Experience

HomepageBlogExperience

Category: Experience

Image of a laptop and a computer screen with code
CategoriesExperience

How to code like a team – SPOFing in coding alone

By Sigurður Baldvin Friðriksson

 

In my professional career, I’ve been a team member, a manager and had a variety of responsibilities for assignments and projects. My team experiences have been outside of the tech industry, ranging from a stint at a pizza place to a local computer hardware reseller. It has been informal for the most part and very collaborative and had a flat hierarchy. Here are a few words about how to code like a team.

Often experience took lead over role.

In software development the process has been “We have an idea, let’s make it happen!”. 

This freedom can be nice to have as one can decide on how to build, however it comes with drawbacks, such as running into weird issues or not understanding something. Then having to do a bit of googling and try different things until it works. This can be time-consuming and frustrating.

How to code like a team

I dream of a world, where I can bounce ideas off of colleagues and they can help me with the answer. 

However, that has not been my experience which brings me to the title of this post “How to code like a team”, am I a seasoned expert in team management? No. Caveat: The below is a survival story and is best avoided in the long term. 

 

The daily routine

Try your best to brain dump what you do every day – tasks should live outside of your head!

This is good advice for anyone, regardless of how large your team is. Popular project management tools allow you to put comments and thoughts into tasks and this provides a timeline for task progress and helps you follow up.

“Hot-fixes” tend to be more common than we care to admit and they tend to become “cold-fixes” as more tasks are completed to advance development. Since you are the sole proprietor of the advancement of the project, any backtracking, refactoring or documentation feels like stopping a fully seated bus during rush hour to clean the dashboard properly. It’s not that you shouldn’t do that every now and then, however, the timing tends to feel wrong. It’s always rush hour for people that are paying you to finish the project, so take the time to fix the issue. Most projects underestimate the time allocated in the scope anyway, so add more time to your estimations and remember, set time aside for refactoring and backtracks.

 

“Doing agile development is the king of the development process” – I don’t disagree. However, it also takes enormous discipline to maintain one-person teams for weeks on end. What helps with maintenance is doing stand-ups 1 or 2 times a week just to make sure you are on track. This may seem silly but it works – although your progress may vary.

You might have realized that since you are the only one working on the projects, you have to do everything. The upside of doing everything yourself is that you learn a lot of different things. Who would have thought setting server permissions could be such a thrilling experience after implementing your very rough, paper prototype (granted you didn’t just skip a step during the agile process)? Congratulations, you are now the fullest stack developer!

The single point…of everything

Now, imagine this. You find yourself sitting in a lawn chair, drinking a cold beverage at around noon, the sun is shining and you are enjoying your vacation, when suddenly *buzz**buzz*  “System A isn’t working and we can’t do the thing, can you fix it”. You begrudgingly open your personal laptop because “Work should only happen at work, you don’t need a work laptop” but you knew better. A new hot-fix or server restart later, you reply “fixed” and carry on with your vacation. This is the single point of failure aspect of this post. 

Some of these texts can wait and often they do. But it can drain you. You think about work for a couple of minutes or hours, thinking about what went wrong or imagining a solution to the problem, remembering that temporary “hot-fix” you made. 

Bugs and issues can become very personal, since – well – you know that there isn’t anyone else that contributed to it. My solution to this problem is very simple but hard to execute. The “it’s nothing personal, kid” mindset. Bugs, weird issues, and interactions are a part of software development, no matter how experienced you get or how strict your testing process, something will inevitably slip through and cause issues. This happens at any team and company size. You just have to document the issue, provide a fix, and re-deploy.  

 

Expectation management

You are a singular person with the same amount of time in their day as the next person, set realistic expectations to all stakeholders, and remind them if they don’t have the budget for additional people (or simply don’t want to add more people) that the project will likely take more time than with added resources. With these words I hope you have gained some insights into how to code like a team.

Sideview of a laptop screen closing down on the keyboard
CategoriesExperience, Guide

Being up to date managing your security program

Guidance for a successful security program

This article is aimed at providing guidance for a successful security program and insight into the differences and challenges between compliance operations and security operations.

Evolving compliance

Compliance is no check mark sport – it is a constant gardening exercise. Here are some of the essential points for keeping your compliance in good shape, Guidance for a successful security program:

  • Keeping up to date with standards, regulatory requirements, and future changes can be a good way of staying ahead. Be knowledgeable about many different standards and security best practices, while ensuring that you are going beyond just meeting compliance. Why? Standards are not updated fast enough to correlate with the ever evolving threat landscape and security best practices.
  • In the case of the organization not have to meet information security standards or issue reports such as ISO 27001, SOC 2, NISTPCI DSS or others, it is still a good idea to follow the frameworks such as ISO 27001 or NIST as they provide good guidance and a foundation on security best practices for your ISMS.
  • Continually monitoring the effectiveness of your controls and implementing security measures that not only meet standard or regulatory requirements, however going beyond to increase the security posture of your organization is a great way to ensure your ISMS is up to date and the controls are actually helpful for you and your business units. If the organization has multiple frameworks that it needs to be certified against, evaluate whether the policies, processes, and controls can be used to meet the objectives of multiple standards at once. This cross-reference can save you valuable time.

Compliance is only a small part of the security function and being compliant or certified must be taken with a grain of salt as compliance to standards does not mean you are completely secure or that your vendors are secure as the scope and quality of controls can significantly differ.

Current threat landscape

The ever evolving landscape of corporate business is a:

  • Modern threat agents are becoming more and more sophisticated and the threat landscape is continually evolving. Following news on security, recent attacks, and vulnerabilities is paramount to being up to date with the current threat landscape.

  • It is recommended to conduct threat intelligence, implement continuous monitoring and alerting, and use continuous risk management for new threats that are arising at each time. If budget allows for it, consider implementing technical solutions that allow for continuous monitoring of thresholds and vulnerabilities through agents, and implementing solutions that offer threat intelligence of your company and supply chain.

Guidance for a successful security program

Keeping current within your own company

  • It can be common that some business leaders may view the security function as a barrier or blocker for the business. It is important to understand the business goals and create a culture of security as an enabler where business units are freely willing to share information and concerns and seek help from the security team. This is why it is critical to be visible, knowledgeable about where your company is headed, what the business requirements are, and how security best practices can be implemented at each phase and within all business units.
  • Creating a culture and mindset where the company sees security as an enabler for the business instead of a restriction, will lead to better collaboration between the companies departments and increased information sharing to ensure the security team is up to date with new developments, systems or strategies. In addition, ensuring your colleagues and stakeholders such as the BoD are informed through a Security Council, regular reporting and awareness training to ensure the success and visibility of the security function and increased security awareness within your organization. Stand-ups or regular meetings with relevant teams, especially development and IT should be held in order to follow current changes and issues with the IT environment.
  • Ensure you have a good overview of your assets and vendors through dedicated asset management and vendor management programs. As the attack vectors are increasingly becoming more and more sophisticated, keeping current with your enterprise infrastructure, assets, and supply chain will enable your organization to have a deeper understanding of your attack vectors.

Being involved within the industry and security sector

  • Join security communities if they are available through professional industry specific platforms or social media platforms as they may often provide good intel on current challenges and threats.
  • Evolving cyberthreats create a continual need to educate the security team, and all relevant team members on how to protect against data breaches and threats. Being involved in discussions, events, and gathering intel from trusted media will help in being current with the industry.
  • Offering to achieve professional certifications for your security team additionally gives a good foundation for the career success and continued learning of your security team.