2018: The Year Tech Got Humbled

| 6 min read |
year-in-review technology reflection privacy

A personal look back at 2018 -- from GDPR scrambles at the fintech startup to Google for Startups Seoul, Spectre/Meltdown fallout, and the infrastructure shifts that defined the year.

It’s Christmas Eve, and I’m sitting in my flat trying to make sense of the last twelve months. 2018 felt like the year tech finally had to grow up. Not because of a breakthrough product launch, but because of consequences.

I spent most of this year as CTO at a fintech startup that aggregates financial news for investors. We went through Google for Startups Seoul earlier in the year, and it was an intense, compressed experience: pitching, mentoring sessions, and late-night rethinks of how we position ourselves in Asian markets. Seoul was electric. The startup energy there is something else entirely. But even while we were in the accelerator, I kept coming back to the same thought: the ground was shifting underneath everyone in tech, not just us.

Here’s what I mean.

Spectre, Meltdown, and the end of hardware innocence

The year literally opened with the Spectre and Meltdown disclosures: speculative execution bugs in most modern CPUs. Vendors scrambled to patch. Performance took hits that nobody wanted to talk about publicly, but everyone measured privately.

What mattered wasn’t the patches themselves. It was the realization. We had all been building on top of hardware we assumed was correct, and that assumption was wrong. After January 2018, “trust but verify” applied all the way down the stack.

At the fintech startup, we patched fast and moved on. But I noticed a shift in how I thought about infrastructure after that. Less “this is probably fine” and more “what else are we assuming?”

GDPR hit us. Hard.

May 25: GDPR enforcement day. If you were running any kind of service that touched EU user data, you felt it.

We had been preparing for months. Data inventories. Consent flows. Reworking how we handled deletion requests. Figuring out what “legitimate interest” actually meant for a financial news platform. It wasn’t glamorous work. It was spreadsheets, legal calls, and rewriting data pipelines.

But here’s the thing – I’m glad we did it. Forcing ourselves to map where user data lived, how it flowed, and who could access it made our systems better. Not just compliant. Actually better. We found data we were storing for no reason, permissions that were too broad, and retention policies that didn’t exist.

GDPR was painful. It was also one of the most useful engineering exercises we ran all year.

California passed its own privacy law too: CCPA. Different mechanics, similar direction. By December it was obvious that privacy regulation wasn’t a European quirk. It was the new normal.

Kubernetes won

I don’t think this is controversial anymore. Kubernetes won the container orchestration fight in 2018. Docker Swarm faded. Mesos hung on in some shops. But managed Kubernetes offerings from AWS, GCP, and Azure removed enough operational pain that adoption snowballed.

We ran our own Kubernetes clusters at the fintech startup. Day-1 was great. Day-2 – upgrades, RBAC policies, monitoring, cost management – was where the real work lived. I think a lot of teams learned this the hard way in 2018. Getting your app onto Kubernetes is a weekend project. Keeping it healthy is a full-time job.

The ecosystem grew fast, though. Helm charts, operators, custom resources. It felt like every month there was a new tool promising to solve the last problem you ran into.

Infrastructure as code stopped being optional

Terraform became the standard. Not the only option, but the default. Git-driven workflows, plan-and-apply pipelines, policy as code. If you were still clicking around cloud consoles to provision things, 2018 was the year you started feeling behind.

Multi-cloud went from conference-talk fodder to something people actually did. Not always elegantly. But the reasons were real – risk mitigation, regulatory requirements, pricing leverage. We used it pragmatically at the fintech startup: some workloads on one provider, some on another, tied together with Terraform and a lot of glue.

Serverless found its lane

Serverless stopped being “the future of everything” and became “really good for these specific use cases.” Event-driven workloads, spiky traffic, glue code between services. Cold starts were still annoying. Observability was still rough. But for the right patterns, the economics were hard to argue with.

I think 2018 was the year serverless and containers stopped competing and started coexisting. That was healthy.

Go, Rust, TypeScript

Three language trends that mattered to me personally.

Go kept eating infrastructure tooling. The module system landed and made dependency management actually bearable. I wrote a lot of Go this year, and it felt like the language was settling into maturity.

Rust went from “interesting but niche” to “seriously consider this for systems work.” The ecosystem was still smaller than Go’s, but the safety guarantees were real. I started paying closer attention.

TypeScript crossed a threshold. It went from “nice to have” to “why would you start a serious JavaScript project without it?” Strong typing, great IDE support, first-class framework adoption. This was the year TypeScript became the default for frontend in a lot of shops.

DevOps just became how we work

Nobody called it a “transformation” anymore. CI/CD pipelines, infrastructure as code, observability, on-call rotations. It was just how engineering teams operated. SRE ideas spread beyond Google. Platform teams became a thing. Internal developer experience started getting real attention.

Google for Startups Seoul

I keep coming back to this. The accelerator was a highlight of my year. Not just for mentorship or pitch practice, but for the perspective shift. Being in Seoul, surrounded by founders building for markets I hadn’t deeply considered, forced me to think differently about what we were building at the fintech startup and who we were building it for.

The Korean startup ecosystem in 2018 was moving fast. Fintech, AI, gaming – the energy was intense. I came back to London with a longer list of ideas than I left with. Some of those ideas shaped our roadmap into 2019.

What I’m watching for 2019

A few things I expect to matter next year:

  • The first big GDPR fines will land and set the tone for enforcement. Everyone is waiting to see how aggressive regulators actually get.
  • CCPA preparation will consume US-focused teams the way GDPR consumed European ones.
  • Kubernetes operations will mature. Better tooling for upgrades, security, and cost. The “day-2 problem” is too widespread to ignore.
  • Supply chain security will get more attention after several ugly incidents this year with compromised packages and build pipelines.
  • Edge computing will move from theory to early production pilots.

Wrapping up

2018 humbled the industry. Hardware wasn’t as trustworthy as we thought. Privacy wasn’t optional. Running containers at scale was harder than the demos suggested. The teams that did well treated these realities as engineering problems, not annoyances to manage around.

It was a good year. A hard one. I learned more from the constraints than from the wins. I suspect 2019 will be the same.