Community Blog

Community Blog

Open Source in Finance Podcast: Lee Faus - Global Field CTO, GitLab

June 13, 2024

In this episode of the podcast, Grizz sits down with Lee Faus - Global Field CTO, GitLab. We talk about Lee's developer journey from high school teacher to GitLab, software development evolution and devops, intelligent data fabric, AI in software upskilling developers, and a little Minecraft.

Audio Podcast Version

Open Source in Finance Podcast - Lee Faux GitLab Global Field CTO


Find all of our podcasts at, Apple Podcasts, Spotify, and all podcast platforms.






Grizz Griswold: [00:00:00] Good morning. Good afternoon. Good evening. Wherever you are. This is Grizz Griswold of FINOS. Hope you're doing well today with me on the podcast. I have my friend, Lee Faus, who is Field CTO at GitLab. Lee, how you doing?

Lee Faus: Doing great, Grizz. Good to see you again. 

Grizz Griswold: You too, as well. And this time we are only about two and a half hours away from each other. I'm assuming you're at home right now. I am at home. Yes. Yes. And you've moved to the great state of South Carolina as well. Glad to have you here. Tell me, Lee, tell me about Lee.

Tell me you've been the Global Field CTO at GitLab for almost three years now. Is that about right? That's right. 

Lee Faus: Yeah, that's correct. 

Grizz Griswold: Tell me what somebody needs to do in order to get there. My kid's asking

Lee Faus: It's okay because my kid's asking too and yeah for those people that don't know, Grizz and I, our kids, are actually both currently attending University of South Carolina. Go Gamecocks! 

Grizz Griswold: Woo! Woo! 

Lee Faus: And they are actually in the same field of study around computer science, so lots of similar conversations going on at my house to be a Field CTO, what you have to understand is how Field CTOs normally interact inside of an organization. I work with our sales team to provide best practices, not just for GitLab, but around DevOps, DevSecOps, Agile. [00:01:30] Open source, a lot of things that have come from my experiences. I take those experiences to our customers and work with their executive leadership teams.

When I'm working with those executive leaders, there will be things that they will request, whether it be GitLab, the company or GitLab, the product, they will request things that I then bring back to. It could be something that's already in the product that we don't brand or we don't talk enough about.

That will go to our product marketing folks. And we will make sure that we create more of a better talk track around that particular feature or capability. If it's something that's missing inside the product, I will go and work directly with our product folks, and we will interview the customer, get more formal details, and then that will go into our backlog.

And we work very closely with our product teams to make sure that we understand what those needs are of our customers. And we even provide the capability of doing what we call co creation. So GitLab itself, so for those people who don't understand, we get a lot of branding conversations that we get people confused.

They're like, isn't GitLab the open source version of GitHub? And it's not. There's two completely distinct different companies. So GitHub was acquired by Microsoft I used to work at GitHub, I was [00:03:00] there really enjoyed the run while I was there. Now being at GitLab, GitLab is a publicly traded company who competes directly with GitHub.

Part of the key differentiator is, It's an all inclusive stack, so rather than needing to combine multiple different products to be able to meet your SDLC, we give you those capabilities inside of a single platform. And it's completely open source from the ground up. When we look at working with our customers, we also do what we call co creation.

Let's say I'm working with UBS. And one of their big topics is let's say one of their big topics is developer experience. There's something that they might want with an integration. There might be a core product change that they want. We'll work with their engineering teams where they will contribute code back into GitLab that then makes it into the open core version of our product for any other customer or user of GitLab will then be able to use inside their organization.

Grizz Griswold: Nice. 

Lee Faus: That is one of the big differentiations from our perspective. Then as a Field CTO, I also work with our professional services organization. So there may be training, there may be a topic around software supply chain security, or there could be something around Agile, and they want to learn how to better utilize the product.

To be able to make [00:04:30] those things better inside their organization. You gotta think of us as being that conduit between customer and GitLab proper. Now, it's, not for the faint of heart. There's a lot of balls in the air that you're constantly juggling. I work with partners. I work with ISVs.

I work with customers, prospects. 

Grizz Griswold: Foundations. 

Lee Faus: Foundations and the key thing is to get to being a Field CTO is sort of being a jack of all trades, but not necessarily being a master of any of those. So being able to talk intelligently across multiple different areas and understanding how those things can end up becoming solutions.

So a lot of people will see people who are solutions engineers or solution architects, part of their career path will be going into becoming a Field CTO somewhere down the path. Now, me, I started off in a really weird position because my degree is actually an education. I was a high school teacher for two years.

I taught math and computer science. I was also an adjunct professor at NC State University go Wolfpack and so You can't do that to me today. 

Grizz Griswold: You can't do that to me today. You don't Wolfpack just beat South Carolina in baseball. 

Lee Faus: I know. I was hoping there'd be a rematch, but unfortunately, JM, you 

Grizz Griswold: Yeah, good for [00:06:00] that.

Lee Faus: But I've worked for a lot of other companies both as an engineering manager, as an architect. I've done things on the security side, on the infrastructure side, on the core development side. I've worked with a lot of open source projects. I've been a core contributor to the Eclipse Foundation, a core contributor to Apache I was a core contributor to JBoss back in the day.

I'm a huge fan of open source and the values that open source portrays around being able to collaborate and being able to contribute. And those are the things that I think are really important with FINOS as well, is being able to bring these very large companies that deal with your banking records, with your investments, with your mortgages, and helping them understand the value of open source and what that means to their organizations and how to develop that culture.

Grizz Griswold: I want to come back to you and your career in a minute, but I do want to hit on that. Let's see. You, how long have you been in and around like financial services on this end? cause I wondered, like on this podcast and through everything that we messaged, like we talked about the difference in now versus seven years ago.

When, financial services, companies, banks and everything were behind the times, as far as open source was concerned for many different reasons, especially on the regulatory [00:07:30] side. But as you're talking to clients now, as you're talking to partners, what changes do you think you, you've seen in the past couple of years, three years, six years or have you, or is it just more public now?

Lee Faus: No. I've worked with probably going back to, I worked with a bank in Brazil back in, this would have been over 20 years ago. And they did not want to use open source at all. Everything was seen as internally created. And because of that, there was a lot of not invented here,

that ended up getting created. And I was brought in as a contractor, as a consultant. At the time I was working for a company called Compuwear and I did what was called project recovery. So projects that were behind the, they were at risk of losing. I would come in and help them reorganize, restructure, get the projects back on track.

And That was one of the first things that I noticed is there was a lot of money that was being spent with multiple different contract agencies, the big five, a bunch of smaller boutique firms in Brazil, basically building things that already existed out in the open source, right? You could sit there and talk to them about, they all wanted to do Java and they wanted at the time [00:09:00] doing things like J2EE and you'd be like, yeah, great.

Let's just run this in Tomcat or run it in JBoss. And they're like no, we should build our own JBoss. And it was like let's not build our own JBoss. We can't use something that's open source. So why don't we go talk to IBM and we'll go buy licenses for IBM WebSphere. All right. And then I would joke with the executives and I would be like, let's go look at all of the things that make up WebSphere.

And there were all of these open source packages that were inside of WebSphere, but they felt like they were reducing their risk. The risk was being taken by IBM for including those open source products rather than them taking on the risk directly. There was a buffer between the two. Probably about I would say, As VM started.

So I spent a, I did a stint at Red Hat and when I was at Red Hat from 2006 to 2009. I saw a big shift towards enterprises, especially with virtual machines where we started doing things a lot faster. So Agile started actually being a thing. People could use VMs, spin them up, and they could deliver software a lot faster.

2012, 2013, this whole concept of DevOps started taking off where Agile met developer efficiencies met infrastructure as code. And all of these things allow us to be able to move into a hyperscaler. [00:10:30] So into AWS or into GCP or Azure, they could move a lot faster through their software development life cycle.

And. If they kept building their own things, that was where the bottleneck was. So people would start to bring in an open source as not only something that they would consume, but they started doing a lot of things that were very open sourced like even inside their own organizations. I saw a lot of companies.

I worked as a consultant at State Farm Insurance. And one of the things that they traditionally saw were a duplication of effort where people were building the same frameworks. And we started sharing code between projects. Which allowed us to be able to gain efficiencies because people could contribute changes back to those.

So if they needed a one off, they needed a change, they could do that inside the organization without needing to go through an executive level approval to be able to provide those changes. One of the really interesting things was I don't want to mention the vendor, but there was a large vendor who at the time was not a large vendor.

And or ISV and they had a lot of capabilities that State Farm wanted to consume, but they were not considered enterprise grade. So State Farm created what [00:12:00] an OSPO or what we call an open source program office, and they started contributing all of these enterprise features back to that particular vendor.

To the point that vendor was able to go public and then get acquired in about a two year time frame. Those are things that I've seen change a lot is these larger enterprises now. That doesn't mean that anybody can consume open source inside these companies. There's a set of guardrails, there's rules, there's compliance.

So there's a lot of things that there's certain licenses that can't be pulled in. So like AGPL for a lot of companies is still somewhat of a no, from a licensing perspective they'd look to go after things that might be Apache or MIT licensed where they feel like they're not going to be potentially sued down the road for using those tools.

But those are the things that I'm seeing is now today, it's almost commonplace where if you want to introduce an open source package in the organization, There's a set of rules. There's usually, I hate to say this, there's usually a SharePoint form or a Google form that you fill out based on a package that you want to consume.

And then there's a group of people that vet it and then they proxy it and bring that internally if it's accepted. And then other people are able to reuse that open source package internally. So that seems to be the [00:13:30] process now, smaller startups, things like that. Yeah. Those things go away.

It's all about velocity and speed. So you can bring in pretty much whatever you want. 

Grizz Griswold: Can I go back to when you're talking about the bank in Brazil and hiring or, and I want to get into the build versus buy question that banks run into every single day. I'm sure. But something that you said was that the bank thought that If they were buying from another company, it doesn't matter which company it is, that the risk is then transferred over to that other company.

But what we've seen recently, and one of the reasons why, the Common Cloud Controls was started by Citi was Jim Adams getting up on stage and basically saying. Folks, the regulators are not going to come down on the vendors. They're going to come down on the banks, no matter what solution that we are using or not.

So could you maybe talk about, some of the build versus buy and, is that risk really on the vendor? Within financial services versus any other industry, maybe except for like health care or something or energy. 

Lee Faus: So whenever somebody's buying let's say they're buying from GitLab, right?

GitLab's open source. So we include a lot of open source packages in our own product. So there's a part of the contract called indemnity and this is if the vendor was to get sued for whatever violation that may come along, [00:15:00] regulator, auditor, whatever it may be, we would have to incur the cost of that particular lawsuit up to a certain amount of money.

Now you'll hear vendors, you'll hear companies all the time ask for unlimited indemnity. And. There's no vendor in the world that's going to accept unlimited indemnity without having I've been on the vendor side as well, where they'll then have their own insurance policy with somebody else that states, if we get into a case that you end up becoming the arbitrator, but you will, there will be some funds that are exchanged and they now all of a sudden you have this insurers insuring insurers and it's a big mess.

Which it shouldn't be that way. There's ways that when you think about consuming open source, there is the way that I think about it is what the cloud providers do. So there's this thing that I really like about AWS when you choose to use AWS, that they have the shared responsibility model.

So when you choose to use open source, it's a choice. So you have a choice in vendors. You have a choice in open source solutions that you can consume. You have the choice to build it yourself. Do you want to build it yourself? That is a big question. When I was at Red Hat I remember I hope Matt Hicks somewhere along the lines and so listening to this podcast, I remember working with Matt and we were [00:16:30] working on building a standard where inside of Red Hat, you could use free open source if it met 50 percent of your target.

You could use commercial open source if it met 80 percent of your need. If you were going to use a proprietary vendor, It had to meet 95 percent of the requirements. And that was due to no matter what open source solution you choose to bring in house, there is some level of enhancement, customization, whatever that you're going to need to do on your own.

So that's where that 50, 80, 95 came from is if we were going to use a completely proprietary solution inside of Red Hat, the person who could extend it for that other 5 percent was probably going to be $500 an hour. And we were going to end up being charged probably five x, the cost of the solution that we chose to bring in.

When you got to 80 percent because it was open source, commercial open source, there was a way for us to be able to extend it on our own. So our own engineers could go in and customize it and contribute back and feel like we were part of that particular project itself. Then when you got to the 50%. The free open source, you had to realize that you're taking on all the risk.

You're taking on the maintenance. You are probably going to be one of the core contributors of that particular project. If you choose to consume that [00:18:00] on your own, you're going to have to do a lot of customizations to make it do what you want it to do inside your organization. When you are an enterprise looking to consume open source, And you have regulators coming to you.

When I was at State Farm and I was talking to the auditors, it was very interesting. There's a lot of people that overthink how compliance and auditors actually work inside of an organization. So as an example, we were using an open source CI vendor. Every project had their own pipeline because every project had its own pipeline, every pipeline had to go through

a certification process with the auditors. If we built a set of common plugins, and we had everybody share a single pipeline, or let's say we narrowed it down to five pipelines. Then we only had to certify five instead of 25, 000. So when you start to think about what open source you want to consume, you want to think about how much of it can you consume as a whole, where you're not making changes to it, where is that going to be reused?

And then what is the cost should something go wrong with you using that particular framework? And that gets into risk assessments, other things. So yes, everything that Citi had mentioned is absolutely correct. You have a choice. And yes, it is up to you in that shared responsibility [00:19:30] model of what things, what risks you're willing to take on.

You're not going to, if you go after the vendor is going to have an insurer that they're going to have, and it's going to become very litigious to a point that Will you actually win 

Grizz Griswold: right? 

Lee Faus: You might get some money, but it's, and it was the same thing that I've seen with other not just financial services company, but any regulated company, you end up in a situation where you're called out for compliance reasons.

Sure. I could change my process, get rid of that framework, get rid of that product, whatever it may be. But if I'm able to, save $100 million because I'm able to streamline my workflow and I'm being charged a $10 million assessment and a fine. There's a lot of people that would just pay the fine. So yeah, there's a risk reward thing that you've got to take into account.

Grizz Griswold: I want to go back because I I like stories that go backward and forward. And I want to go back to, you were a high school math teacher. What was the next step that you were like, Hey, we know where you started, we know where you are now. But and you've hit a couple of points along the way. But what made you take that leap? That you're like, okay, teaching high schoolers is not where I'm going to be. Because there's something that I know about you, personally is that you still take that whatever you learned in order to become a [00:21:00] teacher, you still take that into the things that you do, it seems but how did you, what was the next port along the way that made sense for you? 

Lee Faus: So I'll keep this story pretty short. Of the things that happened when I was a teacher, one of my students, their parents worked at Sun Microsystems and I was teaching Turbo Pascal and C++ and one of the parents said, Hey, there's somebody that you should meet.

And they invited me to a dinner. And this is where. I had the opportunity to meet James Gosling, who is the inventor of Java. And he handed me 12 diskettes, three and a half inch diskettes. And he said, your kids should learn this, because this is going to be the future of software development. And all it said on the outside of the diskettes was OAK DISK 1, OAK DISK 2, so you knew which order to, for those of you that remember, we had to insert the diskettes in a certain order.

And I started teaching my kids Java. And there is something called the Association of Computer Machinery, where they do exams. And you can rank yourself and your students based on how well that they do on these exams. And at the end of the year my kids ended up taking the exam. They were the first students in around the globe that took the ACM exam in Java.

And at the end of the [00:22:30] year, I got all excited. I was getting ready for the next year. I was starting to write curriculum for Java for Wake County public schools. And one of the parents came to me and said, Lee, you're not going to believe this. Let me show you this article. There was an article in the News and Observer in Raleigh that was talking about the value of the magnet school program.

That was a very well known magnet school that had placed seventh at this ACM event and three page article, success of the magnet program, this computer science program, dah dah dah, And in the last two sentences, it said, Oh, and by the way, Athens Drive High School placed fourth. Yes, Magna School programs are a success, but at the same time, the regular public schools, we beat you.

I'm sorry, but we beat you. And that got me really frustrated, so I told my parents I'm going to take the summer off. And when I went to go take the summer off, I was all excited, I was just going to relax, just not think about it, I was going to work on the curriculum. And I went to the pool the first day.

And I realized that the only other people who had off on the summer were those people I was trying to get away from? 

Grizz Griswold: Yep. 

Lee Faus: So I ended up going to work for a value added reseller. And they were actually working with Wake County public schools and they were introducing laptops and computers into the libraries.

And I was helping to put the computers together and delivering them to the schools and doing little mini training sessions on how to get them connected to the network and all these [00:24:00] other good things and how they'll do And that was really exciting to me, and they ended up making me an offer where that ended up where I learned that teaching didn't just mean teaching students that were high school aged.

You could also teach career changers. So there were people who needed to learn how to do networking. They learned programming. So I became a Novell trainer, I became a Microsoft trainer, I became a Sun Trainer, and I would try, I had the opportunity to be able to travel all over the country, being able to go around and teach these different classes to individuals.

And that's how my career really got started, because. The days that, or the weeks that I wasn't teaching, a lot of the companies that I worked for would send me out and consult with those companies where I would teach. So I would get real on the job training inside these companies based on what I had taught the students. They got an extension of the classroom by us actually doing it in person live me helping them out and then when I would come back into the classroom, I was able to bring those experiences back in. And that just became that revolving door throughout my career is I would go off and I would go be a consultant and then I would go Work for a company and then I would go back being a consultant and then I would go back and the whole time I'm continuously learning while at the same time being an educator.

I love sharing ideas, concepts, [00:25:30] things like that with companies that I work for, individuals that I work for. So that's my career 

path. My kids.. 

Grizz Griswold: Your kids as well. 

Lee Faus: Yeah that's right. 

Grizz Griswold: Yeah. I want to say the first time that I met you sometime in Columbia for an Open Source 101 I don't remember which daughter it was, but you were telling me that they were doing something. Was it Roblox or making?, 

Lee Faus: it was Minecraft.

Grizz Griswold: Minecraft. Yeah. Okay. Okay. And I'm just like in the back of my head, I'm like how, what was he teaching his kids that I'm not teaching my kids? Because every time I tried to get my kid to do, what was it Oh, it was, I can't remember what it was, but I had him like, I had him learning Java and they used Minecraft and everything, and then it was like, okay, that's cool.

I'm never doing that again. And funny enough, now he's a CIS student. But, obviously you were still, you were teaching, whether it was in the classroom, whether it was with vendors, or whether it was with your kids. And that was something that stuck with me. I'm like, how do I get my kids to, do this and learn Java and everything?

I, I think actually I went home and I don't remember what website it was. I'm like, Vance, learn Java. Play Minecraft, quote, unquote. 

Lee Faus: But it was interesting because I don't think a lot of people understand that Minecraft is actually open source. And my daughter was playing Minecraft and Minecraft was centered around a boy.

And that boy would go around with his sword and go build and stuff like that. And she became very frustrated that [00:27:00] everybody that she would play with naturally assumed that she was a boy. Even though her name was Haley, they assumed that she was a boy because that was she asked me how she could end up making the boy a girl.

. And first time I looked at the code, I was very surprised and I said, this is Java. I know Java. 

Grizz Griswold: One. Yes, you do. 

Lee Faus: Second. It's open source. I can modify Java. Great. That's number two. So that night I got enthralled with Java. How I could modify this for my daughter. And so it took me about three hours to figure out how to build a plugin and how to customize the character and how to do everything and how you create a quote unquote, plugin module into Minecraft.

And so the next morning my daughter got up and she I showed her, I said, Hey, look, I had set up a Minecraft server and I start up the plugin. I said, look, it's now a girl. And I said, There's two paths that we can take. One, I can show you how I modified this and you can learn how to do this.

So if you want to make others, you can go make your own. Or, What you can do is you just take the server, just start playing and just invite people to your server. And so she said, there were other things that she wanted to customize too. Taught her how to program and she learned a lot of the basics.

And then when she got stuck, I would come over and I would help her and we would upload the changes and she had a very popular site that she would invite kids to. I remember, [00:28:30] she said one month because it was they had hosting services for minecraft and I remember one month we had a bill and the bill was like $750. And I was like this is supposed to be a $35 server. How did I get and it was because of the ingress and egress costs of all these other people that were all playing on her server and that kind of shocked me and I was like I guess minecraft is a thing. Naturally I told her, I said, we're going to have to start limiting the number of people that can play with you on your server.

So I'm not going to spend $750 every month. But she created a GitHub account and her, I think her GitHub account is still active at her. Handle was princess pickaxe was her github handle. 

Grizz Griswold: That is awesome. So was that the best coding or the most valuable coding you've ever done in your life? 

Lee Faus: No 

Grizz Griswold: Yep, you were supposed to say yes 

Lee Faus: Now watching my daughter learn how to program that was probably one of the best Teaching moments of my career was watching her learn. But there's a lot of other times where when I see how companies transform culture, how they transform processes, and you take a company that might've gone bankrupt in two years and by using technology and using different processes and things like that.

Now they're a global 2000 company. Those are [00:30:00] things that I sit back and I look at. Wow, I remember being there and helping those executives when it was a 250 person company and now they're a multi billion dollar organization. Those are the kinds of things that I look back in my career and I'm like, wow, I was a part of that.

Grizz Griswold: Yeah. 

Lee Faus: So those are the things that I think I remember the most from a career perspective, but personally, I think, seeing my kids follow in my footsteps has probably been one of the most rewarding. That's pretty cool. 

Grizz Griswold: And yeah, I have met one of them in person at freshman orientation and she seems like a pretty good kid.

So so good job on the parenting side as well so maybe as we close out, I definitely want to get into you know fast forward again back to where we are now and getting into GitLab and you know, what you're doing within financial services to really get back to the foundational, piece of the value of open core platform and then, working with, CCC with Common Cloud Controls, working with Software Supply Chain.

 Maybe even not what have you folks been doing, but what do you do now? What, where do you think you are now? Where do you think we can take the, the banking industry with open source, and starting with, these projects, but is there more out there that we should, as an industry, be looking at that are [00:31:30] because of the regulatory nature, because of the very specific instances that these companies have, that you don't necessarily want to, rebuild Java, but because the, their, stipulations that they have that, what are the things that we should be looking forward to?

Grizz Griswold: Obviously AI on the horizon and we've got the AI Readiness SIG and what are you folks at GitLab looking at and you personally as Lee going, Hey, we should be doing this. And we are starting to see that here. 

Lee Faus: Yeah, it's a great question. One of the items that we are seeing is those people who don't know the underpinnings of GitLab is traditionally been made up of three primary data stores.

So we had one that was Elastic, which we're creating a vector database around it. So you'll be able to query the metadata as part of your natural language processing, part of your promps for Gen AI. We have our relational data that we have that allows us to be able to stitch things together throughout your software development life cycle.

So from epic to issue to merge requests, to dev tests, to your testing requirements, to your security requirements all the way in through to production and see that visibility from end to end and then from an analytics perspective. So we use something called Clickhouse underneath the hood to be able to provide analytics.

So where are my highest performing teams? Where are my largest security issues? Where are the projects that [00:33:00] have the most vulnerabilities? As we start to look at a platform as a whole, we know that data, as we start to include things like generative AI and large language models, whether you choose to use something off the shelf, like Open AI or Vertex or Bedrock or something like that, or if you even want to host your own LLM.

So if you want to use open LLM or you want to grab something off of Hugging Face and run it internally, we have built what we call an AI gateway. And that AI gateway allows you to be able to choose if you want to run something yourself on your own infrastructure, if you want to run it in a hyperscaler, or if you want to consume something from a public provider.

So that combination across those four primary data stores is what we're calling our intelligent data fabric. And we are opening up APIs to allow you to query across all of those. And we are moving that to a natural language processing. So instead of needing to know GraphQL or REST, you'll be able to query all of those data stores to be able to do something like: Show me the most expensive application in our portfolio.

We'll be able to use that natural language processing to be able to find those projects that maybe they need an education around shutting down cloud resources. Once they've been spun up, maybe they have MRs that are staying open too long. [00:34:30] The next piece is Being able to build what I'm calling smart components, but are basically what you can think of them as AI agents.

This is going to be really important for software supply chain. Let's say that you find a vulnerability that is being labeled as a day zero type attack. You could use natural language query and being able to say, show me all projects that have this vulnerability attached to it. And then you could go in and build a single snippet with asking generative AI to provide you a resolution to that vulnerability and then replicate that as an MR to every project.

And then the only thing you need is a project owner to approve that change and reroll back out into production and all those projects can then have a single resolution for that particular issue. We want to see that become something that from a risk assessment, from a vulnerability assessment, how do we co create with the financial services companies?

I love what Citi is doing around being able to say, instead of us delivering something and then asking the regulators to approve it. How do we go to the regulators and say. What are the requirements around natural language processing, around risk assessment, around all these other things? You tell us what the requirements are, and then we [00:36:00] co create with FINOS and the financial services companies to go build towards those requirements.

We're not building a lot of static assets. We're able to do things a lot more dynamically, 


Grizz Griswold: It's very directed as well, too instead of you know propping up something that may or may not ever be touched or used again. 

Lee Faus: That's correct

Grizz Griswold: when you're talking about the AI agents and you know with software supply chain, like it, it did start to hit me.

I've used, obviously in marketing, I use, AI for different, marketing related things. I still do some web design every once in a while. Just in the brief time that I was using it to fix one problem that I had, like I saw the possibilities of exactly what you're talking about here.

It's like the if I could have. That snippet, like you're saying, to go and fix the things that, need to be fixed that, make the vulnerabilities go away. And I learned that, again, just with there was probably like one comma or something, something that I did that left the gate open to where something was not working on the website I was working on.

And I was like, let me just try this. And this was, this was like eight months ago or something. So it was, not even now. And. So when you were talking about that, I was like, Oh, yeah, I can see that as the perfect go and hit. And there's something there's a podcast I listened to 1 thing that, when they're talking about AI, and it's more for marketing, but they're like, [00:37:30] go ahead and say, Hey, can you do that again?

But make it better. Hey, can you do that again and make it better and do that five times or 10 times. And it finally gets to where it's this is very succinct. There's the other side of that, which is sometimes, a developer's eyes cross when you've looked at all these things and you're not going to find those things that, you just have the AI, check it out, find it and fix it.

 They're not tired, the bots are not tired . 

Lee Faus: Yeah. There's a big challenge right now of fighting for cognitive space for a developer. And that's one of the things that we're seeing generative AI play a huge role is developers are asked to do so many things today from sitting in a sprint planning meeting to doing story poker, to sitting with a development testers, to talking to performance, to talking to operations that they really only get to spend about 25 percent of their time really coding.

And so we want to think beyond developer productivity. We want to give that time back. By being able to eliminate the toil if I see a task that's coming up that is five story points, and that's how we choose to measure things, if I see a task and I can have generative AI look through it, generative AI should be able to tell me that this looks like five story points, and then have me argue against it.

Rather than me having to sit in a big long meeting for an hour to go through all of our tasks, go ahead and make [00:39:00] a rough cut of everything that you think it should be, and if I look at something and I'm like, you know what, this isn't a 5, this might be a 2, or maybe it's a 10, then let me make that change rather than me having to sit and do it.

Have that toil removed as a part of a development. And that's, I love the idea as you were talking about that repetitive, cause we see that a lot in CI. 

Grizz Griswold: Yeah. 

Lee Faus: So CI breaks or a security vulnerability pops in and we're trying to remediate that security vulnerability. Oh, that means I need to upgrade my open source package for this in my TypeScript project. Oh, that new TypeScript project now introduces a different bug. And now our regression tests are failing. A lot of times developers just get caught in that loop. If I could have generative AI do that repetitive and keep iterating on the upgrades and testing over and over again, And then finally it gets and says, Oh, by the way, here are the eight files that need to change.

Here are the three libraries that we need to modify. And now you have a working solution. I would much rather do that than me just trying to do it incrementally two or three lines at a time. 

Grizz Griswold: And I don't feel like it's it's not replacing the developer's job. That's one thing that I keep going back to it.

 You may hear sometimes on this podcast, like I call the work that's done in open source is like dealing with the dumb things. And I know that's not the way to look at it but the truth is sometimes you're dealing with the dumb things that are, they're the non IP stuff that everything is built on.

And so using this for things that like, like I copy and paste all the [00:40:30] damn time. And if I didn't have to do that as often. That would save me a lot of time in, in the things that I do, whether it's marketing, whether it's coding, what, it doesn't matter. And then, I would have time to do other things like play, play Fortnite or your daughter's doing, and I think my son's gonna go home and play Fortnite.

Lee Faus: The biggest thing for us when we talk to executives is. They don't look at generative AI as replacing developers. What they want to do is they want to upskill their current developers. So if I can give a junior dev, a senior dev's task, and they can complete it in the same time that it would have taken a junior dev to do a junior dev's task.

Sure. If I can eliminate the regular junior dev's task, I'm not going to get rid of the person. 

I'm going to allow that junior dev to act as a senior dev act as an architect. And that allows, just like you were describing, that now allows me to go back and allows me to take my architects and those people to think more strategically about where the business should be going.

How do we innovate? How do we make sure that we are building a moat around our competitors? So those are the kinds of things that we hear from our customers all the time is they want to find a way of using generative AI to upscale everybody across the software development life cycle. 

Grizz Griswold: With that, I'm gonna end the podcast by saying good day, good night, wherever you are. Thank you. 

Lee Faus: Thank you.


About the Open Source in FINANCE Podcast

The FINOS Open Source in Finance Podcast celebrates open source projects and interesting topics at the cross section of financial services and open source. So far, our industry experts have discussed practical applications of and their real-world experiences with a range of open source projects including desktop interoperability, low code platforms, synthetic data, and data modeling. They’ve also discussed best practices for inner source, common myths about open source and why commercial companies choose to introduce open source offerings. Tune in and subscribe to hear what comes next.


Interested in FINOS open source projects? Click the link below to see how to get involved in the FINOS Community.

Get Involved


FINOS Good First Issues - Looking for a place to contribute? Take a look at good first issues across FINOS projects and get your feet wet in the FINOS community.

State of Open Source in Financial Services Report 2023 - Learn about what is really happening around open source in FSI.

This Week at FINOS Blog - See what is happening at FINOS each week.

FINOS Landscape - See our landscape of FINOS open source and open standard projects.

Community Calendar - Scroll through the calendar to find a meeting to join.

FINOS Slack Channels - The FINOS Slack provides our Community another public channel to discuss work in FINOS and open source in finance more generally.

Project Status Dashboard - See a live snapshot of our community contributors and activity.

Events - Check out our upcoming events or email if you'd like to partner with us or have an event idea.

FINOS Virtual "Meetups" Videos & Slides - See replays of our virtual "meetups" based around the FINOS Community and Projects since we can't all be in the same room right now.

FINOS Open Source in Finance Podcasts - Listen and subscribe to the first open source in fintech and banking podcasts for deeper dives on our virtual "meetup" and other topics.