Announcer (00:01)
Today’s guest on What’s in the SOOS? is Katherine Druckman, Open Source Evangelist at Intel. Katherine will be a featured speaker at SOSS Fusion/24 in Atlanta, October 22nd and 23rd. SOSS Fusion is a collaborative and forward-thinking initiative dedicated to securing open source software. The event will bring together a diverse community of professionals from the public sector, software developers, security engineers to cybersecurity experts, CISOs, CIOs, founders and tech pioneers. To learn more, to register and to see the full schedule visit openssf.org.
Katherin Druckman soundbite (00:36)
We solve technical problems with technical solutions, but there are also so many human problems with so many human solutions. And I think step one to effective engagement with open source maintainers is taking notes, find out what they really, really need and then try to connect the dots.
CRob (00:54)
Hello, everybody. Welcome to What’s in the SOSS? I’m CRob. I do security stuff on the internet and I do a lot of work with the Open Source Security Foundation. I work on the Technical Advisory Committee, the governing board and a bunch of the technical groups. And one of the great things I get to do is co-host What’s in the SOSS? — our podcast about learning more about interesting topics and people within the open source ecosystem. And today we have a real treat. We have my friend from work, real work, not fun upstream work Katherine Druckman from Intel. How are you doing today, Katherine?
Katherine Druckman (01:29)
I am doing well, thank you. I appreciate you having me. This is gonna be fun.
CRob (01:34)
It’s gonna be great. So for our listeners who may not get the opportunity to work with you all the time, could you maybe give us your open source origin story?
Katherine Druckman (01:42)
Oh yeah, sure. Wow, that’s a long time ago. (Laughter) Yeah, so this is funny. I like to talk about that I have a non-traditional background. Actually, I went to my, I have an art degree and then my graduate studies were in decorative arts history. It makes total sense why I would end up here, right? So at some point in there, I was doing some — let’s call them art things and art and antiques and decorative things — and I decided I needed a website for these things.
And I had a lot of nerd friends who were very involved in some tech startup at the time. And this was in, gosh, I don’t know, around 2002 to 2004 maybe. And I was always kind of a nerd, to be honest. Like I had dabbled in a little Linux before that. So I asked one of my nerd friends and I said, hey I heard there’s such a thing as an open source content management system. What’s that and can you recommend one? (Laughter) And he said, oh, here’s a few. I tried a few. I settled on Drupal to build a website. And then I started building other websites and then I started learning more and more. And anyway, long story short, I ended up at Linux Journal because I learned the Drupal. So that’s the short-ish version of my origin story. And then I had a lot of adventures along the way and somehow all of them led me here.
CRob (03:03)
I’m going to have to do a session sometime because there are a lot of us that come from non-traditional backgrounds that work and live in here in high tech. So that’s interesting to hear. So let’s talk about kind of what you do with the Open Source Security Foundation. And this is really introduced me to a very interesting concept. So for our audience, could you maybe explain what DevRel is and why it’s important?
Katherine Druckman (03:30)
Sure, yeah, yeah, yeah. So I co-chair the Marketing Advisory Council, is I believe what we’re calling it today. Apologies if I got that wrong. And as part of that, we created an initiative and created a DevRel community to do developer relations on behalf of the OpenSSF. And what that means, developer relations type work has a lot of names, right? Some people call it developer advocacy, evangelism and it really kind of depends on the organization where you’re doing it.
For the OpenSSF specifically, really we’re there to raise awareness where hopefully the mission is to connect developers and users and consumers of open source software and then in particular maintainers of open source software to all of the wonderful tools that brilliant people like you and all of our buddies are working on at the OpenSSF. So I got involved because, frankly, I was really into the mission of the OpenSSF even before I was at Intel.
When I heard about the formation of the OpenSSF, I was kind of following it because one of the things I do in my small amounts of free time is I occasionally co-host, and at the time I was co-hosting Floss Weekly, another podcast. And when we’re looking for news stories in the open source space, I came up with, oh look at this! There’s this new foundation. They’re doing work. It was always a source of insecurity slash curiosity for me. I never felt, when I was a software engineer, like I was fully prepared from a security perspective. So it was something that I pursued. So that’s where I jumped in.
But going back to the original question, which is, what is DevRel? The funny thing is if you asked 20 different DevRel-type people, they would probably all give you a slightly different answer. Because at the end of the day, you really kind of need to connect the goals with the specific organization with the work that you do. Because it can vary. Generally speaking, it’s whatever serves the needs of your organization. And it can be education. It can be being a catalyst between end users and a product. You might work with product teams, but you might be more educational and community focused like I am. The meaning varies depending on the organization. Yeah, and it’s just, it’s not an obvious answer, I don’t think.
CRob (05:49)
That makes sense. As you know, it’s very hard to quantify what the open source is. There’s so many different permutations, so I get that. Thinking about the role of DevRel and maybe in particular with the OpenSSF, from your perspective, what have you seen that works with trying to help get engaged with maintainers and then keeping them engaged?
Katherine Druckman (06:11)
I guess I’ve seen a lot (Laughter). So back to the thing about, you know, it varies, right? I think ultimately, developer advocates and developer relations people are there to identify with and advocate for the needs of developers, because we are them. Most people that are in the DevRel space were developers, were software engineers. And we’re kind of, we’re drawing on that on our personal experiences. And I think what works, if you want to engage, especially with open source maintainers, developers and maintainers just want to get things done. We’re ultimately, we’re makers, right? We’re makers and we’re creators. And I think we all crave resources to help with that.
Sometimes it’s education, sometimes it’s tools. Sometimes it’s just, being heard, I think. So something that’s resonated for me: I’ve started having some conversations recently about maintainer burnout that have gone unexpectedly well. And I did this, I think, for a lot of reasons, right? I like to talk to smart people about anything and everything. So any excuse to talk to a lot of really interesting open source maintainers, I’m all over. But this was a topic, I think, on my mind and on the minds of a lot of people on my team.
So I started talking to more and more people. And I think these conversations have resonated even more than I expected. And I, my suspicion is just because people feel heard and understood and listened to. And it’s, so, you know, I think if, if you want to engage with software maintainers, step one is listening to them. You know, forming those human connections, you know, I think, you know, we get bogged down in the world of software and it’s a very, we, we solve technical problems with technical solutions, but there are also so many human problems with very human solutions. And I think step one to effective engagement with open source maintainers is listening. Listening, taking notes, find out what they really, really need, and then try to connect the dots.
CRob (08:12)
Well, I’m going to put my listening ears on right now. From your perspective, how do you think DevRel can help get security practices and tooling better integrated into maintainer daily workflows?
Katherine Druckman (08:23)
Yeah, that’s such a good question and a complicated one to answer, but I’m going to give it a shot. I think it goes back to listening, right? I keep saying that, but I think with things like connecting tooling, it’s figuring out all the spots along the development lifecycle where maintainers and developers are stuck, right? Where in the process are things most difficult and where do they need the tools to unblock them along the process? I think so that’s part of it. Connecting people to the things that really, really help.
Tools that smooth processes and resources really of any kind, frankly that let them kind of unplug and sleep well at night, you know (Laughter). I also feel like I would caution people to not try and focus too much on ticking boxes that don’t necessarily help the developers and maintainers. I think when you’re on one side or other of a conversation, sometimes if you’re, let’s say, a tool creator, you kind of get in the mindset of ticking the boxes that you think that people need to solve. But it’s really important to make sure that you’re pursuing the right things that really do have a direct impact on just making developers and maintainers’ lives easier.
CRob (09:38)
Let’s move on to our rapid-fire section of the interview. (Sound effect “Rapid fire!”). I’ve got a couple questions for you. Are you ready?
Katherine Druckman (09:46)
Oh, I, sure.
CRob (09:48)
Do you like spicy or mild food?
Katherine Druckman (09:51)
Oh, I like spicy, but my stomach prefers mild.
CRob (09:54)
(Laughter) Fair. What’s your favorite cocktail?
Katherine Druckman (0958)
Oh, gosh, lately a Paloma.
CRob (10:01)
Vi or Emacs?
Katherine Druckman (10:02)
Vi.
CRob (10:04)
Oh, thank you. Yay. There are no wrong answers, but Vi is always right. Being that you’re a fellow podcaster, what’s your favorite type of microphone?
Katherine Druckman (10:14)
Ahhh, ohhh. That’s a…I like Shure. I have a couple really good Shure mics.
CRob (10:19)
I love it too. So last question, rapid-fire, tabs or spaces?
Katherine Druckman (10:24)
Oh, God. Spaces. But I’m probably gonna get…
CRob (10:28)
(Laughter) This is very controversial.
Katherine Druckman (10:29)
I know. I’m probably gonna get yelled at for that, but I know I’m supposed to…I feel like I’m supposed to say tabs, but if I’m being honest, I’m probably gonna say spaces.
CRob (10:39)
That’s fair. Again there are no wrong answers. It all goes up to personal style and especially working with developers. No two developers do their work the exact same way.
Katherine Druckman (10:48)
Fair.
CRob (10:49)
Thank you for those amazing insights. So as we wind down here and close out, what advice do you have for somebody that’s interested in starting a career, whether it’s as an open source developer or getting into like cybersecurity or anything? What advice do you have to the new next generation?
Katherine Druckman (11:05)
Sure, yeah. Well, as I mentioned when we first started, I have a very non-traditional path, right? And I would say don’t be afraid of that. Learn all the things because you would be surprised at what sort of obscure piece of knowledge you might dig up from all of your experiences that might help you. Something from another field. I really like kind of interdisciplinary thinking. The example I use a lot, probably too much, is ergonomics and design, German kitchens of the 1930s. Yeah, it’s a whole thing. That’s what happens when you go to grad school for design history. But it’s a thing.
And every now and then, I think back to it. And I think about just the effectiveness and the simplicity and the amount of attention to detail that people put into the evolution of the modern kitchen. And it comes out in unexpected ways. And that’s, you know, it’s kind of a random and possibly silly example, we are a whole people and we draw from our, from all of our experiences. So I would just recommend learn all the things. Nothing is, nothing is not relevant.
CRob (12:11)
Awesome advice and I really like the idea of kind of connecting your background to your passions. As our final question, what call to action do you have for our listeners? Is there anything you want to inspire them to go do?
Katherine Druckman (12:23)
Yeah, come join our OpenSSF DevRel community. That’s the biggest one. Yeah, we have office hours, we have meetings, this is open to anyone. We would love to see more developers and maintainers help get this thing off the ground. Have a really effective meeting of the security folks and the developers because I feel like sometimes we’re seen as almost like opposite sides, which doesn’t make sense to me because to me, I don’t think of it that way. I never have.
I’ve always been a developer who wanted to do the right thing from a security perspective. So I feel like we should all just be like me. (Laughter) But seriously, come to our meetings, come join us. You might have some fun. We’re solving important problems. And yeah, I look forward to seeing everyone. The other last piece of advice I would have is I just got a refrigerator that has a freezer that makes craft ice and it makes these balls, because we’re talking about cocktails, it makes spherical ice. So yeah, that’s my other piece of advice. Get your hands on one of those because it’s really cool. The cocktail question reminded me and I feel like I needed to mention that.
CRob (13:29)
(Sound effect: “That’s saucy!”) That’s awesome. Thank you so much, Katherine. I really appreciate our conversation and everything you do to help get developers engaged and help get them empowered to continue the amazing work they do. So thanks for joining us on What’s in the SOSS? And we look forward to seeing you next time. Thank you.
Announcer (13:48)
Thank you for listening to this episode of What’s In the SOSS? an OpenSSF Podcast. As a reminder, Katherine Druckman will be a featured speaker at SOSS Fusion/24 in Atlanta, October 22nd and 23rd. To learn more, to register and to see the full schedule, visit open ssf dot org. And to subscribe to our series of conversations on Spotify, Apple Podcasts, Overcast, Pocketcasts or wherever you get your podcasts. We’ll talk to you next time on What’s in the SOSS?