SEEK Bytes

This is a special SEEK Bytes drop – outside the regular Season 3 line-up – because the recent Axios NPM hack is too important to ignore. In this episode of SEEK Bytes the crew sit down with Eldar Marcussen from SEEK’s offensive security team to unpack what actually happened, why supply-chain attacks are so scary, and what you should do today to reduce your risk. In this episode you’ll learn: • What a supply-chain attack really is – how a single malicious dependency in a trusted package like Axios can silently run on thousands of machines, and why closed-source software isn’t magically safer. • What to do if you think you’ve been hit – practical first moves for companies and individuals: rotating keys, rebuilding or containerising machines, reviewing logs, and knowing when to call in your security team. • How to raise the bar for attackers – simple habits like pinning and ageing dependencies, using tools like Docker and alternative package managers, relying on built-in protection like Windows Defender, and staying alert to sketchy extensions and “too good to be true” downloads. 🔔 Follow so you don’t miss future special drops like this – plus our regular Season 3 episodes every week.

SEEK Bytes is back for Season 3 on 22 April, and we’re turning things up a notch with a major focus on AI of course. This season dives into the real world of working in tech today – from AI reshaping how we build and secure systems, to the culture, careers and decisions that make or break modern engineering teams. Whether you’re a seasoned developer, just starting out in IT, or simply curious about how technology is changing work, Season 3 brings you sharp, honest conversations straight from the engineers, designers and security experts living it every day. 👍 Hit Follow so you don't miss a new episode and don't forget to check out past episodes if you haven't already.

Thinking about moving from hands-on coding to people leadership – or just wanting more control over your engineering career? In this episode of SEEK Bytes, we sit down with Gladys Lim, an Engineering Manager based in Kuala Lumpar who leads squads in SEEK’s monetisation & insights domain, building products that keep hirers coming back This episode's special guest: Gladys Lim (SEEK Engineering Manager - based in Kuala Lumpur) Gladys shares her journey from barcode integrations and games dev to full-stack engineer and, eventually, EM – including what surprised her about loving people leadership, how she navigated a jarring feedback-loop shift, and why management is a different career path, not just a promotion. She gets real about imposter syndrome, being a woman in tech across APAC, hiring for diverse teams, and using empathy, vulnerability and structure to make mentoring actually work. In this episode you’ll learn: • What it really means to shift from IC to EM – from instant code feedback to months-long people outcomes, delegating without micromanaging, and redefining success as enabling the team, not being the strongest coder. • How to navigate imposter syndrome and bias – using facts to reframe negative self-talk, turning comparison into learning, and creating inclusive rituals so quieter and under-represented voices are actually heard. • How to take charge of your career and mentorship – clarifying your motivations, choosing between IC and leadership paths, saying “no” when the fit or timing is wrong, and designing mentoring relationships that serve your specific growth goals. If you’re a software engineer, data/IT professional, team lead or aspiring manager wondering whether people leadership is for you – or how to better support the EMs you work with – this episode is packed with honest stories, practical tactics and career advice you can apply today. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

Heard of “clean architecture” but not sure what it looks like in real code? In this episode of SEEK Bytes, Seamus, Will and Adam Kreidels (Head of Engineering, Monetisation & Insights at SEEK) are back for Part 2 of their deep dive – unpacking entities, use cases, gateways, the dependency rule and the famous “onion” diagram in a way any IT pro can apply. This episode's special guest: Adam Kreitals (SEEK Head of Engineering, Monetisation & Insights) In this episode, we explore: • Why “start with the database” slows you down – and how leading with business rules and use cases speeds up delivery. • How entities, use cases and gateways work together – using price, order and discount examples from SEEK to show clean seams between domain and tech. • How clean architecture reduces the cost of change – what good separation of concerns looks like in code, and how to spot when frameworks and APIs are leaking into your core domain. If you’re a software engineer, tech lead, architect, SRE, platform engineer or IT manager who wants code that survives framework swaps, org changes and new requirements – and you liked Part 1 – this Part 2 episode gives you the concrete concepts, terminology and mental models to put clean architecture into practice. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

Ever wondered what a technical product manager actually does – and why every modern tech org seems to want one? In this episode of SEEK Bytes, Will is joined by Leon Belobrov and Alex Stewart-James to unpack how SEEK builds platform products that power everything from candidate apps to internal tooling – and what it means to be a PM for APIs instead of UIs. This episode's special guests: Leon Belobrov (SEEK Principal Product Manager, Platform) and Alex Stewart-James (SEEK Snr Technical Product Manager) They break down what makes TPMs a bit of a “unicorn role” – blending deep product thinking with enough technical context to serve engineers as their primary customers – and why internal platforms, APIs and deployment pipelines are becoming just as important as customer-facing apps. You’ll hear how SEEK uses jobs-to-be-done research with engineers, metrics like time-to-10th PR, and platform reliability/security KPIs to prioritise what gets built – and what gets cut. In this episode you’ll learn: • The real difference between a “regular” PM and a TPM – including why serving engineers, focusing on APIs and reusable capabilities, and obsessing over platform reliability changes how you think about product. • How SEEK discovers what engineers actually need – from interviewing 25+ engineers across the business to mapping their pain points into jobs-to-be-done and opportunity scores, instead of just building what the loudest voice wants. • Practical advice if you want to move into TPM or work better with platforms – including dogfooding, avoiding over-engineering, and remembering that “you are not your customer” even when you’re an engineer building for engineers. If you’re a software engineer, platform/DevOps engineer, BA, product manager or IT leader curious about platform teams, internal products and where technical PMs fit into modern tech orgs, this episode gives you a front-row view into how SEEK does it – and how you might shape a similar path. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

What happens when a 15-year-old hacker quietly discovers a single bug that touches over half of the Fortune 500, chains it into a Slack takeover, and walks away with $50K in bug bounties – only for the original vendor to refuse to pay? In this episode of SEEK Bytes, we break down Daniel’s Zendesk exploit, the ethics of disclosure, and what “white hat” really means in practice. We unpack how a “basic” support inbox ([email protected]), misconfigured SSO and email spoofing turned into a way to join internal tickets, steal Slack access and read sensitive conversations – all via a third-party tool many enterprises barely think about. We also dig into how bug bounty programs work, why Zendesk’s scope call sparked controversy, and how SEEK runs security exercises to stay ahead of attackers. In this episode you’ll learn: • How the exploit actually worked end-to-end – from Zendesk ticket IDs and CC’ing yourself onto “internal” threads, to chaining Apple/Google OAuth and Slack login for access to private workspaces. • Why the bug bounty outcome was so controversial – how email-spoofing being “out of scope” left Daniel unpaid by Zendesk, and what this means for incentivising white-hat behaviour vs pushing hackers towards greyer choices. • Practical security takeaways for engineers – the real risk of “weakest link” third-party tools, why internal channels are goldmines for social engineers, and how separation of concerns and well-designed bounties can protect both your systems and your customers. Whether you’re in software engineering, security, cloud, support, architecture or IT leadership, this episode is a gripping case study in modern attack chains, bug bounty programs and why “it’s just email” or “it’s just a ticketing tool” is never the whole story. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

What if your next big career move in tech wasn’t into management or staff engineering – but into technical product management? In this episode of SEEK Bytes, Will continues the conversation with Leon Belobrov and Alex Stewart-James in Part 2 of our deep dive into technical PMs, platform teams and how engineers can shape the roadmap (and their careers). This episode's special guests: Leon Belobrov (SEEK Principal Product Manager, Platform) and Alex Stewart-James (SEEK Snr Technical Product Manager) They share how interviewing dozens of SEEK engineers surfaced honest feedback, surprisingly clear asks, and a long list of “we just built it ourselves” tools that should really be platform products – plus why removing features and legacy tools can be just as valuable as shipping new ones. You’ll also hear what it takes to move from senior engineer or BA into a TPM role, and why this space is still early enough to shape if you jump in now. In this episode, we explore: • How engineers can influence the technical roadmap – from being a “demanding customer” to joining product discussions, speaking the language of metrics, and tying tech work to business outcomes. • When to invest in platform teams (and how to get buy-in) – spotting the point where every squad is solving the same non-differentiating problems, and making the case for centralising capabilities like security and infra. • How to grow into a technical product manager – mapping your existing skills, building a portfolio of real communication and customer-empathy stories, and becoming a true platform evangelist who can win funding and adoption If you’re a software engineer, SRE, BA, platform/DevOps engineer, product manager or IT leader curious about owning internal platforms, shaping developer experience or shifting into technical product roles, this Part 2 conversation is packed with practical advice, career angles and real-world stories you can apply right now. If you’re a software engineer, SRE, BA, platform/DevOps engineer, product manager or IT leader curious about owning internal platforms, shaping developer experience or shifting into technical product roles, this Part 2 conversation is packed with practical advice, career angles and real-world stories you can apply right now. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

Ever wondered what a technical product manager actually does – and why every modern tech org seems to want one? In this episode of SEEK Bytes, Will is joined by Leon Belobrov and Alex Stewart-James to unpack how SEEK builds platform products that power everything from candidate apps to internal tooling – and what it means to be a PM for APIs instead of UIs. This episode's special guests: Leon Belobrov (SEEK Principal Product Manager, Platform) and Alex Stewart-James (SEEK Snr Technical Product Manager) In this episode, we explore: • What platform engineering and technical PMs actually are – internal platforms as products for engineers, boosting delivery velocity and reducing cognitive load across infra, CI/CD, observability and security, plus why platform PMs are a “unicorn” blend of product skills and deep technical understanding. • Technical PM vs “regular” PM – shared foundations (customer value, business outcomes, strategy alignment, success metrics) and key differences when your “UI” is APIs, pipelines and DevDocs rather than screens – including jobs-to-be-done research with engineers and metrics like uptime, security posture and time-to-10th PR. • Designing platforms engineers actually want to use – jobs-to-be-done studies across SEEK, turning 25+ “jobs” into prioritised opportunity scores, tackling notorious pain points like scattered documentation and fragmented health monitoring, and avoiding traps like over-building for a single vocal team or assuming “I’m an engineer, so I know what they need”. • DevOps, cognitive load and minimum viable platforms – how platform thinking evolved alongside DevOps, shifting security and observability “left” without dumping everything on product teams, and finding the balance between sensible defaults, transparency and not turning platform teams into bottlenecks. • Careers and skills for aspiring technical PMs – why you don’t need to be the strongest coder in the room, how to lean on engineering partners while bringing customer/strategy thinking, and the unique advantage of having your “customers” (engineers) sitting right next to you for fast feedback and constant dogfooding. If you’re a software engineer, SRE, platform/DevOps engineer, BA, product manager or IT leader curious about platform teams, internal products and where technical PMs fit into modern tech orgs, this episode gives you a front-row view into how SEEK does it – and how you might shape a similar path. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

AI-generated voices, fake bosses on Zoom, SIM-swapped phones and a casino shut down from a single service-desk call – this is what modern cybercrime really looks like. In this episode of SEEK Bytes, Elliott Millar, Will and security influencer Kelsey Lundgren return for Part 2 to dig into the latest social-engineering threats, AI-powered scams and why shame keeps attacks hidden. This episode's special guest: Kelsy Luengen (SEEK Security Influencer) Kelsey unpacks why hackers hack, how shame and under-reporting keep crime in the dark, and the terrifying rise of AI-driven social engineering – from MGM’s casino shutdown to employment and romance scams, deepfake Zoom CEOs, voice-cloned “your child’s in trouble” calls, and malicious “ChatGPT” apps that are really just malware with great branding. She also shares how SEEK builds a no-blame security culture, why she’d rather you over-report “weird” emails, and how to talk about scams with colleagues, customers and your own family without making anyone feel stupid. In this episode you’ll learn: • How modern scams really work – and why smart people still fall for them – including the psychology of shame, under-reported romance and job scams, and how a single phone call socially engineered a casino into chaos. • How AI is super-charging attackers – from flawless phishing copy and personalised recon to deepfake voices and faces, malicious “AI” downloads and even tricking chatbots into generating attack templates under the guise of “training”. • Practical ways to protect yourself, your team and your family – why app-based 2FA beats SMS, what SIM swapping is, how to sanity-check QR codes and “AI tools”, using family codewords, and how leaders can build a culture where people report near-misses instead of hiding them. If you’re in software, data, support, security, product or IT leadership, this Part 2 episode will sharpen how you think about human-layer risk, AI-driven threats and the culture you need so people actually report problems before they become incidents. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

Think your biggest security risks are zero-days and fancy exploits? In this episode of SEEK Bytes, Elliott, Will and criminologist-turned-security-influencer Kelsy Luengen unpack why humans – not tech – are still the easiest way into your systems, and how SEEK is using crime theory, data and even Dungeons & Dragons-style games to fight back. This episode's special guest: Kelsy Luengen (SEEK Security Influencer) Kelsey explains the full phishing family – email, SMS, QR “quishing”, phone scams, spear-phishing and whaling – and walks through how she turns SEEK engineers into “hackers” using Dungeons & Dragons-style games, escape rooms and level-five difficulty phishing simulations to make training fun, not finger-waggy. She also shares why a report-phishing button alone doesn’t change behaviour, what actually moves the needle, and how engineers can partner with security early so features don’t become social-engineering goldmines later on. In this episode you’ll learn: • How modern phishing really works (and why tech people still fall for it) – from fear-based emails and boss-impersonation to targeted attacks built from LinkedIn posts, podcasts and public data. • Why “awareness” isn’t enough – the limits of simple nudges and buttons, and how SEEK uses behaviour-changing experiences, metrics and relationships to build a lasting security culture. • What engineers can do today to level up security – thinking “crime prevention” in your designs, knowing when to call in security, and how a strong partnership lets you ship faster and safer. If you’re in software engineering, data, product, support, SRE, security or IT leadership, this episode will change how you think about security culture – and give you ideas for making secure behaviour stick in your team without boring slide decks and tick-box training. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

An airline cockpit access system vulnerable to a single quote in a login box. White-hat hackers quietly holding an entire flight database. And tech interviews that feel more like interrogations than conversations. In this SEEK Bytes episode, the crew dig deeper into real-world security failures and then we pivot into raw, honest engineering interview horror stories and practical tips for staying human and effective under pressure. In this episode, we explore: • How a real airline security system got hacked via SQL injection – and why exposing raw SQL errors, skipping extra checks and trusting third parties blindly can be so dangerous. • The basics of SQL injection and how to defend against it – in plain language, with examples of string concatenation gone wrong, parameterised queries done right, and the top attack types every engineer should know. • What good (and bad) tech interviews look like in practice – red flags to run from, how to manage “exam panic”, and why being human, curious and clear about your gaps can still set you apart. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

How do you run dozens of React apps, keep dependencies sane, preview any branch on any environment – and still move fast without breaking prod? In Part 2 of our frontend deep dive, Elliott Millar, Will and Jared Hope (Engineering Manager, Frontend Practices at SEEK) go beyond components to explore platforms, tooling and practices that power SEEK’s web experience at scale. This episode's special guest: Jared Hope (SEEK Engineering Manager, Frontend Practices) In this episode (Part 2), we explore: • How SEEK turns frontend into an “experience platform” – from modeling the web platform, static site generation and UI versioning, to giving teams self-serve routing and deployments on top of Cloudflare and serverless. • The tools that supercharge DX and design collaboration – including SEEK’s internal deploy tooling, environment-per-branch previews, and Playroom, which lets engineers and designers prototype in real components and share ideas with a single URL. • How SEEK keeps frontend modern at scale – using Upkeep and Renovate to tame dependency sprawl, exploring SSR and React server components without losing SSG DX, and leaning on devtools, hot reload and consoles for fast, pragmatic debugging. If you’re a frontend or full-stack engineer, SRE, architect, platform/DevOps engineer or IT leader who enjoyed Part 1 – or you’re just curious how high-traffic sites keep their web layer fast, safe and flexible – this Part 2 is packed with real-world patterns, trade-offs and career insights you can take back to your own org. If you’re a frontend or full-stack engineer, SRE, architect, platform/DevOps engineer or IT leader who enjoyed Part 1 – or you’re just curious how high-traffic sites keep their web layer fast, safe and flexible – this Part 2 is packed with real-world patterns, trade-offs and career insights you can take back to your own org. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

Frontend is “just HTML and CSS”, right? Not at SEEK. In this episode of SEEK Bytes – a podcast by engineers for engineers – we sit down with Jarrod Hope, Engineering Manager for Frontend Practices, to explore how SEEK builds UIs at scale with React, Braid, SKU, Vanilla Extract and Playroom, and why good frontends are genuinely hard, high-impact engineering problems. This episode's special guest: Jared Hope (SEEK Engineering Manager, Frontend Practices) In this episode you’ll learn: • How SEEK’s frontend platform works under the hood – from micro frontends and the SKU meta-framework to Metropolis, which lets teams share React components and roll out design-system updates across 80+ apps without chaos. • Why SEEK invests in open source tools like Braid, Playroom and Vanilla Extract – how “building in the open” raises quality, shapes the broader frontend community, and gives engineers type-safe CSS, shared UI language with designers, and zero-config prototyping. • Why SEEK doubled-down on React (and what’s next) – the original shift from Razor to server-rendered React, what it would take to move frameworks, and how tools like Vite, Suspense and better CSS module systems are shaping the future of the “experience platform”. Whether you’re a frontend engineer, full-stack dev, engineering manager, architect or curious IT generalist, this episode is a behind-the-scenes tour of how a large tech org thinks about UI, frameworks, tooling and open source – and how those decisions ripple through the wider web community. Whether you’re a frontend engineer, full-stack dev, engineering manager, architect or curious IT generalist, this episode is a behind-the-scenes tour of how a large tech org thinks about UI, frameworks, tooling and open source – and how those decisions ripple through the wider web community. 👍 Follow the SEEK Bytes podcast so you never miss a new episode

Org restructures. New tools. Platform migrations. That “we’re changing how everything works” email. If you work in IT, change is your default setting – but it doesn’t always feel that way. In this episode of SEEK Bytes, Elliott Millar, Will and special guest Sarah Duffy (Enterprise Change Lead at SEEK) unpack how to thrive in continuous change, not just survive it. This episode's special guest: Sarah Duffy (SEEK Enterprise Change Lead) In this episode, we explore: • What your brain is doing during change (and how to make it “brain-friendly”) – including the SCARF model (status, certainty, autonomy, relatedness, fairness), why change can trigger fight-or-flight, and how clear comms, certainty about the plan and fair processes dramatically reduce stress. • How SEEK runs large-scale change without “doing it by email” – from the Unification rollout across six countries to leader shark-tank sessions, change-champion networks and co-creation via focus groups, end-user testing and continuous listening to resistance as a source of insight. • Practical tools to personally thrive in change – including the IKEA effect and co-creation, the ACCESS framework (acknowledge, calm, challenge, exercise, social, sleep), sleep-hygiene tips, and simple techniques like box breathing and SCARF self-assessments you can use at your desk during stressful transitions. If you’re in software engineering, data, product, support, people leadership or any IT role facing restructures, tool changes or big programs, this episode gives you science-backed frameworks and everyday habits to handle change with more confidence – and help your teams do the same. If you’re in software engineering, data, product, support, people leadership or any IT role facing restructures, tool changes or big programs, this episode gives you science-backed frameworks and everyday habits to handle change with more confidence – and help your teams do the same. 🔔 Follow the SEEK Bytes podcast so you never miss a new episode

Got half-finished apps, tools and games sitting in your GitHub? You’re not alone. In this episode of SEEK Bytes, Seamus, Elliott and Will kick off Season 2 by diving deep into side projects in tech – why we start them, why they stall, and how to actually ship things alongside a full-time IT job. In this episode, we explore: • Where great side-project ideas really come from – using annoying real-world problems, interview prep and portfolio goals to spark projects that matter (and look great on GitHub). • How to fight decision-fatigue and stay motivated – why “projects about nothing” fizzle, how tiny, shippable increments beat grand architectures, and practical tactics like shrinking scope, embracing “good enough” and expecting motivation slumps from day one. • Balancing passion, learning and paid side work – real stories of late-night coding, paid gigs on game sites, internal tools like Conductor that became critical at SEEK, and why sometimes your day job’s learning and L&D time are all the “side project” you need. Whether you’re a software engineer, tester, data person, SRE, sysadmin or IT manager thinking about a side hustle, a portfolio piece, or just a fun game on the side, this episode will help you pick better projects, manage your energy and actually finish more than you start. 🔔 Follow the SEEK Bytes podcast so you never miss a new episode

Your tests are green, coverage is high, dependencies are “secure”… so why does production still feel like a house of cards? In this episode of SEEK Bytes, Raph, Will and Elliott dig into trust in tech – from subtle JavaScript bugs and leaky abstractions to CDN attacks and noisy security reports – and why a healthy dose of skepticism is one of the most powerful tools an IT pro can have. In this episode, we explore: • How trust can be broken at every layer – from third-party CDNs like polyfill.js injecting malicious scripts, to chatbots pulling in compromised resources, to noisy vulnerability reports that burn out open source maintainers. • Why abstractions are powerful… and treacherous – what “leaky abstractions” really mean in practice, how unknown-unknowns derail estimates, and why learning just one layer deeper (query plans, caches, orchestration platforms) can save you from nasty surprises in production. • How to adopt a healthy “trust, but verify” mindset – treating tests and coverage as signals not guarantees, double-checking rollouts, reading docs and source instead of relying on hearsay, and staying just skeptical enough to catch the next Heartbleed-class bug before it bites you. Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped. Whether you’re in software engineering, QA, security, SRE, data, platform, or IT leadership, this episode will sharpen your instincts about what (and who) to trust in your stack – and how to balance healthy paranoia with getting real work shipped. 🔔 Follow the SEEK Bytes podcast so you never miss a new episode Resources: • https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/ • https://lab.wallarm.com/polyfill-io-supply-chain-attack-malicious-javascript-injection-puts-over-100k-websites-at-risk/ • https://carbon-steel.github.io/jekyll/update/2024/06/19/abstractions.html