Tech Lead Journal

What if the MCP server you installed last week is silently leaking your emails to a stranger? The AI tools boosting your productivity could already be your biggest security liability. MCP (Model Context Protocol) has quickly become the standard for connecting AI agents to external tools and data sources. But as adoption accelerates, so do the risks – from malicious servers harvesting your credentials in the background, to local processes exposed to your entire network with no authentication. Most developers install MCP servers without fully understanding what code is running or who wrote it, creating serious supply chain and shadow IT problems inside organizations. In this episode, Ariel Shiftan, CTO of MCPTotal, explains how MCP actually works, why there is a wide gap between its original design and how it is used in practice, and what that gap means for security. He also walks through real zero-days his team has discovered and shares practical advice for developers and enterprise leaders trying to adopt MCP without compromising their security posture. Key topics discussed: What MCP is and why it won the “USB for AI” race Why most MCP servers are just API wrappers done wrong Real zero-days found in popular, widely used MCPs How malicious MCPs can silently leak your credentials The supply chain risks hiding inside your dev toolchain Why banning MCP in your org is the wrong move Best practices for writing well-designed MCP servers Why agent permission prompts need better security defaults Timestamps: (00:00:00) Trailer & Intro (00:02:49) What Is MCP and Why Is It Called the USB for AI? (00:07:22) How Does MCP Differ from Standard REST APIs? (00:13:40) What Can AI Agents Do with MCP Beyond Reading Data? (00:16:56) What Is RAG and How Did AI Evolve to Tool Calling? (00:19:54) Why Is MCP Misused as an API Catalog and What Does That Cost? (00:25:04) What Are AI Skills and How Do They Compare to MCP? (00:30:29) How Does MCP Server Architecture Work Under the Hood? (00:37:01) How Do Malicious and Vulnerable MCP Servers Put Organizations at Risk? (00:45:30) What Real-World MCP Vulnerabilities and Zero-Days Have Been Found? (00:50:30) How Should Enterprises Enable MCP Adoption Without Compromising Security? (00:53:16) What Are Best Practices for Writing a Well-Designed MCP Server? (00:59:14) How Should AI Agents Handle Permissions Without Overwhelming Users? (01:05:26) 3 Tech Lead Wisdom _____ Ariel Shiftan’s Bio Ariel is a software engineer and security expert with more than 20 years of hands-on and executive leadership experience across cybersecurity, distributed systems, and AI infrastructure. He holds a PhD in Computer Science, specializing in advanced algorithms and systems. Earlier in his career, Ariel founded NorthBit, a deep-tech cybersecurity firm that was acquired by Magic Leap in 2016, where he led product security globally, overseeing the security lifecycle across more than 700 engineers. He has also led applied AI breakthroughs, including heading an XPRIZE-winning team that used deep learning to fight malaria in Africa. Follow Ariel: LinkedIn – linkedin.com/in/shiftan MCPTotal’s Website – mcptotal.io Like this episode? Show notes & transcript: techleadjournal.dev/episodes/249. Follow @techleadjournal on LinkedIn, Twitter, and Instagram. Buy me a coffee or become a patron.

Think you’re just “not a people person”? Most tech leaders quietly believe this about themselves, and it’s exactly what’s holding them back. In this episode, Martijn Versteeg, founder of peer leadership community Group Effort and former CPTO with a background in organizational psychology, makes the case that it’s not: human behavior follows predictable patterns you can understand and work with, just like any system. The conversation covers a six-variable model for understanding what drives behavior and disengagement on your team, why popular personality tools like MBTI and DiSC often do more harm than good, and a clear structure for delivering bad news without the usual stress buildup. We also get into what it really takes to let go of hands-on coding when you move into leadership, why developing a product mindset matters even if product isn’t in your title, and the psychological risks of heavy AI use that most teams still aren’t thinking about. Key topics discussed: The 6 human needs that predict human behavior Why MBTI and DiSC often do more harm than good How to stop avoiding difficult conversations Deliver bad news clearly using a 10-second rule Why becoming a bottleneck is a slow career killer Building a product mindset when you’re in tech The mental health risks of heavy AI use What peer groups give you that books can’t Timestamps: (00:00:00) Trailer & Intro (00:03:06) Why Small Steps Matter More Than Career Turning Points (00:05:11) About Martijn Versteeg (00:07:01) How Can I Learn People Skills Systematically? (00:13:19) Six Human Needs That Predict Behavior (00:17:28) How Does It Compare to Maslow’s Hierarchy of Needs? (00:19:49) Why Are Personality Tests Like MBTI Unreliable? (00:23:20) How Do I Use Pain and Pleasure to Drive Growth? (00:28:30) How Do I Handle Conflict and Difficult Conversations? (00:32:47) A Model for Delivering Bad News in 10 Seconds (00:36:12) How Do I Transition from Tech Lead to Engineering Leader? (00:41:12) How Do I Let Go of Coding as a Leader? (00:42:49) The Vanilla Orchid Story: Why Leaders Must Let Go (00:46:55) How Can Engineers Develop a Product Mindset? (00:53:17) What Are the Hidden Risks of AI for Mental Health? (01:02:19) What Is the Value of Learning Through Podcast Conversations? (01:07:19) Why Consuming Knowledge Is Not the Same as Producing (01:09:06) 3 Tech Lead Wisdom _____ Martijn Versteeg’s Bio Martijn Versteeg is the founder of Group Effort, a Netherlands-based collective that empowers tech and product leaders across Europe through peer groups, offsites, and specialized training. As a key figure in the global product community, he is also an organizer of the Product Mastery Conference, where he helps curate insights for the next generation of product leaders. Before founding Group Effort, Martijn built and successfully sold an EdTech IT platform and spent over five years as an Agile coach and Scrum Master. His unique perspective on leadership is rooted in high-performance athletics; at just 22 years old, he served as the National Rowing Coach for Singapore. Today, Martijn is a vocal advocate for community-led learning. He frequently challenges leaders to move past the search for “golden nuggets” of wisdom and instead focus on the consistent, incremental iterations that solve the “hard people stuff” in scaling organizations. Follow Martijn: LinkedIn – linkedin.com/in/versteeg Group Effort – groupeffort.nl Newsletter – groupeffort.nl/newsletter Free training on Massive Action-Taking for Product Leaders – groupeffort.nl/action Like this episode? Show notes & transcript: techleadjournal.dev/episodes/248. Follow @techleadjournal on LinkedIn, Twitter, and Instagram. Buy me a coffee or become a patron.

Is your platform engineering initiative struggling to deliver results? The problem might not be your tools or technology at all. In this episode, Sam Barlien, Community Organizer at Platform Engineering (the world’s largest platform engineering community), shares insights from speaking with nearly 400 engineering leaders last year about why their platform initiatives succeed or fail. The biggest revelation: it’s almost never about the tools. Sam explains why treating your internal platform like a product, complete with user research, documentation, and a product manager mindset, is the key differentiator between real platform engineering and just a rebranded operations team. He breaks down how to start small with a minimum viable platform, measure what actually matters, and build golden paths that developers want to follow. The conversation also covers how AI is both accelerating the need for platform engineering and transforming how platforms are built and operated. Key Topics Discussed: What platform engineering really means (hint: it’s product management) Why DevOps and SRE often fail without product thinking The “Golden Path” vs “Golden Cage” approach to developer experience How to measure ROI and pitch platform engineering to executives The symbiotic relationship between AI and platform engineering Why starting with a Minimum Viable Platform beats big-bang transformations PlatformCon 2025 key takeaways and emerging trends Timestamps: (00:00:00) Trailer & Intro (00:03:16) What Background Do You Need for Platform Engineering? (00:06:32) How Does Storytelling Help in Platform Engineering? (00:08:53) What Is Platform Engineering? (00:12:27) Why Are Organizations Adopting Platform Engineering? (00:19:51) What’s the Difference Between DevOps, SRE, and Platform Engineering? (00:23:25) Why Is the “Plug and Play” Approach to Tools a Trap? (00:28:45) How Do You Pitch Platform as a Product Instead of a Project? (00:34:01) How Do You Measure the ROI of Platform Engineering? (00:40:42) What Is the Golden Path in Platform Engineering? (00:47:12) What Were the Key Takeaways from PlatformCon 2025? (00:53:41) How Does Platform Engineering Leverage AI? (00:58:41) What Are the Hidden Costs of AI-Generated Code? (01:04:01) Why Is Platform Engineering Actually Product Management? (01:07:12) 1 Tech Lead Wisdom _____ Sam Barlien’s Bio Sam Barlien is a community organiser for the Platform Engineering Community. He is a tech nerd, and has been involved in tech communities for more than 10 years. He helps manage Platform Weekly, co-hosts PlatformCon, and drives the community Ambassador program, blog and Youtube channel. Follow Sam: LinkedIn – linkedin.com/in/sam-barlien-3b2579184 Platform Engineering – platformengineering.org PlatformCon – platformcon.com Weave Intelligence – weaveintelligence.io Like this episode? Show notes & transcript: techleadjournal.dev/episodes/247. Follow @techleadjournal on LinkedIn, Twitter, and Instagram. Buy me a coffee or become a patron.

(05:13) Brought to you by Sweep AI Sweep is the fastest coding assistant for JetBrains. It lets you write code 10x faster. Finally, AI that works in JetBrains. Download for free at ⁠sweep.dev⁠. What if Southeast Asia had its own ChatGPT that cost 20x less? Bruce Yang built Agnes AI to solve what global companies ignore: accessible AI for emerging markets. In this episode, Bruce Yang, CEO and founder of Agnes AI, explains how he’s built Southeast Asia’s fastest-growing AI platform with 4 million registered users and 300K daily active users. After working at Microsoft and LinkedIn in Silicon Valley, Bruce returned to Singapore and started his PhD at NUS right before COVID, positioning him perfectly to ride the AI wave. Agnes AI uses smaller, specialized models trained on Southeast Asian languages and local user data to deliver productivity features like deep research, PowerPoint generation, and AI-powered group chats at 1/20th the cost of major competitors. We discuss the challenges of building AI for emerging markets, the importance of keeping humans in the loop for critical thinking, and why Bruce believes the future of AI belongs to applications, not just models. Key topics discussed: Making AI 20x cheaper than ChatGPT Why Southeast Asia needs its own AI models Using multi-agent systems to reduce hallucinations AI group chats and social features Critical thinking in an AI-assisted world Why Agnes avoids the AI coding space AI bubble debate: hype vs. real value Getting emerging markets to adopt AI Subscription vs. pay-per-use business models Timestamps: (00:00:00) Trailer & Intro (00:02:49) Why Did Bruce Start a PhD During COVID to Build an AI Company? (00:06:16) Why Build Another AI Model When Thousands Already Exist? (00:09:48) How Is Agnes AI Cheaper and Faster Than ChatGPT? (00:14:00) Does Agnes AI Support Southeast Asian Languages and Cultures? (00:15:34) How Does Agnes AI Handle Local Languages Better Than Global Models? (00:17:57) How Does Agnes AI Reduce Hallucinations? (00:20:03) What Can Agnes AI Do That ChatGPT Cannot? (00:25:31) Why Is AI in Group Chats the Next Big Thing? (00:29:18) How Does Agnes AI Keep Your Private Group Conversations Secure? (00:31:41) Will AI Make Us Lose Our Critical Thinking Skills? (00:37:43) Should Children Use AI for Schoolwork? (00:40:27) Can Agnes AI Help With Coding Like Cursor? (00:43:07) Will Everyone Host Their Own AI Model in the Future? (00:47:39) Is AI a Bubble or Real Economic Transformation? (00:51:01) How Can Southeast Asians Start Using AI Today? (00:53:56) What Are Real-World Examples of People Using Agnes AI? (00:57:30) How Does Agnes AI Make Money While Offering Free Features? (01:01:19) 3 Tech Lead Wisdom _____ Bruce Yang’s Bio Bruce Yang is the founder and CEO of Agnes AI, a consumer AI platform making intelligence more collaborative, creative, and accessible. A Raffles Institution graduate, he studied Math and Computer Science at UC Berkeley, earned a Master’s from HEC Paris, and is pursuing a PhD at NUS. He previously worked at Microsoft and LinkedIn in Silicon Valley. Agnes AI redefines how people interact with AI through group chats, AI-assisted games, real-time content creation, slides generation, and research tools. Bruce envisions AI as a shared experience that amplifies human creativity and collaboration, enhancing rather than replacing human thinking and imagination. Follow Bruce: LinkedIn – linkedin.com/in/tongbruceyang Agnes AI - https://agnes-ai.com/ Email – bruce@sapiens-ai.io Like this episode? Show notes & transcript: techleadjournal.dev/episodes/246. Follow @techleadjournal on LinkedIn, Twitter, and Instagram. Buy me a coffee or become a patron.