Tech Lead Journal

What if the MCP server you installed last week is silently leaking your emails to a stranger? The AI tools boosting your productivity could already be your biggest security liability.
MCP (Model Context Protocol) has quickly become the standard for connecting AI agents to external tools and data sources. But as adoption accelerates, so do the risks – from malicious servers harvesting your credentials in the background, to local processes exposed to your entire network with no authentication. Most developers install MCP servers without fully understanding what code is running or who wrote it, creating serious supply chain and shadow IT problems inside organizations.
In this episode, Ariel Shiftan, CTO of MCPTotal, explains how MCP actually works, why there is a wide gap between its original design and how it is used in practice, and what that gap means for security. He also walks through real zero-days his team has discovered and shares practical advice for developers and enterprise leaders trying to adopt MCP without compromising their security posture.
Key topics discussed:
What MCP is and why it won the “USB for AI” race
Why most MCP servers are just API wrappers done wrong
Real zero-days found in popular, widely used MCPs
How malicious MCPs can silently leak your credentials
The supply chain risks hiding inside your dev toolchain
Why banning MCP in your org is the wrong move
Best practices for writing well-designed MCP servers
Why agent permission prompts need better security defaults
Timestamps:
(00:00:00) Trailer & Intro
(00:02:49) What Is MCP and Why Is It Called the USB for AI?
(00:07:22) How Does MCP Differ from Standard REST APIs?
(00:13:40) What Can AI Agents Do with MCP Beyond Reading Data?
(00:16:56) What Is RAG and How Did AI Evolve to Tool Calling?
(00:19:54) Why Is MCP Misused as an API Catalog and What Does That Cost?
(00:25:04) What Are AI Skills and How Do They Compare to MCP?
(00:30:29) How Does MCP Server Architecture Work Under the Hood?
(00:37:01) How Do Malicious and Vulnerable MCP Servers Put Organizations at Risk?
(00:45:30) What Real-World MCP Vulnerabilities and Zero-Days Have Been Found?
(00:50:30) How Should Enterprises Enable MCP Adoption Without Compromising Security?
(00:53:16) What Are Best Practices for Writing a Well-Designed MCP Server?
(00:59:14) How Should AI Agents Handle Permissions Without Overwhelming Users?
(01:05:26) 3 Tech Lead Wisdom
_____
Ariel Shiftan’s Bio
Ariel is a software engineer and security expert with more than 20 years of hands-on and executive leadership experience across cybersecurity, distributed systems, and AI infrastructure. He holds a PhD in Computer Science, specializing in advanced algorithms and systems. Earlier in his career, Ariel founded NorthBit, a deep-tech cybersecurity firm that was acquired by Magic Leap in 2016, where he led product security globally, overseeing the security lifecycle across more than 700 engineers. He has also led applied AI breakthroughs, including heading an XPRIZE-winning team that used deep learning to fight malaria in Africa.
Follow Ariel:
LinkedIn – linkedin.com/in/shiftan
MCPTotal’s Website – mcptotal.io

Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/249.
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.

Think you’re just “not a people person”? Most tech leaders quietly believe this about themselves, and it’s exactly what’s holding them back.
In this episode, Martijn Versteeg, founder of peer leadership community Group Effort and former CPTO with a background in organizational psychology, makes the case that it’s not: human behavior follows predictable patterns you can understand and work with, just like any system. The conversation covers a six-variable model for understanding what drives behavior and disengagement on your team, why popular personality tools like MBTI and DiSC often do more harm than good, and a clear structure for delivering bad news without the usual stress buildup. We also get into what it really takes to let go of hands-on coding when you move into leadership, why developing a product mindset matters even if product isn’t in your title, and the psychological risks of heavy AI use that most teams still aren’t thinking about.
Key topics discussed:
The 6 human needs that predict human behavior
Why MBTI and DiSC often do more harm than good
How to stop avoiding difficult conversations
Deliver bad news clearly using a 10-second rule
Why becoming a bottleneck is a slow career killer
Building a product mindset when you’re in tech
The mental health risks of heavy AI use
What peer groups give you that books can’t
Timestamps:
(00:00:00) Trailer & Intro
(00:03:06) Why Small Steps Matter More Than Career Turning Points
(00:05:11) About Martijn Versteeg
(00:07:01) How Can I Learn People Skills Systematically?
(00:13:19) Six Human Needs That Predict Behavior
(00:17:28) How Does It Compare to Maslow’s Hierarchy of Needs?
(00:19:49) Why Are Personality Tests Like MBTI Unreliable?
(00:23:20) How Do I Use Pain and Pleasure to Drive Growth?
(00:28:30) How Do I Handle Conflict and Difficult Conversations?
(00:32:47) A Model for Delivering Bad News in 10 Seconds
(00:36:12) How Do I Transition from Tech Lead to Engineering Leader?
(00:41:12) How Do I Let Go of Coding as a Leader?
(00:42:49) The Vanilla Orchid Story: Why Leaders Must Let Go
(00:46:55) How Can Engineers Develop a Product Mindset?
(00:53:17) What Are the Hidden Risks of AI for Mental Health?
(01:02:19) What Is the Value of Learning Through Podcast Conversations?
(01:07:19) Why Consuming Knowledge Is Not the Same as Producing
(01:09:06) 3 Tech Lead Wisdom
_____
Martijn Versteeg’s Bio
Martijn Versteeg is the founder of Group Effort, a Netherlands-based collective that empowers tech and product leaders across Europe through peer groups, offsites, and specialized training. As a key figure in the global product community, he is also an organizer of the Product Mastery Conference, where he helps curate insights for the next generation of product leaders.
Before founding Group Effort, Martijn built and successfully sold an EdTech IT platform and spent over five years as an Agile coach and Scrum Master. His unique perspective on leadership is rooted in high-performance athletics; at just 22 years old, he served as the National Rowing Coach for Singapore.
Today, Martijn is a vocal advocate for community-led learning. He frequently challenges leaders to move past the search for “golden nuggets” of wisdom and instead focus on the consistent, incremental iterations that solve the “hard people stuff” in scaling organizations.
Follow Martijn:
LinkedIn – linkedin.com/in/versteeg
Group Effort – groupeffort.nl
Newsletter – groupeffort.nl/newsletter
Free training on Massive Action-Taking for Product Leaders – groupeffort.nl/action

Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/248.
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.

Is your platform engineering initiative struggling to deliver results? The problem might not be your tools or technology at all.
In this episode, Sam Barlien, Community Organizer at Platform Engineering (the world’s largest platform engineering community), shares insights from speaking with nearly 400 engineering leaders last year about why their platform initiatives succeed or fail. The biggest revelation: it’s almost never about the tools. Sam explains why treating your internal platform like a product, complete with user research, documentation, and a product manager mindset, is the key differentiator between real platform engineering and just a rebranded operations team. He breaks down how to start small with a minimum viable platform, measure what actually matters, and build golden paths that developers want to follow. The conversation also covers how AI is both accelerating the need for platform engineering and transforming how platforms are built and operated.
Key Topics Discussed:
What platform engineering really means (hint: it’s product management)
Why DevOps and SRE often fail without product thinking
The “Golden Path” vs “Golden Cage” approach to developer experience
How to measure ROI and pitch platform engineering to executives
The symbiotic relationship between AI and platform engineering
Why starting with a Minimum Viable Platform beats big-bang transformations
PlatformCon 2025 key takeaways and emerging trends
Timestamps:
(00:00:00) Trailer & Intro
(00:03:16) What Background Do You Need for Platform Engineering?
(00:06:32) How Does Storytelling Help in Platform Engineering?
(00:08:53) What Is Platform Engineering?
(00:12:27) Why Are Organizations Adopting Platform Engineering?
(00:19:51) What’s the Difference Between DevOps, SRE, and Platform Engineering?
(00:23:25) Why Is the “Plug and Play” Approach to Tools a Trap?
(00:28:45) How Do You Pitch Platform as a Product Instead of a Project?
(00:34:01) How Do You Measure the ROI of Platform Engineering?
(00:40:42) What Is the Golden Path in Platform Engineering?
(00:47:12) What Were the Key Takeaways from PlatformCon 2025?
(00:53:41) How Does Platform Engineering Leverage AI?
(00:58:41) What Are the Hidden Costs of AI-Generated Code?
(01:04:01) Why Is Platform Engineering Actually Product Management?
(01:07:12) 1 Tech Lead Wisdom
_____
Sam Barlien’s Bio
Sam Barlien is a community organiser for the Platform Engineering Community. He is a tech nerd, and has been involved in tech communities for more than 10 years. He helps manage Platform Weekly, co-hosts PlatformCon, and drives the community Ambassador program, blog and Youtube channel.
Follow Sam:
LinkedIn – linkedin.com/in/sam-barlien-3b2579184
Platform Engineering – platformengineering.org
PlatformCon – platformcon.com
Weave Intelligence – weaveintelligence.io

Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/247.
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.

(05:13) Brought to you by Sweep AI
Sweep is the fastest coding assistant for JetBrains. It lets you write code 10x faster. Finally, AI that works in JetBrains. Download for free at ⁠sweep.dev⁠.

What if Southeast Asia had its own ChatGPT that cost 20x less? Bruce Yang built Agnes AI to solve what global companies ignore: accessible AI for emerging markets.
In this episode, Bruce Yang, CEO and founder of Agnes AI, explains how he’s built Southeast Asia’s fastest-growing AI platform with 4 million registered users and 300K daily active users. After working at Microsoft and LinkedIn in Silicon Valley, Bruce returned to Singapore and started his PhD at NUS right before COVID, positioning him perfectly to ride the AI wave. Agnes AI uses smaller, specialized models trained on Southeast Asian languages and local user data to deliver productivity features like deep research, PowerPoint generation, and AI-powered group chats at 1/20th the cost of major competitors. We discuss the challenges of building AI for emerging markets, the importance of keeping humans in the loop for critical thinking, and why Bruce believes the future of AI belongs to applications, not just models.
Key topics discussed:
Making AI 20x cheaper than ChatGPT
Why Southeast Asia needs its own AI models
Using multi-agent systems to reduce hallucinations
AI group chats and social features
Critical thinking in an AI-assisted world
Why Agnes avoids the AI coding space
AI bubble debate: hype vs. real value
Getting emerging markets to adopt AI
Subscription vs. pay-per-use business models
Timestamps:
(00:00:00) Trailer & Intro
(00:02:49) Why Did Bruce Start a PhD During COVID to Build an AI Company?
(00:06:16) Why Build Another AI Model When Thousands Already Exist?
(00:09:48) How Is Agnes AI Cheaper and Faster Than ChatGPT?
(00:14:00) Does Agnes AI Support Southeast Asian Languages and Cultures?
(00:15:34) How Does Agnes AI Handle Local Languages Better Than Global Models?
(00:17:57) How Does Agnes AI Reduce Hallucinations?
(00:20:03) What Can Agnes AI Do That ChatGPT Cannot?
(00:25:31) Why Is AI in Group Chats the Next Big Thing?
(00:29:18) How Does Agnes AI Keep Your Private Group Conversations Secure?
(00:31:41) Will AI Make Us Lose Our Critical Thinking Skills?
(00:37:43) Should Children Use AI for Schoolwork?
(00:40:27) Can Agnes AI Help With Coding Like Cursor?
(00:43:07) Will Everyone Host Their Own AI Model in the Future?
(00:47:39) Is AI a Bubble or Real Economic Transformation?
(00:51:01) How Can Southeast Asians Start Using AI Today?
(00:53:56) What Are Real-World Examples of People Using Agnes AI?
(00:57:30) How Does Agnes AI Make Money While Offering Free Features?
(01:01:19) 3 Tech Lead Wisdom
_____
Bruce Yang’s Bio
Bruce Yang is the founder and CEO of Agnes AI, a consumer AI platform making intelligence more collaborative, creative, and accessible. A Raffles Institution graduate, he studied Math and Computer Science at UC Berkeley, earned a Master’s from HEC Paris, and is pursuing a PhD at NUS. He previously worked at Microsoft and LinkedIn in Silicon Valley.
Agnes AI redefines how people interact with AI through group chats, AI-assisted games, real-time content creation, slides generation, and research tools. Bruce envisions AI as a shared experience that amplifies human creativity and collaboration, enhancing rather than replacing human thinking and imagination.
Follow Bruce:
LinkedIn – linkedin.com/in/tongbruceyang
Agnes AI - https://agnes-ai.com/
Email – [email protected]

Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/246.
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.

(05:22) Brought to you by Cyberhaven
AI is exfiltrating your data in fragments. Not one big breach — a prompt here, a screenshot there, a quiet export into a shadow AI tool. Every week, AI makes your team faster and your data harder to see. Files are moved to new SaaS apps, models are trained on sensitive inputs, and legacy DLP is blind to the context that matters most.
On February 3rd at 11 am Pacific, Cyberhaven is unveiling a unified DSPM and DLP platform, built on the original data lineage, so security teams get X-ray vision into how data actually moves — and can stop risky usage in real time.
Watch the launch live at cyberhaven.com/techleadjournal.

Did you know Singapore is one of the world’s top countries launching cyberattacks? Not as a victim, but as the source. Your routers, smart TVs, robot vacuums, or network-attached storage could be part of a massive botnet right now.
In this eye-opening episode, Joseph Yap, founder of Otonata and cybersecurity expert, reveals the hidden cyber threat lurking in our homes. He reveals how everyday devices from routers to smart TVs become attack weapons. He explains why Singapore’s excellent infrastructure ironically makes it attractive for hackers and shares practical steps to protect your network. From residential proxies renting out your internet connection to teenagers running ransomware gangs, this conversation exposes the gap between our connected lives and our digital security practices.
Key topics discussed:
Why Singapore, Indonesia, and Vietnam are top cyberattack source countries
Why Singapore’s infrastructure makes it attractive for hackers
How 700,000+ compromised devices launch 30 terabits per second DDoS attacks
The rise of residential proxies and dark web rental of home networks
How hackers exploit publicly disclosed vulnerabilities in outdated firmware
Why AI is lowering the barrier to entry for hackers
What makes executives and high-net-worth individuals attractive targets
Practical steps to audit and protect your home network
Timestamps:
(00:00:00) Trailer & Intro
(00:02:40) How Can I Apply Journalism Skills to Tech
(00:06:14) Why is Curiosity Essential for Tech Leaders?
(00:08:48) Why is Singapore a Top Source for Cyber Attacks?
(00:12:11) What Makes Singapore Attractive for Cyber Attacks?
(00:16:39) How Many Devices in Singapore are Already Compromised?
(00:20:40) How Can I Tell if My Home Network is Compromised?
(00:30:13) Which Devices are Hackers’ Favorite Entry Points?
(00:33:18) What is a Residential Proxy and Why Should I Care?
(00:36:27) How do Hackers Actually Break into My Network?
(00:47:47) Why are Executives and High-Net-Worth Individuals Prime Target?
(00:55:12) Why isn’t Singapore’s Cyber Attack Problem in the News?
(00:59:26) Can Internet Providers Stop These Attacks?
(01:02:16) What Can I Do to Protect My Home Network?
(01:05:19) How Do I Protect My Network-Attached Storage (NAS)?
(01:10:41) How is AI Changing the Cyber Attack Landscape?
(01:17:35) How Can Otonata Help Protect My Home Network?
(01:23:39) What are Real-World Examples of Home Network Compromises?
(01:28:20) 3 Tech Lead Wisdom
_____
Joseph Yap’s Bio
With 20+ years in Operations and Supply Chain, Joseph Yap founded Otonata (https://otonata.com) after realizing how vulnerable home networks are to security breaches. Otonata brings corporate-grade cybersecurity to homes using digital hygiene and lean management principles, protecting dozens of households from growing threats posed by AI, smart devices, and expanding attack surfaces.
Follow Joseph:
LinkedIn – linkedin.com/in/-joseph-yap
Otonata – https://otonata.com/
Free Hack Check – https://otonata.com/hack-check

Like this episode?
Show notes & transcript: techleadjournal.dev/episodes/245.
Follow @techleadjournal on LinkedIn, Twitter, and Instagram.
Buy me a coffee or become a patron.