with modern development methods
- Continuous testing is critical to ensure everything works based on tests provided and allows defects to be identified early on (test early, test often, test faster — automate)
- Continuous testing is not test automation, but you can’t do continuous testing without test automation
- Shift testing to the left by testing early
Benefits of testing early:
- Gives more time for exploratory testing
- Expands scope of testing
- Uncover more defects
- Reduces testing bottleneck
Key points:
- Every business will turn into a digital business. It is only a matter of time
- Constant innovation is important in digital transformation yet testing is often a bottleneck to delivering innovation
- Continuous testing reduces the testing bottleneck allowing innovation to be deployed much faster
- Continuous testing should be applied with CI/CD and DevOps, although it can be applied regardless of methodology (eg. waterfall)
- Before implementing continuous testing, consider if it will actually save time and bring value and ROI to the business.
- Test automation has to be approached in the right manner, it’s not all heaven. Have a clear strategy, a way to efficiently implement it.
The Kubernetes Trifecta
Kubernetes (commonly known as K8s) is an open-source container orchestration system for automating computer application deployment, scaling, and management. It aims to provide a ‘platform for automating deployment, scaling, and operations of application containers across clusters of hosts’.
Container services like Docker provide tools for building and publishing container images, but it doesn’t handle replacing failed containers or service discovery or other management tasks. This is where Kubernetes comes in. Kubernetes serves as the orchestrator or ‘pilot’ that manages our containers.
- Cloud computing converts resources like computer hardware into services that you use on-demand, much like power or water.
- Serverless is the ‘next level’ of computing
- Focus on writing code, not running infrastructure.
In a ‘serverless’ deployment, the servers are still there, but they are somebody else’s problem.
Its major benefits are:
- zero infrastructure (you write code, and it is executed any time an event triggers your function)
- perfect scaling (no servers idling needlessly when your code isn’t running, you are billed only when your code is executed)
- massive scalability (infrastructure is somebody else’s problem)
Machine Learning Engineering Done Right
Problems solved by machine learning:
- Anomaly detection (SageMaker Random Cut Forest algorithm)
- Product recommendation (Amazon Personalize)
- Forecasting (SageMaker DeepAR algorithm)
- Image and video analysis (Amazon Rekognition)
- Document classification (SageMaker BlazingText algorithm)
- Language translation (Amazon Translate)
- Speech-to-text conversion (Amazon Transcribe)
- Text-to-speech conversion (Amazon Polly)
And so on…
important things to consider:
- Try using a canned solution first and then optimize later on when you have already computed for the cost and you are fairly sure that your idea is going to work
- Assess the tools first before jumping to a custom solution
- Know the limitations of an existing solution
- Critical thinking is a very essential skill, being able to understand the problem from top to underneath with patience
Chunks of machine learning in simple form:
- Data collection
- Data preparation and cleaning
- Data visualization and analysis
- Feature engineering
- Model training and parameter tuning
- Model evaluation
- Model deployment
- Right now, being able to learn something really fast is a critical skill
- If you are an engineer who is not good at math, ask for help
- Excellence in machine learning engineering gives businesses and professionals an edge
- Try to iterate when learning (a bit of different pieces of stuff then experiment and build)
- Know when to understand things in a deep-dive manner
- You have to be a developer first to become a Machine Learning engineer
Tapping Hackers for Continuous and Effective Cybersecurity
Problems in cybersecurity
- shortage of cybersecurity professionals
- vulnerabilities and cyber attacks (due to digital transformation)
- Most companies set up security measures then assume that they are already secure
- Companies don’t search for security vulnerabilities proactively and continuously
- The average time to identify a breach in 2019 was 206 days! (here in PH)
3. communication channel
4. compliance with the Data Privacy Act of 2012
The National Privacy Commission (NPC) requires organizations to regularly conduct testing, assessing, and evaluating the effectiveness of security measures and must have the appropriate level of security.
5. budget for cybersecurity
- Cyberattack is now as worse as natural calamities
- There is just one way to do cybersecurity: TOGETHER
- “Sometimes, you have to demo a threat to spark a solution.” — Barnaby Jack
Solutions:
- Vulnerability assessment and penetration testing service (outsourced)
- Hacker-powered cybersecurity program (crowdsourced)
- Hackers are not cybercriminals
- Hacker is someone who enjoys the intellectual challenge of creatively overcoming and circumventing limitations
Strengthening your Startup’s Security
- security training and awareness
- security requirements
- secure by design
- secure implementation and coding
- penetration testing
- VDP or BBP
- incident response plan
Some pieces of stuff to take note of:
- Learning Python will help you a lot in diving into cybersecurity
- Also, learn Bash because you will be dealing with terminals or Command-Line Interfaces and operating systems
Moving your ML Models Into Production
- Machine learning is part of the bigger umbrella of AI, a way for you to create machines that will be able to comprehend ideas and perform predictions
- Machine Learning talents are still a bit scarce around the world, so there are many opportunities to explore. Take up free online courses!
Managing Layered Infrastructure-as-Code with Terraform and Azure Pipelines
- Developers are the lifeblood and the drivers of innovation today
- Developers turn ideas into software that supports customer needs and business goals
- Developer velocity is providing tools and technologies to improve the way developers deliver their work, so they can write the best software that they can.
The 3 parts of developer velocity:
- Collaborate globally and securely
- Build productively
- Scale innovation
- “DevOps is the union of people, processes, and technology to enable continuous delivery of value to your end-users.” — Microsoft
- DevOps brings together people, processes, and technology, automating software delivery to provide continuous value to users. Using Azure DevOps, organizations can deliver software faster and more reliably — no matter how big the IT department is or what tools are used.
Between a Rock and a Better Place — in the middle of the journey from Monoliths to Microservices
- Monoliths are not bad, it’s how they are designed
- Developers need a good reason to do things differently to justify and convince management. Give a good reason (kind of a promise)
It’s not that simple:
- the organization must have a clear understanding of the impact of technical debt
- the impact of technical debt should be quantifiable so that improvement is seen as an investment
- reducing technical debt must have clear business value
- It’s about reducing technical debt to drive up business value
- Decouple from monoliths by leveraging different patterns of distributed systems design
- Leverage distributed design to improve user experiences
- Asynchronous operations and event-driven designs are key to inter-service communications
- Organize around business capability models
- Each microservice must have its own datastore to be effective
The Designer’s Voice: Making Yourself Heard as a Designer
What designers do:
- Solving problems
- Implementing design
- Leading others in the right direction
- Learning from each iteration
The reality of a designer’s job:
50% designing
50% aligning
- Get out of our bubble (comfort zone):
- Show early work (to prevent delivering things of no use, low-fidelity over high-fidelity wireframe)
2. Proactively ask for clear feedback:
- Find insights even in harsh criticisms
- Focus on the what, not the who (focus on content, not the person)
- Be culturally aware (it will save a lot of headaches and misunderstandings)
3. Communicate deliberately:
- Our work does not speak for itself
- The goal: communication
- The channel (medium), the message, the audience
- Be explicit and transparent
- Communication > deliverables
4. Encourage healthy conflicts (let’s agree to disagree):
- Negative conflicts are dysfunctional
- Healthy conflicts keep us aligned when we try to understand each other
- Make the work visible. When you involve others in the process, everyone becomes part of the decision
PSIA President’s Community Report
These are the top 5 programming languages that software companies in the PH are currently hiring for:
- Java
- Javascript
- SQL
- PHP
- Python
Lastly, these are the support that the IT industry can get from the PH government:
- Improved connectivity infrastructure
- Government digitalization
- Trade liberalization
- Policy alignment with international laws
To sum it up, despite the many adjustments and challenges that the IT industry in our country and in the world faced during this pandemic, it also paved the way for addressing problems through disruptive and innovative solutions, and IT professionals now play a significant role that will continue to impact and shape our future both in the local and global landscape.