Independent software consultant and contractor.

I have given presentations and led workshops at several conferences, including OWASP, XPDays Benelux and BCS Software Practice Advancement conference (SPA) on software architecture, security and performance engineering.

Here are some of my papers on which may be of interest. I have thought deeply about fulfilling Non-Functional Requirements (NFR) in an agile development process. Security is the non-functional I am most interested in, which led me to present a position paper on Agile Security Requirements Engineering to the Symposium on Requirements Engineering for Information Security at the IEEE International Requirements Engineering Conference in 2005 in which I coin the term abuser stories, an interpolation between agile’s user stories and McDermott & Fox’s abuse cases. Running a workshop on this topic at SPA in 2006, I met Paul Dyson - our discussion on NFRs led to follow-up workshops at XP Days Benelux in 2006 and SP in 2007. We also wrote a column on Cost-Effective Security for the May/June issue of IEEE Security & Privacy magazine. You may also be interested in Quality in Agile Software Development, a handout for a workshop I led with Nelis Boucké and Alexander Helleboogh comparing techniques for tracking and planning NFRs at XP Days Benelux 2011.