Kosli raises $3.1 M USD in seed funding backed by Heavybit - Read more
New White Paper: Supply Chain Levels for Software Artifacts (SLSA) - Download now
a troll sitting on a lodge with papers around them

The Misunderstood Troll - A story about collaboration, communication and visibility in a regulated software organizations

Alex Kantor
Author Alex Kantor
Published January 24, 2023 in features
clock icon 9 min read

In this talk Alex Kantor, Director of Technology at Modulr, will show you how they used Kosli to enable their developers to release directly to production in a financially regulated environment - while staying in compliance with their change management obligations.

A new spin on a classic format, Alex tells a story about how collaboration, communication, and visibility helped a misunderstood Troll to empower a nation.

The talk was filmed at Exploring DevOps, security, audit compliance, and thriving in the digital age in Oslo, Dec 8th 2022.

Full Transcript

Hi, I’m Alex Kantor. I’m Director of Technology at Modulr, an embedded payment system. We connect to many different payment rails. Today we are going to try something a little bit different. I’m going to kind of bring to life some of what we talked about, but in a fairytale. 

And I’m hoping that all of you get some value out of the end of it, even if it’s just a little bit. I’m aware that in this room there’s different levels of organizational sizes, some kind of behemoths with change managers, there’s smaller fintechs. So, for the bigger organizations, some of this might sound like a fairytale, but hopefully that’ll be something to take away at the end.

So, to start with, I am going to need a name for the troll in my story. And I’m well aware that in a Nordic country this could end up very badly for a non-native speaker. So who wants to give me a name for the troll in the story and give a suggestion? Come on, somebody must have a name.

Give me a good strong local name. Tore! Tore? Is that pronounced correctly? Perfect. Okay, so the troll is Tore. Done. We’re now going to follow the story about how this troll was misunderstood. 

So, there once was a very mean, grumpy and evil troll called Tore. Tore lived in the land of Modulr, a land where the letter A did exist, but was occasionally dropped for coolness and URL purposes.

Now the troll generally hid in an area of the land I think of as pronounced “Auditus.” So no kind of signs there! But every now and again Tore would give notice that he would be wandering around and demanding to see evidence of all of the processes that had been put in place, and that everyone was following them.

Otherwise, people may just get eaten. As you can imagine, the good folk of Modulr were always very wary of Tore. No one likes to be eaten, for one, but two - they felt that the mean, grumpy evil troll, all he wanted to do was slow them down and make them copy and paste evidence from multiple systems into a word document which was just forever tedious, boring, and so annoying.

It was a nightmare. Sadly, this was the same across many different lands. There are many lands who had their own version of Tore. And what happened is that various rulers left their lands to go to other lands and brought the processes to keep the trolls happy to those lands. And these processes just kept growing and growing, and no one ever questioned why. But people knew it stopped them from being eaten and that was it.

One of the processes that we’ll talk about more in the story is the segregation of duty which has been mentioned many times today. But in Modulr land this meant that the builders would pass the finished goods to the deployers. The deployers would then go through and check if the builders had the goods verified, have they had it tested? Have they filled in the right forms?

Are the forms all okay? The forms would then go up to the higher approvers, and the higher approvers would check if they need anything else. And then, after that point, the deployers would know that they filled in all the paperwork correctly. But all of it had been written down in a long waste of time that really slowed down the work from the builders getting to the land where all of the kingdom can get value from it.

Now, years went by in this land and this process was continually followed and that value continued to be delayed. But there was one deployer manager who started asking questions like “why do we need to do this?” And, yeah, we’ll go with the King of technologies - it’s my story. The King of technology gave him the answer - “because otherwise the troll will eat us.”

Now the young deployer manager was okay - “I’ll go with it. I’m not overly happy with that response, but we’ll work with it.” And a few months went by and the deploy manager again saw the frustration of his employees having to just do this menial deployment work instead of improving the land they were living in. And he was like - “is this really necessary?”

And the king replied, “Well, yes, because otherwise the troll will eat you.” He was a bit disgruntled. He went away. He explained it to the team. They’re like, “Fine, we’ll just get on with this.” The king never really stopped to think about it. He just kept on giving the same answer because he’d been beaten into the same answer from all the lands that he’d been to.

Now, as this is a fairy tale, I’m going to shoehorn some things into it, so go with me on this. Suddenly there was a salesman that came around from the land of Kosli. Modulr land had a lot of salesmen, but with this salesman something struck a chord.

He said, “We can give you a warm, fuzzy feeling that makes it possible to see exactly how the builder gets his buildings into the land of Modulr.” Now, the king loved being warm and fuzzy - not just because it’s minus ten outside - he saw this could make life really easy for gathering evidence for the evil troll. And that would be a way of stopping him eating his people. 

So the deployment manager was sent on his way to connect the land of Kosli to the land of Modulr. But this reminded the deployment manager to again ask the question, but in a slightly different way.

He said to the king “You said the troll would eat us, but what value is the troll getting for what he is doing? What does he want? It’s just slowing us down. Where is the actual value in this whole process?” Now this stopped the king in the tracks.

He’d never really sat down and thought about it in that way. He just thinks to follow the process, to stop people being eaten by trolls. So he thought more about it. Sure, the process will stop someone malicious from putting our code into our land, but if the builders all have controls in place and those controls check the work and make sure that testing is all done, and the testing is to a certain level, then the only value is the ability to deploy.

And, if we’re really honest, do the deployers really know what they’re deploying half the time, or are they just checking the paperwork and making sure it’s okay and getting the approval because they’ve got the access? There’s so much time that can be saved here and the deployment manager saw an easy way of using Kosli to do this.

So, they decided to be brave and go to the home of Tore the evil troll in the land of Auditus. And they arrived there and opened his big door and the king said, “Hi, we just want to collaborate.”

There was a long pause, a really long pause. Tore started crying. This is really odd. The King and the deployment manager looked at each other and said - “this is very strange.”

He just kept crying and crying. And he just left the room, but suddenly came back with a tray of open sandwiches and herring. Now, it’s always important to connect with your local audience when telling a story. So that’s why that was shoehorned in there. Now, eventually the troll stopped crying and he was able to speak and he said, “Thank you, thank you, thank you, thank you.”

“No one ever asks me how I feel. No one ever asked me to collaborate. No one ever asked me to be part of this. Are you keeping to the processes? I have to check. You keep trying to hide things. I then have to go and eat you because you’re not following things. I just want to be involved”, said Tore, “and you’ve involved me!”

“Oh,” said the king and the deployment manager, “So you actually want to be our friend? Right. This is a bit embarrassing. So if we give you a way that you can check, you promise not to slow us down?” “Yes. I just want to see that you have some element of control. I don’t care how. Just show me.”

So, we fast forward three months and the deployment manager worked with the land of Kosli. And what they actually did was create a single pane view where Tore could see exactly what he needed to see. He saw where the building happened. He saw the magic of SHA and how the SHA of build and the SHA that ended up in the production were the same. 

What also then happened was that automated approvals could happen through the land of Kosli, so the builders could then get their changes through and have automated approval, which then led to reduced lead time to change and helped with the mythical element of DORA. 

So with reduced lead time to change, all these benefits led to the empowerment of the builders. By integrating the land of Kosli, and by speaking with the evil troll Tore who was just misunderstood and wanted to collaborate and be friends, they empowered the builders. 

What happened next is that the builders then actually broke down their changes into smaller chunks and they delivered more frequently. The deployers then spend a lot more time also improving the land of Modulr to make the deployment process safer for everyone. 

Now that kind of brings us to the end of this fairy tale, which is actually a true story. Can you believe it? And it was a brilliant journey that we went on with Kosli. But some of you, as I said, may find this a bit of a fairy tale and maybe find it a stretch too far with what you’ve got at the moment.

But, for me, what came out of it and of all the lessons that I really took away, the biggest one was - how much empowerment are we blocking by hiding behind the process and not challenging the “why?” 

We talk about automating processes, but have we challenged them? Have we really found out the “why”? Have we simplified them? So, you may not be able to get the full stretch, but you can probably challenge a process and just see what’s the why.

And worst case, if there’s nothing else you can do, just go back to your company and give your troll a hug. 

Thank you very much.


Published January 24, 2023, in features


Stay in the loop with the Kosli newsletter

Get the latest updates, tutorials, news and more, delivered right to your inbox
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us
Developers using Kosli