Junade Ali

Hello! I'm Junade; I am a software engineering manager, author and computer scientist.


I have experience in a variety of areas; from road traffic engineering to financial services, web development to internet infrastructure. I have also done high-impact research work in computer security and Operations Research.


Over the past few years; I've written books, blog posts, scientific papers and given conference talks and interviews. This website archives various my blog posts, published works, recorded talks and press coverage of my work. On this home page you can find my biographical sketch and a selection of these works.

Biographical Sketch:

Junade Ali is a British computer scientist with specialist knowledge of computer security, distributed systems and software design. His software engineering experience has varied from being the lead developer of the then largest digital agency in the UK (by headcount) to developing software for embedded systems used in mission critical road safety applications.

At the age of 17, he started a post-graduate Masters, and was later awarded a Distinction and “Best Overall Masters” award for a thesis based of his earlier conference paper “Coverage and Sensor Placement for Vehicles on Predetermined Routes - A Greedy Heuristic Approach”. Junade currently holds Chartered Engineer regulatory status (the terminal qualification in engineering in the UK).

Junade designed the anonymity models that powers the Pwned Passwords service, leading to industry change in password security measures (by companies including 1Password, Okta, Apple, Google, LastPass, etc).

With specialist experience in refactoring legacy software and software design, Junade has published multiple books on software engineering, including the best-selling title: “Mastering PHP Design Patterns”.

Currently, Junade works as an Engineering Manager and is working part-time on a PhD in theoretical computer science.

Junade can be found on Twitter as @IcyApril.

Selected Works

How software development will change in 2022

Over the past year, I have studied in detail how the software development productivity space is changing. Over this time, I have spoken to engineering leaders from dozens of organisations, reviewed the latest literature and even conducted representative opinion polling among software engineers. While the future is uncertain, there are three key trends that technology leaders cannot afford to miss. How tech leaders implement these trends within their organisations will help to define how success

How to prevent developer burnout

Earlier this year, I led a joint research project between engineering productivity business Haystack Analytics and polling firm Survation, to understand the impact of burnout on developers. While there have been attempts to survey developer communities before, this represented the first time representative opinion polling was used to understand software engineers. When it came to burnout, the results were shocking. We found that 83% of software engineers reported that they were suffering from b

Hacked DailyNK website infected broad range of organizations | NK News

The North Korean malware attack against Seoul-based DailyNK has spread across multiple companies that accessed the website over the past few months, cybersecurity firm Kaspersky has told NK News. The infections contradict Daily NK’s claim that hackers inserted the malicious code on pages only accessible to its own staff, and raises questions about the organization’s decision to keep its readers in the dark about the security breach. Senior Kaspersky Security Researcher Seongsu Park said the ma

Half a dozen North Korean domains offline after apparent server outage | NK News

At least half a dozen North Korean websites and email servers dropped off the internet last weekend in a sign of growing instability of the country’s IT infrastructure. The server outage on Saturday night disrupted access to the websites of Air Koryo, the Ministry of Foreign Affairs, the Naenara web portal, Kim Il Sung University, as well as the email servers for Sili Bank and Star Joint Venture, cybersecurity researcher Junade Ali told NK News. The outage followed a change last month in how b

Hackers infect DailyNK website with malware to spy on readers | NK News

For at least two months, hackers linked to North Korea have been attacking readers of the DailyNK website with custom malware capable of stealing files and passwords, cybersecurity firm Volexity revealed in a report on Tuesday. The attack used two known vulnerabilities in Microsoft’s Internet Explorer and Edge web browsers to install malware dubbed “Bluelight,” according to the researchers. Once launched, the malicious software reportedly takes frequent screenshots, copies files, steals passwor

EngProd: The Secret of Elite Developer Teams

For companies to be successful, it is important to be able to get new ideas in front of users quickly, so you can keep up with the market and iterate based on real-world feedback. When technology teams find themselves unable to keep up with the pace of product development, they become the blockers of an organization. Ineffective technology leaders will pressure their developers to ship ever more work, causing developer burnout and software instability. By contrast, effective technology leaders

Report: 83% of UK software engineers suffer burnout, COVID-19 made it worse

A report on the wellbeing of UK software engineers (developers and DevOps professionals) found 83 per cent suffering from some degree of burnout, with most agreeing that COVID-19 was partly to blame. This survey [PDF] was conducted in June 2021 by pollsters Survation, on behalf of DevOps company Haystack, and although the number of participants was small (just over 250) it was conducted by interviews, rather than online forms which are vulnerable to low-quality responses. The respondents were

Developer burnout isn't going away. Employers need to act now

Big workloads continue to have a huge impact on resource-strapped software teams, with a new survey by Haystack finding that more than 8 in 10 developers suffer from burnout at work. Technology has played a key role in the fight against COVID-19, with IT teams helping businesses to adapt to remote working and digital-first operations. But this rapid adoption of technology has had a massive impact on those tasked with implementing it, with various reports highlighting the mental strain develope

83% of Developers Suffer From Burnout, Study Finds

Eighty-three percent of software developers suffer from workplace burnout, according to a study from Haystack Analytics. The top reasons for burnout include high workload, cited by 47% of respondents, inefficient processes, cited by 31%, and unclear goals and targets, cited by 29%, according to "Study to Understand the Impact of COVID-19 on Software Engineers." Burnout worsened during the pandemic, the study says. The study also finds that 83% of developers are concerned about software reliabi

Experts warn report on North Korea’s cyber power understates true threat | NK News

A new analysis of cyber capabilities and national power has ranked North Korea in the lowest of three tiers, arguing that the DPRK’s offensive cyber operations are of low sophistication and hampered by the limited number of skilled hackers in the country. The report published on Monday by the International Institute for Strategic Studies (IISS) put North Korea’s “cyber power” on the same level as Indonesia and Malaysia — an assessment that experts said underestimates the true abilities of North

North Korean websites go dark after botched server upgrade | NK News

More than a dozen North Korean websites were knocked off the internet on Tuesday morning due to a failed software update, according to screenshots obtained by NK News. Websites affected by the outage included the online presence of The Pyongyang Times, the Ministry Of Public Health and at least 14 other sites hosted on the same server, records on the internet’s Domain Name System (DNS) showed. “The fact these websites are hosted on a single server which is liable to be taken offline by such out

How To Assess And Improve Your Software Engineering Team's Performance | Hacker Noon

How To Assess And Improve Your Software Engineering Team's Performance Suppose your SRE team has just rolled out a brand new fully self-serve Kubernetes infrastructure, how do you show your boss that it's helped the engineering team deliver faster? Imagine your product engineering team has finally managed to pay down some tech debt through refactoring, how do you show the Product Manager that it was worthwhile for helping your team deliver business value in the long term? As an engineering ma

North Koreans sharpen their cyberskills at online coding competitions

Free platforms may offer insights to threat researchers but help the DPRK build its cyber force, experts say Dozens of North Korean software developers appear to be honing their skills on freely accessible coding platforms that may help the DPRK build its cyber force, an NK Pro investigation of profiles across several such websites showed. But cybersecurity experts said that the participation of North Korean programmers in these coding competitions may also reveal interests, techniques and prog

North Korean hackers breached sensitive defense network at Russian firm

DPRK-linked Lazarus Group accessed restricted data by using “highly interesting technique,” according to Kaspersky In a successful attack that shows how quickly North Korean hackers are able to evolve, the DPRK-linked Lazarus Group stole sensitive information from a Russian defense firm, cybersecurity firm Kaspersky said on Thursday. According to the report, the hackers compromised a router in mid-2020 to create a bridge into a strictly separated network — a “highly interesting technique” that

North Korean Hackers Hide in Plain Sight | Hacker Noon

On the evening of the 25th January 2021, Google’s Threat Analysis Group published details of a campaign targeting security researchers attributed by them to “a government-backed entity based in North Korea”. Google described the attack as using a “novel social engineering method”. Social engineering usually describes attacks that target the human factors of computer security, such as by using phishing emails or phone call impersonation. Whilst highly-competent security experts may consider them

3 Software Ownership Models and Joint Care for Dev Teams | Hacker Noon

In traditional software operations, software would be "thrown over the fence" to operations teams. Technical operations teams would be aided in operating a service using Standard Operating Procedures (SOPs). With the advent of practices like DevOps and the growth in hiring SREs (Site Reliability Engineers), development and operations are increasingly unified. This has allowed "chore" work like deployments and maintenance to be automated. Standard Operating Procedures still play a role in this w

The IET - From apprentice to Chartered Engineer: at just 24

“As studying took a larger share of my time, I took a role working with embedded electronics for road traffic systems at a more traditional engineering firm,” he says. “About five years ago I was headhunted by an internet infrastructure and cybersecurity firm I had always wanted to work for.” Now an Engineering Manager, Junade leads an Operations Research team in charge of developing technologies in Artificial Intelligence and formally verified software to drive improvements in cybersecurity an

The Verge - Have I Been Pwned — which tells you if passwords were breached — is going open source

These days, we almost take it as a given that piss-poor security will inevitably expose some of your usernames and passwords to the world — that’s why 2FA is so important, and why you might want a password checkup tool like the ones now built into every modern browser (well, Safari is coming soon) so you can quickly replace the ones that were stolen. But nearly all of those password checkup tools owe something to Troy Hunt’s Have I Been Pwned, which was kind of a novel idea when it first launch
Load More Articles
Close