Personal

Introspection, Growth and Passion

Having a moment of introspection this morning, thinking back over the years of how my work has changed – sometimes in pretty dramatic ways. It seems like forever ago that I was fresh out of school and working my first real programming job at a domain host. I worked hard until I was ultimately let go from the role due to some interpersonal issues. Fortunately, the market was good and I found a new role with a natural gas provider relatively quickly. I did a lot of growing there, not only in my skills but just in my understanding of how business gets done. It was while I was there that I got married and soon had to figure out how to juggle work and kids, finally getting it down about the time the second one came around.

All the while, I was still working on my passion – programming and learning how to make “better” applications. I think at the time I didn’t know what “better” meant in the context of PHP applications but I spent a lot of time reading up on the subject and, yes, attending conferences (my first was php|tropics which I still can’t believe my employer paid for to this day). I made friends in the community, both local and national – even some international – that helped me build my skills. They were there when I had questions about how to create something and regularly had books, blog posts and other recommendations for resources to further my understanding of what “better” meant. I was constantly improving and moving up the ranks from junior developer to senior developer then lead developer and, yes, even a manager of a development team (it was weird).

Fast forward a few years to about five years ago. I sat back and looked over my career so far. I really looked at the work that I’d accomplished over the years, how I’d grown in my understanding of what “good code” and well-structured applications meant. I understood some of the higher level development concepts (like SOLID) and how to effectively apply them in my day to day work. I was co-organizaing the local PHP meetup, had started sharing my knowledge at conferences and through books and several articles on a wide range of topics. But I’d hit a problem that Young Me hadn’t thought was possible: I felt like I was stagnating.

I looked at the work I was doing (a security company but doing PHP development, not application security) and, while I was enjoying it and the people I was working with, there was something nagging in the back of my mind. It wondered if this was where things leveled out and the only way up was to a less technical role. I’d always been driven by the tech and exploration, so at the time that was a non-starter. I needed to find something that would fill my need for more tech and more exploration but I didn’t know exactly what.

I looked around at the work I was doing and the industry I was in and realized what I needed. I needed to specialize. I needed new challenges that both appealed to my desire to stay in the tech of things yet provided me with room to explore other things. I’d always had a passion for security (as anyone that knows me can tell you) so it seemed like a good option. I started to do more research and learn everything I could about the current state of application security. I’d had a cursory knowledge of it in the past but I really doubled down, watching recorded talks, reading tons of articles and even giving/writing some of my own (the best way to learn is to teach, right?).

So this was my first pivot. After I muddled through one role that didn’t turn out to be what I was hired to do, I ended up landing an application security job at a larger company. The group I worked for was a smaller acquisition of this company so it still had that “small company” atmosphere. I was still learning as much as I could and was being challenged daily to put this knowledge to the test. I worked with a great team of other security folks and engineering groups in a culture of mutual respect and growth. Unfortunately, some things changed with that role and I ended up leaving, going to my second position as an Application Security Engineer. I wasn’t doing as much development work as I had in the past outside of building some custom testing tooling, but I spent time outside of work scratching that itch.

I’ve been at my current role for over a year now and, while the work is interesting and I am working with a wide variety of tech and learning something new just about every day, I’m starting to feel that same nagging feeling in the back of my head. When I sit down and actually think about what that voice might be telling me, it’s an interesting story. I look back at how I pivoted before. I made use of my years of development background and turned it on its head, focusing on how to use it to understand the structure of applications and how to best work with development teams to improve their overall security.

One of the things that appealed to me the most about the role I’m in is the training program. There was already a program in place, started a year or so before I began there, to internally teach the development groups about application security-related topics. At this point I’d been a speaker and a “teacher” for years in various ways: conference presentations, mentorships, and writing plenty of tutorials and blog posts. I’ve always been excited to share my knowledge with others and delight in seeing that lightbulb go on behind their eyes when they really “get” a concept. I was excited to be able to be a part of that program. I presented the current courses numerous times and even worked up a new “advanced” full-day training to provide even more of an in-depth look at application security for our Engineering staff.

Some things have changed, however, and the team I’m on won’t be involved in the training program as much as before and I’d be lying if I said I wasn’t disappointed. There’s some additional context needed here that might help you understand why this is difficult for me. It has to do with that little voice again. See, a few months back, my excitement about the AppSec training program was really ramping up. I’d given the new course several times and had worked on efforts to help improve the program and processes around it. The excitement was so much so that I finally figured out what that voice was talking about and I applied to graduate school – and was accepted – at the University of Massachusetts (Boston) for a certificate in Instructional Technology Design, focusing on using technology to improve the learning process and experience. It was only after this, however, that things changed in my role and my team was less involved in the program. I won’t get too into it here but you can understand my disappointment. I’d figured out the next pivot that voice was urging on: taking the development background, combining it with the application security perspective and sharing that with others in an interesting, relevant, and effective way.

Being on a different team hasn’t stopped me, though. I still find places to help out where I can and try to make some kind of impact on the program when possible, it’s just not a direct influence. I don’t want all of this to come off as complaining. Despite what my current role’s focus might be, I’m still pushing on, learning as much as I can about learning and development, even if it’s just to apply it to my next conference talk or potential online training sessions. I feel the drive to learn again and it’s refreshing. It has already filled in some blanks for me that I was missing in my own instructional methods and has given me countless more to explore. I’m excited to see where this all will lead me.

I wanted to share my story here, not because I feel like it’s important or that it’s any kind of amazing. I wanted to share it for those out there that might have that little same voice inside their heads wondering “what’s next”. I share it because I want to show that it’s not always about becoming the “best of the best” in a single kind of role. As the saying goes: if you’re the smartest person in the room, you’re in the wrong room. It’s scary to think about change, especially in the tech world where change doesn’t always go so well and things can be unpredictable. Don’t be afraid to take a step back and look at what you’ve accomplished and where you’re headed. Make sure it’s what you want and really think about your future.

I look back on my over almost 20 years of work in technology and think about how far I’ve come in that time. I think about the “what if” of having stayed in that same role I was in years ago and where I’d be now and, honestly, I wouldn’t trade the experience and changes my career has gone through for anything. It has helped me become the person I am and has helped me find my passions along the way and, even now, is driving me on to learn more and grow. I hope that you can find the same kind of excitement in your work and can find what you’re passionate about, regardless of your current role and, most importantly, you don’t ignore that inner voice that could be guiding you towards something where you’ll find joy.

Leaving SoftLayer

For those that know me, you know I’ve been working here at SoftLayer for about the last year and a half. I’ve definitely enjoyed my time here, it’s time to move on. My last day here will be a week from today. Following that I’ll be moving over to another local Dallas company called iSight Partners where I’ll be using some of the skills I’ve learned here at SoftLayer to help improve their current application set and create new, easier ways for their customers to consume the reports and data the company generates.

Here’s a description of the company from their website:

iSIGHT Partners specializes in physical, electronic and human intelligence services. We provide reliable and actionable threat intelligence to our clients’ security and fraud investigation teams, which helps them proactively counteract all phases of criminal electronic and physical attacks against digital assets.

Our suite of products complements our customers’ Risk Mitigation Teams by alerting them to emerging threats that require action and providing guidance during critical incidents. Our intelligence sources help IT teams prioritize their workflow and ensure that they are working on the most important threats and vulnerabilities first. (They can work hard on an issue all day, but if it’s not the right issue, their time is wasted and your company is put at risk.)

I’d also like to publicly thank a few folks at SoftLayer before I go:

  • First off my team who’ve taught me a lot about not only the technology we use but how to be (and not be) a leader: Stephen Johnson, Dan Hudlow, Adam Shaw, Varrence Minor, Allan Siongco, Richard Morgan, Shahmir Noorani, Steve Bartnesky, Kevin Holland, Diana Harrelson, Theo Shu and our epic QA folks – David Borne, Jaime Barriga, Reynaldo Guzman and Janeth Paredes.
  • Next comes Duke Skarda who has graciously allowed the Dallas PHP User Group to meet here at the SoftLayer offices (and provided us with food and drinks everytime!)
  • To Logan Reese and Kelly Morphis for mentoring me when I started with the company and for being there as excellent sources with all the answers

If you’re looking around for a good PHP shop to work at in the Dallas area, you’d do well to take a look at the openings that SoftLayer currently has (personally I suggest the “Interface Development” option…that’s the group I’ve been working in and it’s been a fun one).

One ToDo list to rule them all?

Okay, so _ I’m going to put this out there so I can get some feedback. I’m looking for a good To Do list manager with a few criteria:

  • I’d love for it to have desktop software that would sync with the site (or some other resource) and allow me offline access to the lists
  • It needs to be able to prioritize items
  • It should definitely allow main and sub-categories (one level of categories? that’s crazy talk)
  • The desktop software would need to be cross-platform (pc & mac) – maybe an AIR client?
  • Bonus points if it allows sharing between users or just public access to the lists (RSS?)
  • Mobile support is cool, but not required

I like the simplicity of some of the tools out there, but none of them seem to meet what I’m looking for. Is there anyone out there that’s come across something like this? It’s driving me nuts that there’s not one that’ll fit my needs.

The times, they are a-changin’

Let’s get the exciting part of this post out of the way first – as of today I will be leaving Atmos Energy and will be starting at JWT on Monday the 19th!

I’ve been with Atmos for what seems like forever – this is my eighth year here – and I have grown so much in those years. I’ve come from a developer that barely knew OOP and couldn’t design pattern his way out of a paper bag to someone completely different. If you had asked me back in 2002 if I’d be writing articles, running an open source project and have had a few speaking notches under my belt, I would have thrown an Oracle manual at you (which was all new to me at the time). I’ve learned about best practices, fought my own battles with both code and things more on the human interaction level (I hadn’t worked in a large office before this) and have come a long way as a developer.

Atmos has provided me with an environment to make all of this possible – they’ve been receptive to my requests for training and conferences and for letting me try out new things and technologies. I’ve done things here that I can’t say I’ll so at other companies like write applications to interface directly with gas systems and work with huge customer databases (1.5 million customers over 13 states).

Unfortunately, over the last months I’ve become more and more aware that I’ve grown a bit too comfortable in my current skills. You know how it is – you do the same kinds of things over and over (and over) that you get used to doing that thing and not so much developing the applications you know you could. This is a big reason why I’m making the move. I’ve been doing the “gas applications” for a good while now and I wanted some place where I could stretch back out and really get back into a more real form of development. I think that JWT can offer me that so I’ll be starting there two weeks from today.

Thanks to all of you who have supported me in my job hunt, it definitely means a lot! Oh, and if you know of any good PHP developers (Oracle experience a plus) in the Dallas area looking for a job – let me know. I know recommendations would always be appreciated!

Speaking at php|tek 2009 – “No Really, It’s All About You”

Now that the schedule is official and all, I suppose I can post about it – I’m going to be presenting at this year’s php|tek conference (in Chicago) on a developer-centric approach to frameworks – No Really, It’s All About You. Here’s the summary:

You’ve heard it all before – this framework can do this, this other one can do it faster. The lists of features and comparisons go on and on, but there’s one thing those lists forget – the human element.

Frameworks are only as good as the developers using them and in this talk I’ll focus on these developers and how they interact with the tools. How easy is it to create an application in CodeIgniter? What kinds of things does Solar make simpler than others? Is the Zend Framework the best choice for some of the more ‘business applications’?

I’ll take a developer-centric approach to four popular PHP frameworks: CodeIgniter, CakePHP, Solar and the Zend Framework. Topics include speed of application development, how simple they make the simple things and maybe a few benchmarks thrown in for fun.

This will be my first time presenting at a conference and, really, my first time up in front talking about a technology topic. I haven’t had much experience in public speaking so a lot of it will be new to me. Oh well – what’s life for if not for taking those big jumps into the unknown.

So sign up already and come out to Chicago to see myself and lots of other qualified speakers talk about Subversion, streams, the SPL, security and much more…

Deploying PHP Applications?

So, a question for everyone out there – we’re looking to do a bit of an overhaul for our build and release system and I was wondering what kind of setups you all out there had for your releases?

I’ve seen all sorts of different things (including a version control->rsync to production push and a fully CruiseControled push for everything) but I wanted to hear back from you fellow PHPers out there as to the kind of stuff you’re using. We’re looking to try to keep it open sourceish stuff, so suggestions down that line would be best but we’re pretty open.

I don’t have much experience with a more formalized build process but we’re coming up against a need to separate out the responsibilities a bit more.

What do you use for your build (and deployment) process for your PHP applications and websites?

Twitter Updates for 2008-04-23

  • @ramsey: did you ever get that "too many requests" issue solved with spaz? #
  • work you damn jquery selector! i command thee! #
  • @funkatron on spaz? every time I fire it up I get that "too many API requests" message after a few seconds #
  • @funkatron @ElizabethN trying the passowrd thing first… #
  • hmm, interesting – an onclick on an anchor and an onclick on a div firing at the same time #
  • @jeichorn nice! #
  • @ElizabethN heh…me too…wonder what it was #
  • okay, this cough is officially getting old #
  • grr….slow people– #
  • how many dbas does it take to check permissions on a sequence…(apparently 3) #
  • @elazar heheh #
  • i ❤ last.fm #