12 Years Building Apps, Then Learning How to Break Them
A career pivot from iOS developer to security engineer — how building apps for 12 years turned out to be the best preparation for figuring out exactly where they break.
After 12 years building apps, I spent the last year learning how to break them.
That shift — from builder to breaker — didn't happen overnight. It happened in Prague, at a company called Thales, deep inside a mobile security SDK, reverse-engineering binaries with Ghidra and writing hooking detectors that had to outlast adversaries I'd never meet.
Before that, there was SAP Concur, where I shipped features used by millions and quietly watched an AI assistant called Joule come to life beside us. Before that, STRV, where I gave my first talks on privacy, worked on BLE and IoT, and started asking questions the codebase couldn't answer.
Six years in the Czech Republic. Three companies. More friends than I expected when I landed here as a Taiwanese developer with a phrase book and a suitcase.
I'm grateful — for all of it.
Now I'm moving on. AI is reshaping what software development means, and I've been thinking hard about where human judgment still matters most. Security is one of those places. Attackers don't follow documentation. Defenses that look solid on paper fail under pressure. The craft requires adversarial instinct, not just pattern matching.
Twelve years of knowing how apps are built turns out to be useful when you're figuring out exactly where they break.
To everyone at STRV, SAP Concur, and Thales — thank you for the trust and the problems worth solving. To Czech Republic — you changed me more than I expected.
What's next? Security engineering. Full commitment.
Praha navždy v srdci.
#SecurityEngineering #CareerPivot #MobileSecurity #AppSec #Prague