Pitfalls to avoid when improving your software development skills

Source: helpnetsecurity.com

The dizzying pace of technological change makes knowledge acquisition and skill development a very big deal in the IT and IT security industry. Luckily, the opportunities for both are myriad, but how to pick the right ones for you?

Older, more experienced professionals in the field of your choice can help point you in the right direction, and that’s why Help Net Security has decided to pick the brain of Dylan Beattie, who’s not only an experienced software developer, but also the CTO at Skills Matter, one of the largest communities of software engineers, who share their experience and challenges in daily talks, discussions and workshops.

Beattie started programming when he was about eight, he wrote his first web page in 1992, and graduated from the University of Southampton with a degree in Computer Science in 2000, just in time to watch the first dot-com bubble burst.

He got a job building data-driven websites using classic ASP then, a few years later, moved to London to join Spotlight, where he worked for nearly fifteen years: building a team, migrating their stack from classic ASP to ASP.NET MVC, moving from on-premise to cloud hosting, using continuous integration, APIs, microservices, and so on.

These days, in his role as CTO at Skills Matters, he’s managing the development team that maintains the organization’s web platform and he’s involved in lots of their tech conferences and the work they do to support the meetup community.

“Some ten years ago I started going along to software meetups – I was really struggling with ASP.NET WebForms and decided to try a meetup or two to see if anybody else was having the same problems; that got me involved with the London .NET User Group. On the back of that I started doing user group talks and speaking at conferences, initially just local stuff here in the UK, and now I speak at events all over the world about a whole range of topics, ranging from .NET and software architecture to development culture and the environmental impact of modern technology.”

Choosing sources of knowledge

When it comes to things like information security, network and routing configuration, site reliability engineering – i.e., all those things that are important for the day-to-day running of most of our platforms and services – certification programs have definite value, particularly when it’s the platform or system vendors who are providing the certification.

“I also suspect there’s a degree of stability in things like enterprise networking hardware which makes a certification program a much more manageable prospect – certainly when compared to things like modern web development, which is a constantly-evolving landscape that shows no signs of calming down any time soon,” Beattie opined.

“On the other end of the IT spectrum is the extremely creative work related to things like machine learning and quantum computing: stuff where we are probably still years away from anything you’d consider an industry standard or ‘best practice’. I’m very dubious when I see people offering things like ‘blockchain certification’, because I genuinely don’t see where the value is.”

Still, he thinks that the biggest value in certification is that it gives the student a way to direct their own learning. “One of the biggest challenges I hear from people right across the IT industry is that they struggle with motivation, and I know people who have had great results by enrolling in a certification program just to give themselves a deadline and a target to work towards,” he noted.

Learning resources are also plentiful and easily accessible these days: whatever you want to learn, chances are good that you can go online and easily find online documentation and tutorials, blog posts, structured courses and YouTube channels that will help you.

Beattie says that’s where the real value is: multiple different channels through which you can source knowledge.

“If I’m learning a new language or platform, I’ll often use an online tutorial to try something out and build my first prototype or demo application, then I’ll buy a book to fill in the gaps in my understanding and give me a more balanced view of what’s actually possible with it – and, of course, I’ll be looking on Stack Overflow and other online resources every time I get stuck,” he explained his own process.

“I’m also lucky enough that I’m connected to a lot of very smart tech people through social media, so if I get stuck I can always jump on Twitter and ask ‘hey internet – can anybody help out?’”

Advice for those just entering the IT industry

The modern IT industry spends a lot of time talking about microservices, JavaScript frameworks, cloud, serverless, but all these things are just the latest wave of abstractions to ride on top of a set of core principles that haven’t evolved all that much over the last 20 years, he says.

It’s better for novices to pay attention to the basics: learn how a relational database works, learn a solid object-oriented programming language such as Ruby or C# or Java, learn about HTTP and learn how to use HTML and CSS to present information.

“Those are the cornerstones of almost all modern software development. Once you’ve got your head around the fundamentals, all the trendy stuff makes a lot more sense because you’ll understand where it’s coming from, and what problems it was intended to solve,” he explains.

He also warns about not getting sidetracked by someone else’s infectious excitement.

“That sounds weird, I know – but IT is full of people who love sharing what they do, and often you’ll talk to somebody who has recently started using a new framework or a new technique and thinks it is absolutely amazing, and can’t understand why everybody else isn’t using it as well. I’ve got caught up in this a handful of times during my career – and the risk is that, even if they’re correct, the problem they’re solving isn’t the same as the problem you’re solving, and you can end up investing a huge amount of time in building the wrong thing,” he says.

“You’ll probably walk away from it with some extremely valuable experience, so it won’t have been a complete waste of time, but you’re very unlikely to end up with high-quality working software unless you take the time to research multiple approaches and evaluate them against your own priorities and requirements.”

Pivotal career experiences and lessons learned

It won’t come as a surprise to anyone who works in software development that one of Beattie’s pivotal career experiences is the first (and so far the only) time he accidentally dropped a production database.

“So much of the rigor and discipline around treating software development as ‘engineering’ can introduce what feels like friction into a development process – writing unit tests, deploying to a sandbox environment, waiting for integration tests to complete – and the temptation is always there to think ‘Hey, this is such a tiny change, maybe I can skip all that.’ But then I remember the time I accidentally nuked the production database and remember that all those checks and balances are there for a good reason,” he says.

Another one is transitioning from working as a solo programmer to working as part of a team.

Almost all the code he wrote until his mid-twenties was done by working alone. No pair programming, no code reviews, no planning sessions – he would just talk to the users, work out what they wanted, build it and ship it. But when Spotlight hired a second programmer around 2006, he had to start learning and thinking about how to work effectively as part of a development team.

“It’s always challenging, because the feedback loop that exists between your brain, your keys and your code is always going to be orders of magnitude faster than anything involving conversation or documentation. But what I’ve realized over the years is that the code isn’t actually where you can create the most value,” he says.

“Even the best codebase in the world has bugs, vulnerabilities and dependencies that will need to be fixed – and that comes down to what sort of team you’ve got maintaining it and how well that team can prioritize and coordinate work. For most businesses, there’s far more competitive value in having a strong, cohesive team who can respond to changes and deliver things quickly than there is in shipping another ten thousand lines of code that nobody understands.”

Finally, one thing that he likes to impress on others (and that doesn’t discussed often) is the total cost of ownership of modern software. The IT industry, he feels, puts too much emphasis on writing code and not enough on what that code is actually going to cost over the entire lifetime that it’s running in production.

“Part of the problem, I think, is that software developers only get involved in those discussions after the decision has been made to create a new app or build a new feature – and so we’re not really in a position to challenge the decision. But as an industry, we definitely need to think less about how fast we can write new code and think more about how we can maintain and manage the code that’s already out there,” he opines.

Challenges the educational industry targeting IT will have to meet

Developing software and building systems doesn’t and shouldn’t happen in a vacuum and developers (current and future) need to be taught to take a more holistic view of the work they will be doing.

The educational industry can help with that and offer courses that will push them to think about user experience, code maintainability, information security, ethics, and data privacy.

Another challenge the IT industry in general has to address is how to who don’t consider themselves developers and help them realize that there’s opportunities for them in the IT industry as well.

“We don’t just need coders to help us create more software, we need site reliability engineers to help us maintain it, we need designers to help us make it usable and accessible, we need copywriters and editors working on our interfaces and documentation, we need psychologists helping us develop better user experiences and ethicists helping us navigate the complex implications of modern technology,” Beattie points out.

“Understanding the basic principles of software development and modern information networks is essential, but our industry needs so much more than just more people cranking out code.”