Scio Interviews: Cybersecurity expert warns where the real risks lie in the software businesses

Scio Interviews: Cybersecurity expert warns where the real risks lie in the software businesses

Curated by: Sergio A. Martínez

What is cybersecurity about? With the advent of digital networks, businesses and individuals have become increasingly reliant on the Internet infrastructure to communicate and store all kinds of important information, making it easier and more convenient than ever to stay “connected” to the world. However, this increased dependence has also made us more vulnerable to a specific risk that has become a major concern for businesses and government agencies alike: cyberattacks, which necessitates effective measures to counter them. But what exactly is cybersecurity? And what is its role in protecting our digital data and infrastructure?


First, let’s talk about definitions. In its simplest form, cybersecurity is protecting electronic information from unauthorized access or theft in a specific environment, consisting of every component of a digital network: hardware, storage, ROM, RAM, Firmware, Input/Output devices, connections, etc. Everything that can take place in these points is the concern of cybersecurity, where implementing measures of control and defense are of critical importance for any organization relying on these networks, which are most of them.

However, what is the actual difference between the popular image of cybersecurity stemming from pop culture, and the reality of it? What exactly is the goal of real cybersecurity, and what is the approach that this discipline takes to secure and protect an infrastructure that grows in importance every day? And what are the challenges when it comes to protecting information and access on a system that humans have to interact with daily? To answer these questions, we talked to Dennis Hackney, an OT Cybersecurity Practitioner for a wide range of industries, and who has worked in the field for more than 20 years, to get a close overview of cybersecurity and the actual goals and applications of this area of technology, along with some insights that might tell us the direction where cybersecurity is headed towards.

A challenge of size and numbers

AI in 2023 3

We all know that cybersecurity is something to be aware of. Just turn on the news and you’ll see stories about the latest data breach or cyberattack. And it’s not just large businesses that are at risk — individuals are increasingly vulnerable to cyber criminals, as more and more of our lives are happening in online spaces. But what most people don’t realize is that cybersecurity is not just about protecting computers from viruses or keeping passwords safe; it’s taking a proactive approach and working to identify and mitigate vulnerabilities before they can cause damage. 

As Dennis tells us, cybersecurity is a kind of social behavior applied to a digital space. For most people, it’s possible to read a real-life situation more easily to know if there’s a risk involved (for example, learning how to cross a street, or if it is acceptable to accept a gift from a stranger) and act accordingly to that. But in digital environments, whose complexity and invisibility are so much bigger than we can instinctively understand, it’s very easy to miss if a problem is occurring, or if we should be aware of a risk. And depending on the level of computer literacy of the people involved in that situation, it can be challenging to know what to do if a problem arises. “Think of it like going to the doctor for severe pain. You wouldn’t operate on yourself, would you?”, explains Dennis. “If you have certain symptoms and suspect there’s something wrong with you, the best idea is to see a qualified expert  to diagnose the problem. 

And the most effective way to do so is with awareness of the operational technology (OT) involved in any system or network. While information technology (IT) specializes in the communication and data that travels through a network, OT, on the other hand, “is a category of hardware and software that monitors and controls how physical devices perform”. And having a complete view of these devices is critical to secure the networks and their users from unwanted intrusions, so the biggest problem here is numbers, and the scale of the measures necessary that comes with it. Can you know the number of devices interacting with a network in any given organization? Or could you be sure that authenticated users will not bring unwanted connections to this system? And if that happens, how can you be sure that any device connected to the network is being used by a validated person? As this article from CyberArk explains:

The connectedness of OT environments, IT-OT convergence and the proliferation of cyber-physical systems have expanded OT owners’ attack surface. Considering the importance of industrial process continuity, value of trade secrets, and public safety-related impacts of a critical infrastructure (CI) compromise, it comes as no surprise that both organized crime and state-sponsored actors view industrial organizations and CI as lucrative targets for financial gain, espionage, or cyberwarfare operations. Correspondingly, cyber-attacks on this sector have intensified.” 

According to what Dennis tells us, one important aspect of cybersecurity is access and identity control, which results in a “Zero Trust Architecture” (ZTA) where the identities of everyone connecting to a network must be verified thoroughly, with enforced policies that diminish the risk of anonymity among users and devices with access to a system. A holistic view of the network where the administrators can see every single user/device connected is a must. In that sense, frameworks like D3FEND might hold an answer.

Knowledge is essential to estimate operational applicability, identify strengths and weaknesses, and develop enterprise solutions comprising multiple capabilities. To address this recurring need in the near-term, we created D3FEND, a framework in which we encode a countermeasure knowledge base, but more specifically, a knowledge graph. The graph contains semantically rigorous types and relations that define both the key concepts in the cybersecurity countermeasure domain and the relations necessary to link those concepts to each other.

In other words, the single most important element when securing a system is knowledge, and how to manage it to address any risk or invulnerability within a network. What D3FEND offers is a new way of thinking about security, helping organizations to proactively identify and understand potential threats, and then design effective mitigation strategies. This framework is based on the principles of in-depth defense, and it provides a comprehensive approach to security that can be tailored to the needs of any organization.

 “Like ATT&CK, D3FEND is designed to help create a standard vocabulary by defining the specific functions of countermeasures. By doing this, the matrix can help organizations understand countermeasures in detail, which supports both high-level executives comparing the cost vs. risk of a new security tool, and the security architect looking to build or test a strategic toolset”, according to CSO.

Security in an ideal world

AI in 2023

However, while the D3FEND framework can help organizations protect their assets and reduce their risk exposure, it’s not an end-all-be-all for cybersecurity. By adopting tools like the D3FEND framework, organizations can ensure that they are better prepared to defend themselves against the ever-changing threat landscape, but without networks with zero-percent invisibility when it comes to OT, the fight has to continue. An ideal network where every single device is visible and authenticated by an administrator would be the pinnacle of efficiency. No more lost devices or unauthorized access. But is such a thing even possible?

As we keep expanding our technological footprint, cybersecurity is not a means of defense but a proactive approach. Sure, a system or network where every single device can be controlled and taken into account in such a way that no unauthorized user might get in sounds great, but it brings challenges beyond our capabilities. Such a network would be incredibly difficult to manage, especially if it included devices not under the administrator’s control. For these reasons, it is unlikely that a digital network where every single device is visible and authenticated by an administrator would be feasible. 

And that’s without going into the question of whether or not such a network is desirable in the first place. For many people, the appeal of a digital network lies in its ability to provide anonymity and privacy. If every device on a network is subject to authentication and monitoring, then that takes away much of the freedom that users enjoy, a major concern for many people in the age of the Internet. So, while a digital network where every single device is visible and authenticated by an administrator is possible, it might not be something that everyone wants. Hitting the right balance is key here, finding solutions that respect the users, but also gives the degree of control necessary to ensure no intrusions are possible.

What we can guarantee, though, is that waiting until something goes wrong is not an effective strategy. Too often, users adopt a passive attitude towards cybersecurity, assuming that their network is secure as long as they don’t see any evidence of an intrusion, a dangerous way to think about network security, and always there will be new threats emerging, impossible to know when or how they will strike. 

So, the only way to truly protect a network is to be proactive about cybersecurity, stay up-to-date on the latest threats, and take steps to keep ahead of the curve to defend against them. It may seem like extra work at the moment, but it’s the only way to ensure that the information flowing through a network remains safe and secure, helping to thwart threats before they have a chance to do damage. And if they do manage to get in, you’ll be better prepared to deal with the consequences. 

Because one thing is clear: cybersecurity must be constantly evolving to keep up with the ever-changing landscape of the digital world.

The Key Takeaways

  • More than the popular image of “passwords and antivirus”, cybersecurity is about social behavior, knowledge, and proactivity in the face of threats.
  •  A key element of this knowledge is having a complete view of a network, and measures to validate and control who has access to them.
  • The practicality of this is up for debate. So, the answer to cybersecurity concerns is to remain proactive, aware of potential risks, and have a clear plan of action (like a D3FEND framework) in case of risk is critical.
  • As our digital networks grow, keeping ahead of the curve in terms of security will make this proactivity more significant than ever.

Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!

Do you want to be a great software developer? Embrace a Growth Mindset

Do you want to be a great software developer? Embrace a Growth Mindset

Curated by: Sergio A. Martínez

What makes one a great software developer? When you work in a field where there is no “right” way to do things, this can be a pretty important question. Some say that the best developers are those who can find creative solutions to difficult problems, willing to experiment and take risks, always learning from their mistakes. Others say that a great developer has a strong understanding of the latest technologies and trends, enabling them to think outside the box and come up with new and innovative ideas. And yet others say that a good developer is simply one who writes good, stable code with discipline and consistency.


Of course, all of these are very good qualities for a software developer to have, but here at Scio, we think that there’s something else involved, a “secret ingredient” of sorts that every developer can have if they put in the necessary effort and that we encourage as often as we can: a growth mindset.

What is a growth mindset? Simply put, it’s the belief that intelligence and ability can be developed through hard work and practice. It means having the ability to constantly learn new things, adapt to new situations and be open to feedback with a willingness to experiment. It’s never getting too comfortable with your skills because the industry is always changing. We believe that the best developers are always learning, always growing, and always looking for ways to improve.

The research of Stanford University psychologist Carol Dweck has shown that people with a growth mindset are more likely to persevere in the face of setbacks, take on challenging tasks, and embrace failure as an opportunity to learn. With this, you can see why any great developer would know that having a growth mindset is critical for success. Your skills can be developed through hard work, determination, and persistence, and this mindset allows you to approach challenges with a positive attitude and the belief that you can overcome them. It also gives you the chance to learn from your mistakes and view “failure” as an opportunity to evolve. Without a growth mindset, it is easy to become discouraged when faced with difficult problems or to give up when encountering setbacks. Getting yourself into this headspace will leave you better equipped to continue growing as a developer.

Developing a growth mindset

The rise of the industry-specific Cloud: Here’s everything you need to know

As we said, a growth mindset believes that intelligence and talent are skills that can be developed, rather than static traits that you’re born with. The latter is known as a “fixed mindset”, which maintains that ability is static or predetermined, and there’s little you can do to change that. In other words, it’s thinking in terms of “natural talents” instead of “acquired skills” that can dissuade a lot of people from learning and improving an aspect of themselves, leaving them stuck in place. 

The idea of “natural talent” is very powerful. It’s often used to describe someone good at something seemingly without any effort, a sort of “Life’s Lottery Winner” that either you are, or you aren’t. However, this is far from the truth; what we call “talent” is simply the result of hard work, practice, and dedication, so anyone can become good at anything if they are willing to put in the time and effort. The belief that some people are born with inherent abilities, while others are not, is nothing more than a harmful myth, discouraging people from trying new things and pursuing their goals, because they believe that they will never be as good as those with “natural talent”, no matter what. In reality, everyone has the same potential for greatness, but it’s up to each individual to get into this mindset.

But how to shed this worldview and embrace the idea that you can always learn and become better? How can you develop a growth mindset to become the developer you always wanted to be? Well, the most important thing you should know is that having a growth mindset is not always an innate attitude for most people, so it requires effort to get one. We all have a specific aspect of our personality somewhere that we believe impossible to change, that is just “part of who we are”, making us likely to give up in the face of adversity, stick to familiar tasks, and see failure as a reflection of our lack of ability, which is rarely the case. Recognizing the presence of this “fixed mindset” is the first step to start improving.

With that in mind, you should start by practicing self-advocacy. This is the ability to communicate your wants and needs to others, which requires an honest assessment of your strengths and weaknesses. Doing so makes it easier to identify areas of opportunity where you can improve a skill or learn something new. In software development, for example, you need a lot more than just writing good code; you need to communicate with the client and your team effectively, understanding their needs and challenges, and in a Nearshore company like Scio, often in a different language than your native one. All of these skills require time and commitment to master, so to get started…

  1. Make a list of all the skills you use daily, both hard and soft (tools, frameworks, platforms, and programming languages, for example, as well as stuff like planning, communicating with others, giving feedback, etc.)
  2.  Make a note of which ones you feel completely confident about, and which ones require more effort on your part. 
  3. Try to see what’s the difference between these skills: maybe it’s the amount of practice you put into it, or maybe you feel more interested in doing one rather than the other. Maybe you never had the chance to use that skill before.
  4. Apply self-advocacy to find the help you need to bring these skills up. Sign up for a course, ask a more experienced friend, or make the time to improve.

By understanding what you’re good at and what you need to work on, you can set yourself up for success”, says Luis Aburto, CEO and Co-Founder of Scio. “If you’re aware of your weaknesses, you can take steps to improve them. And if you know your strengths, you can use them to your advantage. Which is an essential quality if you want to grow and evolve as a developer. By taking the time to understand what makes you tick, you can set yourself up for success both now and in the future.

However, even after doing all of this, we understand that this growth doesn’t happen instantaneously; it requires a continued effort and the support of everyone in your environment to reach your maximum potential as a developer. This is why choosing to collaborate with an organization that takes growth seriously is just as important as recognizing your need to improve your skill set. After all, what good comes out of knowing your areas of opportunity if you don’t have the chance to act on them?

Growing together

Growth Mindset 6

However, a true growth mindset goes beyond simply believing that you can get better by just expanding your knowledge or your technical toolset. It involves taking the initiative to explore new skills and going through learning experiences outside of your “comfort zone”. In a previous blog, we talked about how actual “comfort zones” are less about getting stuck on a single place, without feeling the need to go beyond it, and more about expanding your areas of expertise, getting comfortable in areas of software development that are just as important as technical knowledge, but demand a very different kind of effort. Soft skills like  communication, negotiation, problem solving, teamwork or strategic thinking that will help you become a well-rounded developer. Going into places you have never gone before is how a person truly grows.

That’s why it’s so important to work with people that help you improve all your skills, or with an organization that provides opportunities for skill development outside of what you thought possible before, commiting to create a strong team capable of taking on any challenge. Companies like Scio, for example, know the value not only in offering workshops, courses, and programs like Sensei-Creati, but also in letting developers “stretch their legs”, so to speak, with assignments and responsibilities that might help them develop a new skill, like letting a Senior take the Lead in a project, or allowing people that not normally interact with the client to have a more “first hand” experience” to practice communication and planning. Actions like these allow taking something you are not “skilled at” and practice it to perfection on a daily basis, even if it’s outside of your normal interests. That’s how we participate in the creation of well-rounded developers capable of joining any team and overcoming any challenge.

So, to get back to our point, a growth mindset is essential for any software developer that wants to be excellent at their craft. With this mindset, you will never stop learning and expanding your skillset, always looking for new challenges to conquer and ways to improve yourself. If you can adopt a growth mindset and let go of preconceived notions about what you are and aren’t good at, you will set yourself up for success as a great software developer. And We will always be in need of those.

The Key Takeaways

  • A good software developer knows that the key to greatness is always improving your skills and learning new things.
  • To achieve this, you need to get into a “growth mindset” where improving is a continuing process that never stops.
  • To get this mindset, myths like “natural talent” or that there are things about yourself that cannot be changed need to be left behind.
  • However, doing this by yourself can be difficult, which is why you, as a developer, should choose to collaborate with a company or organization that sees the value in growing and learning at every step.

Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!

Thinking of software development budgets for 2023? Here are three approaches you should know about.

Thinking of software development budgets for 2023? Here are three approaches you should know about.

Curated by: Sergio A. Martínez

If you’re serious about succeeding with your software development projects in 2023, you need to start budgeting for them now. It’s no use waiting until the last minute and hoping that everything will work out – it rarely does. Not only will you have a clearer idea of what you need to spend, but you’ll also be able to start making savings where possible, which may be an important concern going into the next year.

Thinking-of-software-development-budgets-for-2023 icono

After all, 2023 is shaping up to be a challenging year for the software industry, with several factors coming together to create a perfect storm of sorts. First, the overall economic picture is uncertain, with slowing growth in developed markets and an ongoing trade war making it difficult for companies to plan for the future. In addition, new emerging technologies, like AI and cloud streaming, are threatening to disrupt traditional business models, and the political environment is becoming increasingly challenging to navigate. As a result, 2023 is likely to be a year where companies will need to be agile and adaptable to survive and thrive.

With all that in mind, it’s never too early to start planning for success, and budgeting properly for your development expenses today will be a critical element of that. However, budgeting for your development expenses now can be easier said than done. When it comes to producing software, there are a lot of moving parts, which makes budgeting a bit of a challenge. For one thing, you have to account for the cost of the software itself, as well as the cost of any licenses or subscriptions that may be required, then there’s the cost of hardware, which can vary depending on the needs of the project, and don’t forget about the cost of training and support. Add it all up, and it’s no wonder budgeting a software development project can be so complicated. Of course, there are ways to simplify the process, but at the end of the day, it’s still important to have a clear understanding of all the costs involved. Otherwise, you might find yourself in over your head – and that’s never a good place to be.

Designing a software budget in 2023

Thinking-of-software-development-budgets-for-2023 2

Let’s talk about numbers first. According to this article from The Harvest Blog: “Your project team members won’t have the necessary resources they need if you can’t secure the right funding. And if you don’t have a set plan from the start, you run the risk of joining the 57% of companies who say they don’t typically complete their projects within the established budget.” And with the challenges that 2023 will bring to the industry, reaching these goals will be critical.

So, if you’re serious about achieving your development goals, budgeting is a step that you can’t afford to avoid. By starting to budget for your development expenses now, you’ll be in a much better position to succeed. And you may already have a couple of traditional approaches to doing so, like the “Envelope System”, which involves assigning specific amounts of money to different spending categories (like licensing fees, cloud-based storage, subscriptions of all kinds, etc.), or the “Zero-based budget” that requires you to account for every single penny you spend. Nevertheless, when it comes to software development, these might not be enough. 

The traditional approach to budgeting assumes that all projects can be planned and executed linearly, with predictable costs and results. But software development can be anything but predictable; it’s an iterative process, where changes and improvements are constantly being made based on feedback. This means that software development teams need to be able to adapt their plans on the fly, which can make it difficult to stay within a fixed budget. In addition, the rapid pace of change in the technology industry means that teams often have to scrap their plans and start from scratch if they want to stay ahead of the competition.

Whichever approach you decide to use, the important thing is that you start budgeting for your development expenses now; 2023 is around the corner, and with it comes a new year of projects and innovations to look for. As always, software organizations of all kinds will be looking to stay within their budget while delivering quality products, with some basic tips that can help you to do so:

  • Use an agile development methodology. This will allow you to break the project down into smaller pieces and deliver them incrementally, which can help to control costs.
  • Make use of open-source software. Many high-quality open-source options can save you money on licenses and support fees.
  • Take advantage of cloud computing. Cloud-based solutions can be a cost-effective option for hosting and running your software.

But beyond these common-sense suggestions, the correct approach of an organization to budget for a software development project depends on a variety of unique challenges and goals. So, we’d like to present some budgeting techniques that can ensure that your software project stays on track, making a positive outcome more likely for any software enterprise. For example…

  • Bottom-up estimating: This is a great way to avoid any surprises when it comes time for your team’s final budget. Essentially, it’s about working closely with the team and examining each step of the project to the most minute detail, to ensure that you have all the important information laid out to create an accurate roadmap. This process helps ensure no hurdles come up later down the road, which ultimately saves money by having fewer unexpected costs associated with these “known problems” during development. 

  • Top-down estimating: Top-down estimating is a more efficient way to budget for large projects. By looking at the scope as an entire entity, you can identify which tasks will take up most of your time or resources without having any uncertainty between them. This allows us to estimate costs with greater accuracy than the “bottom-up” technique, allowing an organization to know exactly what work needs to be done first. The key difference between “Top-down” and “Bottom-Up” estimating lies in how much detail goes into each stage: With the top-down method, all elements must be defined upfront. However, some flexibility when deciding upon specific costs should remain.

  • Analogous estimating: A great way to get an idea about how much your project will cost when you don’t have enough data for the upcoming task. This technique only works because it relies on previous projects as references, so keeping its accuracy depends largely upon what information there was available from those jobs. That’s why reports, notes, feedback, and the information collected in project management systems can be so valuable to implement, allowing tracking of internal costs and reviewing past work while informing future scope decisions all at once, making sure every penny counts.

Final words

Thinking-of-software-development-budgets-for-2023 3

It’s no secret that software projects can be costly. All too often, companies find themselves over budget and behind schedule, scrambling to contain the costs of their project. However, with a few strategies like the ones we just mentioned, costs can be kept under control. However, there’s no better strategy to plan your software development budget than managing expectations about the outcomes, clearly communicating the scope of the project and what will be delivered at each stage. 

This will help your organization to avoid scope creep and ensure that everyone is on the same page from the start. By following these simple strategies, companies can ensure that their software projects stay on budget coming 2023.

The Key Takeaways

  • The software industry, alongside the rest of the technology sector, will have a challenging 2023, for a variety of reasons.
  • One of the crucial elements of any company’s success is budgeting projects and operations sensibly, ensuring that an organization can meet all the goals it needs.
  • However, software development can be somewhat finicky when it comes to planning, so traditional approaches to budgeting might not cut it out; rather, a holistic view of the whole process can be the right way to plan any expense.
  • It’s important to keep in mind past approaches in order to understand where the biggest challenges might come when budgeting for the new year.

Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!

Normalization of Deviance: What to do when human nature collides with procedures in the workplace.

Normalization of Deviance: What to do when human nature collides with procedures in the workplace.

Curated by: Sergio A. Martínez

Let’s think of the following example: imagine a brand-new bridge connecting two highways over a river. This highway sees a lot of traffic, including transport trucks that must pass from one side to the other daily, which tend to have a weight, on average, of about 25 tons. Thus, they mark the bridge accordingly: Limit Weight: 25 tons. However, the engineers know that they need a safety margin to ensure that the bridge doesn’t stress and wear out too quickly, so it’s designed to actually support up to 35 tons. It all seems good until one day, ten years later, the bridge collapses; a 40-ton trailer tried to cross it, and a tragedy occurred.


It’s easy to point a finger at the culprit, right? That truck was way too heavy for this bridge, so we need to build sturdier bridges and think of a system that checks if a truck has the appropriate weight before crossing. Maybe even instill punishments and fines for people going over this limit. Easy stuff. Well, if that’s the case, then nothing was learned from this disaster. It will happen again in the future.

This is normalization of deviance. Simply put, it’s when people become so accustomed to seeing certain things done wrong that they no longer register as problems, but instead as the way “things work”. And they do work, until the day they don’t: catastrophic failures like a bridge collapsing are seldom the result of a single, unavoidable act of God, but instead the accumulation of small problems that one day reach a breaking point.  And normalization of deviance is a huge problem in the software development industry. 

However, how exactly does the normalization of deviance work, how does it affect software development, and what could be the steps to mitigate, or outright eliminate, the risks it presents?

Bending the rules (until they break)

Normalization of deviance

Software and civil engineering are not that different, at least when it comes to the complexity and precision needed to build things. After all, engineering of any kind is the art of finding solutions that work under stress: creating stuff that works reliably, no matter who is using it. So, no matter if you work with code or concrete, the process is roughly the same: you need to take into account every single situation that the design demands. And thus, both disciplines also tend to have very similar problems, with the normalization of deviance being one of them.

Let’s go back to our bridge example: what was the actual problem? The truck was way too heavy to safely cross that bridge, for sure. But why was such a truck trying to cross it in the first place? Because simply put, it was a normal thing to happen, and if that sounds like a contradiction, you would be right. After all, the normalization of deviance is a lesson in human nature.

People like to bend the rules. That’s what we do. Intellectually, we know rules are meant to keep things working properly, but rigidity is not our strong suit as a species. In the words of veteran programmer Foone Turing: “We always want to optimize. We want to do things cheaper, quicker, and more at once. And the thing is, most of the time going a little faster, a little hotter, that’s fine. Nothing goes wrong. Engineers always design with a safety margin, as we’ve learned the hard way that if you don’t, stuff goes wrong very fast. So going 110% as fast as the spec says? probably OK.

So, you may see where this is going. In our bridge example, an interesting wrinkle is that the disaster didn’t happen right away, it was a full decade after the bridge was constructed. That’s the tricky thing with the normalization of deviance: it takes time to build up. It works through subtlety: if your bridge says that it has a limit of 25 tons, but you once drove a 30-ton truck through it and nothing happened, then the actual limit is higher, right? You can do it again. And if you do it enough times?

You’ve been going 110% all the time. It’s worked out just fine. You’re doing great, no problems. You start to think of 110% as the new normal, and you think of it as just 100%. […] Then one day you’re running into 5 other problems and need to push something, well, maybe you do 120% today? After all, it’s basically just 10% of normal…”. That’s how you get a 40-ton trailer trying to cross a bridge rated way lower than that: someone drove through it with 35 tons of cargo, and nothing happened. 36 should be fine, right? Or 37, or 38, and so on. Bending the rules became so normal, without any immediate consequence, that it ceased to be wrong. Slowly, it became the standard, and a standard supported by bent rules is always a time bomb.

But how to avoid deviance?

Normalization of deviance

In software development, the normalization of deviance can happen at every level. For example, at a product level, it’s not exactly unheard of to release software that is not fully tested, on the assumption that the bugs will be fixed in future releases, which can lead to serious problems, such as data loss or security vulnerabilities. At the development level, programmers can start to disregard code style conventions if they feel slowed down by them (there’s a deadline to meet after all), resulting in a codebase that is difficult to read and maintain. And at the security level, it’s often easier to just write down a password than wait half an hour for IT to reset your account if you forget it. In either case, the result is the same: an organization will start accumulating issues until something serious breaks one day.

However, diagnosing the normalization of deviance can be difficult because there’s no immediate feedback loop to it. The bridge probably doesn’t produce a loud cracking sound if you go a couple of pounds above the limit, or the code doesn’t stop working immediately if you deviate a little from a style convention, so implementing effective ways to detect when it’s happening, or to deter this kind of behavior, can be tricky.   

The aforementioned Twitter thread gives a great example of why: “Susan gets in trouble because she put a post-it note with her password on her monitor, and we had to sit through a boring security meeting about password security. So, people learned to put their passwords in their wallets and their phones.” Or in other words, maybe the systems we have in place provide the incentive to deviate from the rules in the first place, and having after-the-fact measures don’t do enough to stop the buildup of problems. In that case, it falls on the culture of an organization to take into account these possible challenges and take the steps necessary to avoid lowering standards as a normal practice. These four key points might help:

  1. Rules are not forever. When it comes to technology, a year might as well be a decade in terms of advancement and innovation, so every procedure and workflow must be constantly reviewed to ensure “rule-bending” is not encouraged when certain parts lag behind, becoming obsolete or just ineffective. Revising and streamlining are always valuable skills for the leadership of any company to have, and giving people the power to always ask “why” could help avoid problems down the line.
  2. Open communication is critical. In that same sense, the main danger of deviance is that it develops in secret. Effective project management means communicating effectively with people, making clear the purpose of every rule, and being open to opinions, suggestions, and discussions to ensure those rules are effective and followed. Also, promoting an environment where a developer can communicate when a rule must be broken for the good of a project is crucial, as it allows management to respond and control such changes. “This situation has happened to us in the past”, says Jesús Magaña, Senior Project Manager at Scio. “And this decision has never been taken lightly. The objective, after all, is reaching the finish line without compromising quality or performance. This ‘shortcut’ has to be done with the consent of the Project Manager and the client, keeping in mind the possible consequences of doing so.”  
  3. Any change has to be clear and well-thought. The software sector is also ripe for new technologies, frameworks, languages, and tools to be implemented during development, but these changes are not trivial. If a new element is adopted within the development environment without proper measures (like clearly explaining the benefits and drawbacks of the new tool, giving people enough time to acclimate to change, being open to concerns, etc.), the risk of deviance grows.
  4. A culture of collaboration, not politics. Probably the most common cause of normalization of deviance, many of these examples don’t happen in isolation. Humans are social beings that tend to form cliques and in-groups that cover for each other, which can happen at every level of the organization, and thus be the perfect place to brew deviance that could snowball into disaster. So, promoting collaboration, being lenient enough with consequences so people feel comfortable about speaking up, but not to the point that developers feel they can get away with anything, and frequently promoting people to mix and work together in different configurations might be the key. It all comes down to skilled leadership.

And knowing is half the battle

Normalization of deiance

However, let’s not assume that these steps, although useful, are completely infallible when it comes to mitigating the normalization of deviance because this kind of behavior is simply human. We bend the rules when we know we shouldn’t, even at a personal level sometimes (“I’m on a diet, but this piece of cake shouldn’t be a problem, right?”), but that doesn’t mean that we cannot anticipate, learn, and improve at every opportunity. Understanding this is what separates good software organizations from the rest of them. After all, as Jesus Magaña tells us, “one of the values of the Agile Manifesto establishes that ‘people and interactions are above tools and processes’, which implies that a process doesn’t have to be a rigid path. Sometimes you need to veer off-course, and that’s not cheating. Let’s just keep in mind that, if everything is going well during development, a process is meant to help us to be consistent with the quality of our work.

The Key Takeaways

  • Normalization of deviance, of lowering standards over time, is always a risk in any industry, especially software development.
  • Simply put, people are going to bend the rules when that benefits them because that’s simply human nature.
  • The main danger is that this normalization is almost always invisible until too late, helping the build-up of issues and problems until a disaster occurs.
  • It’s up to the management and culture of an organization to mitigate this deviance, which is virtually impossible to eliminate but can be avoided with the right approach to communication and collaboration.

Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!

Why will platform engineering and self-service be two of the biggest trends in 2023?

Why will platform engineering and self-service be two of the biggest trends in 2023?

Curated by: Sergio A. Martínez

When it comes to the development of software applications, many companies, understandably, focus exclusively on creating products for their customers. The process has always been very simple, but as technology advances, and more and more options become available to develop and deploy products, a certain approach has started to shift. The SysAdmin days of yore are far behind, and since the start of the Cloud Age with the launch of AWS in 2006, technology has enabled developers all over the world to create better applications, but at the cost of making development a more complex endeavor.


For example, let’s take the “Software-as-a-Service” (SaaS) model. An increasingly common way to offer software products with continuous support, it’s made possible by the widespread adoption of Cloud technology, allowing businesses to access software applications remotely through the Internet, on a pay-as-you-go basis. There are many advantages to this approach, including increased flexibility and scalability, but it also brought its own challenges. As this article puts it:

Suddenly, engineers had to master 10 different tools, Helm charts, Terraform modules, etc. just to deploy and test a simple code change to one of multiple environments in your multi-cluster microservice setup. The problem is that throughout this toolchain evolution, the industry seemingly decided that division of labor (Ops and Devs), which proved successful in virtually every other sector of the global economy, was not a good idea. Instead, the DevOps paradigm was championed as the way to achieve a high-performing setup.”  

This approach, however, while making sense for companies the size of Amazon or Google, can also create something of a rift when it comes to more medium-sized organizations, where the resources and manpower can’t quite match the scale of modern SaaS and Cloud-based development, and “developers (usually the more senior ones) end up taking responsibility for managing environments, infrastructure, etc.”, putting a strain on the team that can doom the outcome of a project. The expectations regarding the number of tools and frameworks that a team must master to create effective products today are sky-high, and as such, a new approach for comparatively smaller organizations must be found elsewhere. With that in mind, let’s talk about the rise of platform engineering.

The glue binding development together

Why will platform engineering and self-service be two of the biggest trends in 2023 3

Platform engineering is a term that is used to describe the process of designing, building, and maintaining platforms that are used by other applications, and it’s all about creating systems that can be reused and repurposed, emphasizing flexibility and modularity. In other words, the industry is leaving behind the idea of designing systems with specific functions in mind as a result of the world becoming more connected, demanding a shift toward system design that can be adapted to changing needs. And platform engineering is at the forefront of this new paradigm. 

This is because platform engineering responds to the popularity of “self-service” as a development approach. To put it simply, self-service tools and platforms enable teams to have “the ability to create and configure resources” by themselves, away from more traditional models like a ticket system, which are a source of friction in the face of modern development methods. The trick, however, is that a good self-service platform is often developed and deployed internally, meaning that a lot of resources must be directed away from client-facing development, and toward the organization itself, and that can be a tough challenge to overcome.

There are real benefits to investing in internal tools and platforms, of course. For one thing, it can create a more efficient workflow that allows for greater collaboration between developers, helping to build a deeper understanding of the software development process because these platforms are tailor-made to the needs of a specific company. Perhaps most importantly, though, developing internal tools can give medium-sized companies a competitive edge, allowing for better efficiency in the software development process through the use of more effective and all-encompassing tools. 

If you’re a software development company, chances are you’ve considered developing your own internal tools and platforms. And there’s a good reason for that; doing so can be game-changing”, says Luis Aburto, CEO, and Founder of Scio. For starters, developing for self-service allows you to optimize specifically for your company’s needs, meaning they’ll be more efficient and effective than any off-the-shelf solution. And by controlling the development process from start to finish, you can ensure that your tools have the flexibility necessary for more and more complex operations. Having proprietary tools and platforms gives any company a competitive edge.” 

Coming back around, this is why platform engineering will be one of the most important trends of 2023. The process of creating an internal foundation upon which other applications can be built, is conceptualized as a sort of “glue” that binds every element of the development cycle. This can help many organizations to streamline their tools and frameworks, automatizing plenty of tasks that can increase the workload necessary to bring a SaaS application to life. This relatively new field is only now beginning to gain recognition, but it’s expected to become one of the most essential engineering disciplines in the years to come. 

And as the world becomes increasingly digital, the need for platform-based applications will only continue to grow, with internal tools and platforms enabling software development companies to boost their efficiency, saving time and money, and improving the quality of their products. However, to meet this demand, engineers will need to be familiar with platform engineering principles, and those who can master this discipline will be very valued members of a team in the years to come.

Building a platform with the best talent

With all of this in mind, why don’t more software development companies focus on internal tooling? There are a few reasons. First, it’s often seen as a low priority compared to client work, especially for medium or smaller-sized organizations with a more limited pool of resources. And second, it can be expensive and time-consuming to develop these tools, further straining a development team. But in 2023, overcoming these obstacles can be the difference between success and failure for a company.

The biggest challenge, then, is building a great platform engineering team that can bring these tools to reality. This year will not only see platform engineering as a critical approach for most software development companies, but the talent necessary to bring these kinds of applications will be in huge demand, with a strong engineering team becoming essential to develop high-quality products. However, it’s not always easy to find talented engineers who are also a good fit for your culture and values, which is why Nearshore augmentation holds an answer for a company wanting to remain competitive in the face of this new reality.

More than ever, having developers at your disposal with a DevOps background will be critical to building a proper platform engineering team that could change the way your company approaches development”, continues Luis. “And Nearshore partnerships are a great way to access the kind of talent pool you need to bring this vision to life. Latin America has an amazing array of experienced and talented developers that companies of all sizes, or even a start-up, can harness to success.

So, if you’re looking to build a platform engineering team, partnering with a Nearshore company is the best way to do it. With a Nearshore partner, you’ll get access to top talent, be able to scale quickly, and maintain the kind of communication necessary to bring these kinds of projects to fruition. Choosing a self-service approach is a choice that has virtually no downsides for a company looking to keep ahead of the curve in the current technology landscape and bringing developers with talent and communication skills to your team is always the smart path to follow. As a result, you’ll be able to build a world-class platform engineering team that can help take your business to the next level.

The Key Takeaways

  • The software industry is increasingly moving towards more complex development environments, thanks to the rise of technologies such as cloud platforms.
  • The number of resources needed to effectively work in this environment may not be too much for a big company, but for a smaller organization, it can be a challenge to overcome.
  • Among other things, this is why platform engineering and a self-service approach will keep growing in popularity in the coming year, popularizing the development of internal tools.
  • However, this will also increase the number of experienced developers needed to bring these platforms to fruition, and a Nearshore partnership can be the answer to reach these goals.

Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!

React: The challenges of keeping ‘up to date’ in the software development world.

React: The challenges of keeping ‘up to date’ in the software development world.

Curated by: Sergio A. Martínez

Software development is an essential aspect of modern life. From the operating system on our computers to the apps on our phones, software developers create most of the tools we use every day. However, it’s no secret that technology is constantly changing, and keeping pace with the latest trends can be difficult, with new technologies and approaches constantly being developed, so it can be hard to stay abreast of the latest trends. In addition, the industry is becoming increasingly competitive, and companies are constantly trying to one-up each other with new features and capabilities that any skilled programmer needs to keep up with.


For example, let’s look at React, which has been gaining popularity for a few years now. As a JavaScript library, React can be used with a variety of different programming languages, making it easy to integrate it into existing software development projects. It’s also known for being fast and efficient, using a virtual DOM that helps to improve performance by only re-rendering the parts of the DOM that have changed, and the large scalability it offers makes React really popular with some of the biggest companies in the world, including Facebook, Netflix, and Airbnb. In short, this means there is a lot of demand for React developers, which should make this library part of the basic toolset for any skilled developer. However, reality is very different. 

React is a very common requirement among our clients when they are looking for a developer to augment their in-house teams”, says Helena Matamoros, Head of Human Capital at Scio. “And is not that React is uncommon or anything, but we have noticed that, for some reason, programmers who know React usually learn it on their own free time, taking courses or experimenting with it on personal projects. React is not really part of most college curriculums around here, so there has to be an actual commitment from most devs to learn it and offer it to any projects.”

But why is that the case? Why is such a popular skill not something to be found on a curriculum in most programming courses? To answer this, today we want to take a look, not into React precisely, but into a broader question about the expectations about learning software development, and the realities of the industry and these technologies, so you can shine as a developer anywhere you want to collaborate.

Programmers programming themselves

React The challenges of keeping ‘up to date’ in the software 1

Let’s start with something you might suspect already: “Self-taught developers dominate technology: 69% of the developers who responded to the survey are at least partly self-taught, and fewer than half hold a formal degree in computer science. In a trend spreading to other fields, many are choosing ways to learn that offer everything but a degree: online courses, bootcamps, on-the-job training, and collaborating with peers”, an interesting fact shared by this Quartz article in relation to the modern state of software development and developers in the US. And this number will likely keep increasing in the coming years.

The root of this curious situation could be that, since the very beginning, software development has been driven in great part by hobbyists and amateur developers who see programming as more than just a means of employment; for many, programming is a lifestyle. Often, a programmer lets their own sense of challenge and curiosity guide them towards learning new things, so people becoming self-taught in this field, at least in specific tools and frameworks, is usually seen as pretty normal. In fact, as a part of the software developer experience, this cultural norm has become a defining part of our industry.

Considering this, one could see why learning React on your own time is not a weird thing to do, or arguably difficult to do. However, the truth of this depends on a few factors: how much experience you have with programming in general (if you’re coming from a background of working with HTML and CSS, then React will probably seem easier than if you’re starting from scratch), and how much time you’re willing, or able, to invest in learning it. React is not the quickest framework to pick up, but it’s not the hardest either, but it makes you wonder why it tends to be a “learn on your own time” library instead of a basic topic in programming courses, seeing how useful it is as a powerful tool for building user interfaces. 

But what is React? This framework was created by Jordan Walke, a software engineer at Facebook (now Meta), first deployed on the FB timeline in 2011, and later released to the public in 2013 with an open-source version. It was named as such because it can be described as a “reactive” framework, meaning that it can respond to changes in data very quickly. This makes it well-suited for applications that need to handle large amounts of information or that require real-time updates, which of course has made it incredibly attractive for corporations such as Facebook, Instagram, Netflix, and Uber that need to handle a massive number of requests and users every minute. Moreover, React also has a number of features that make it appealing to developers, like its declarative syntax, its ability to render views on different devices, and its performance advantages. In the years since its release, React has become one of the most popular tools for front-end web development, designed to be easy to use, that enables developers to build complex web applications with less code than other frameworks. 

Taken together, these factors make React an appealing option for software development in a world with lots of different frameworks and libraries to choose from, so learning React can open up a lot of doors for future programmers, giving them a practical skill that is in high demand by employers. The thing is, colleges and universities offering React as part of their Computer Science programs tend to be few and far between, thanks to how (relatively) recent this framework is, and the high cost of entry that official boot camps and courses have. But many programmers need to do this regardless, in order to master this framework.

Continuing education is especially crucial in software development. This field is constantly evolving, with new languages, frameworks, and tools being released on a regular basis, so to stay competitive, it’s essential for software development companies to invest in the skills of their employees”, explains Helena. By providing opportunities for employees to learn new skills, companies can ensure that they are keeping up with the latest technology and trends. Additionally, continuing education can help employees to feel more satisfied with their jobs. Ultimately, investing in employee education is a smart business decision that can really pay off.

Growing skills matter

React The challenges of keeping ‘up to date’ in the software 2

That’s why companies that know the value of continued education are the ones bringing the best talent aboard. Although curiosity and motivation to learn new things for the sake of it are great qualities for a software developer, leaving them all of the work is not the best strategy to ensure a team is ready and ahead of the curve when it comes to tools, approaches and frameworks to innovate in the software space. After all, the key to a successful business is its people. 

Many companies focus on hiring employees with the specific skills they need to get the job done. And while this is certainly important, it’s also important for an organization to invest in the skills and development of its staff, for one very simple reason: this is investment in success, both for the organization and for the collaborator. Well-trained employees are often able to work faster and more accurately than those who are not. Second, employee development can help to reduce turnover, and when employees feel like they are learning and growing in their jobs, they are more likely to stick around. In the case of React, the best approach could be having more senior developers, whose experience with this library is top-notch, to lend a hand to their teammates to develop their own skills, with the company giving the opportunity to comfortably do so. 

Scio, for example, has the “Sensei-Creati” program, where a Sensei developer can take on “Creati” apprentices to teach them about a specific tool or skill, remaining open to discuss issues, solve questions, and all in all share knowledge to whoever would benefit from it. The result is that, when everyone is on the same page, it makes it easier to identify areas that need improvement and come up with new solutions. Furthermore, sharing knowledge helps to build trust and collaboration among team members, which can lead to better code quality and a more efficient workflow. Ultimately, sharing knowledge is essential for any software company that wants to be successful, and attract the best talent available.

The bottom line is that learning is part of the normal experience of a software developer but offering the opportunity to do so on the job is the best way to keep ahead of the curve when it comes to popular technologies like React. So if you are looking to join the best company to work with, see what their position is regarding sharing knowledge and growing skills. Maybe you can find a place where the proposition of learning something like React is not something you do in your free time, but part of the job itself.

Scio is an established Nearshore software development company based in Mexico that specializes in providing high-quality, cost-effective technologies for pioneering tech companies. We have been building and mentoring teams of engineers since 2003 and our experience gives us access not only to the knowledge but also the expertise needed when tackling any project. Get started today by contacting us about your project needs – We have teams available to help you achieve your business goals. Get in contact today!