Resume Writing

Most of us don’t really take a look at our resumes until it’s time to apply for jobs. I’m certainly one of those people. I’ve updated my resume only occasionally in between looking for new jobs. I’ve done a lot of experimenting with my resume over the years. This article summarizes what I started with, how I adapted and updated it, and tips to consider when brushing off the ol’ resume.

Starting Out

If you are just starting out, you probably don’t have a wealth of experience to list and it seems a bit intimidating to be applying to positions for which you have little to no actual professional experience. This is normal! While you may not have the professional experience, what you can do is leverage what you’ve done in your personal life. Have you volunteered for something? Great! List the volunteer activity as if it were a professional experience. Extra-curricular activity from school? Do the same thing! What you experience throughout life is all experience. It may or may not pertain to a specific position, but if you can list life experiences that do relate, then even better.

If you are dusting off the resume, go ahead and review it. See if there’s anything that can be refined. Did a project exceed expectations? Did you end up picking up additional responsibilities that aren’t quite listed? Add them! Refine the existing experience you have written down to more accurately reflect your accomplishments. Each word on your resume should add value to your overall effort. If you helped your team improve a process, what was your role in helping? What was the process? How did you improve it? What were the benefits to the company after it was improved? Was it long term? If you can explain the value you provided to your previous employers through your actions, it’s easier to see how hiring you for the next position will benefit the next company.

Expand

Before I do anything to my resume with my new experience, I expand on what’s already written. If I helped automate a server installation I can expand that to how I made decisions, how the project came about, what the outcome was, hurdles I had to overcome, decisions I needed to make, input I sought, etc. I can expand a single bullet point into several highlighting problem solving skills, leadership, cost-benefit analysis, etc. This highlights soft skills which are typically skills one must learn by doing and cannot necessarily learn by being taught. Think about each bullet in your resume and expand it to highlight as many soft skills as you can that you used in meeting your accomplishments. Once you’ve worked over your resume, then you can add to it with your new experience in your last position. Reviewing your entire resume helps bring forward all of your skill sets you’ve developed over your professional career.

One example of expanding would be to take a rather generic bullet point like “Automate data acquisition.” and expand it into multiple bullet points highlighting the various tasks you accomplished:

  • Automated data aggregation, formatting, validation, and report generation.
  • Automated testing analytics.

This type of expansion portrays your accomplishments more clearly and provides a clearer view of your part in company success. Companies would rather hire someone who is capable at communicating than someone who flies under the radar and just punches the clock.

Add Value

When you’re finished expanding, go back and revise your bullets to stand out. Include specific amounts when possible. Be sure you are able to explain your values during an interview. Estimating saving a company $1M better have an explanation on how you came up with that number and concrete examples backing it. If you’re unsure of a number, you can still estimate one, but be sure you can explain your estimation process. Estimation is a great skill to showcase during an interview and backing it up proves your authority on the skill.

Continuing with our example, we can add specific values to each of these bullet points to highlight the value provided to the previous company. This allows a potential employer to see the proven value you brought to the company and foreshadows the value you will bring to them:

  • Saved the company 1,081 hours by automating data aggregation, formatting, validation, and report generation for 36 products.
  • Save the company 500 hours by automating testing analytics for 22 projects.

This value clarification also shows how much you were working. It highlights the amount of work required to accomplish your goals and the total cost savings provided to the company (almost a full-time employee salary!). This relays to prospective employers that hiring you will save them money. Business think in terms of bottom line. If you add more perceived value than you cost, you can negotiate a higher salary and prospective employers will still see it as a net-positive deal.

Reduce

Once you expand, update, and add value to all of your positions on your resume, it’s time to make some cuts. I keep several copies of my resume. I use LinkedIn as an fully expanded resume listing every position and every project and everything I’ve ever done to add any value at all to any company. When I put this all in a PDF, it’s 11 pages. This is clearly too long-winded to be successful at getting into any position (I’ve tried and had little success).

The first person that typically looks at your resume is also looking at other resumes, too. Potentially hundreds depending on the company. If they come across an 11 page resume you can almost be sure it’s immediately removed from the running. This person is a human and humans get bored easily. You need a concise, clear, standout resume to get further into the process. You can always bring your 11 page resume to your interview to bring up talking points (although, I would caution against that).

Any bullet points that merely list responsibilities of a position provide zero value and just take up valuable space. If a bullet point doesn’t add value, remove it. If a bullet point doesn’t explain what you did, the value it brought to the company, and highlight a skill it needs to be refined or removed. The earlier examples are great at identifying value and skill. This individual saved the company a lot of time (and time, to a company, equals money). It also showed a penchant for automation. Other aspects of the resume should be backing some form of experience. This individual was a molecular biologist and they were highlighting their expertise in data reporting. All of the bullet points for that position highlighted how their data reporting skills saved the company money and could save the next potential employer money, too. The skills listed in this resume also portrayed a knack for automation, which is a skill that spans multiple disciplines. Each bullet identified a skill possessed by this individual, the value this skill brought to the company, and how the skill made this individual a subject matter expert on the subject.

Your resume is a sales tool in selling yourself to a potential employer. Treat it as a marketing campaign. If it’s not string, clear, and concise, make it that way or remove it.

The Process

This is probably a good time to talk about the whole hiring process in the 21st century. If you’re applying for jobs, it’s probably online. You’re either talking to a recruiter or using a job board like Indeed, LinkedIn, Glassdoor, Dice, or any of the hundreds of other job boards available. You should target the job boards relevant to your industry if possible. Look around and see if you can find a job board specific to your industry.

You may believe that getting that first interview is the first step of the interview process. You may be surprised to find that the first step is not getting an interview, but instead getting your resume to a human. This is typically accomplished by human-first contact (a recruiter or an internal hiring specialist) or through an applicant tracing system (ATS).

You can tell when an ATS is being used when you have to fill out some series of forms rehashing your resume. This puts your resume into a machine readable format that the ATS can then search for keywords. If you have the skill set they are looking for, but lack the keywords the ATS is looking for, you’re quietly eliminated from the running. You don’t typically get any indication if you’ve been rejected through an ATS based hiring process. When you are targeting a position that uses an ATS, it’s a good idea to break out your skills into industry standard terminology and list it in a skills section of your resume. I pull out all of the languages I’ve worked with and list them in a group close to the top of my resume. This makes it easy to copy and paste keywords into an ATS based resume submission.

In the case of a human-first hiring process, your resume length is a typical factor in elimination. An 11 page resume will quickly find the trash can even if you are the dream candidate. For human-first applications, you must keep your resume crystal clear and concise. The human that first looks at your resume needs to figure out if it’s a general match within 5 seconds of looking at it. If you don’t clearly highlight your skills, you won’t stand out in the hundreds of resumes this person has to go through. You do have more creative freedom with a human-first application process to better portray your skills through resume layout.

After the initial screening process, you may get a second phone screen. This typically means you made it past the gate keeper and someone with some sort of knowledge about the position and about the company wants to talk to you. They have your ATS resume (in whatever format the ATS spits it out in) or your “human” resume (in the format you submitted it in). Depending on this, you may want to highlight your skills verbally during the screening call. This phone screen may seem like it’s a “getting to know you” but you should treat it as a stage to shine on. Your soft skills are what’s being tested, the phone screen person doesn’t typically know much about the skills necessary for the position, they want to make sure you’re still looking, that this job interests you, to tell you a little bit about to company, and to gauge if you are not an asshole. Nobody hires assholes.

If you manage to pass the phone screen, the next step is either an in-person or over-the-phone interview. This is the last step for some positions. This is where the rubber hits the road. A team of people or one person is on the other end, they’ve read your resume (along with tens of others that made it through) and want to test that you know what your resume says you know and if you’re a good fit for the team dynamic. This is the tougher of the interviews and if more are after this they get even more tougher. This interview is the make or break moment for your job search in a position. This is where you bring together all of your soft skills to highlight your hard skills. PRACTICE THIS BEFORE THE INTERVIEW. Unless you interview regularly, this is where a small mistake can cost you the position (this has happened to me more times than I care to reflect on). You should be able to answer their questions with a story reflecting on past positions on how you accomplished something similar. If you don’t have experience let them know you haven’t had the experience but do tell them what you would do if found in that situation.

I’ve been asked how I would handle an employee subordinate to me that was disruptive to the team. I’ve never been in this position (nor would I really want to be), so I explained I had never experienced it, but that I would pull the employee aside and talk about it. We would come up with ideas on how to not be disruptive and make a performance plan on how to measure when the employee was being disruptive and what to do when the employee recognized they were being disruptive. This solution seemed simple to me, but someone who may not have been ready for the position may not have had this type of answer.

Many other times, I’ve been asked questions that directly related to projects I’ve been on in the past. Something like “how would you handle negative performance by a third-party?” and was able to reflect on one of my projects that directly involved a negatively performing third-party contractor. I explained that I had actually experienced that and explained what I did do. This was nowhere on my resume but does show the soft skills the company is looking for and backs them up through concrete action.

There have, of course, been interviews I’ve been on for a position that was (looking back on it) clearly out of my experience. I’ve been on a manager interview for a movie theater (this was a really long time ago!) and asked what I would do if a customer complained about seeing a rat drag a nacho tray up the theater aisle during a movie. I didn’t know. I never even experienced the rat issue. So, I offered what I would do in that position: apologize and offer a movie pass for a later showing. It wasn’t what the other managers would do (and I’m not quite sure what the “correct” answer was). Needless to say, I didn’t get the position.

Wrap Up

In the many interviews I’ve had during my career, I am often deflated when I get passed over for a position. It’s taken some time, but I finally realize that getting passed over for a position isn’t necessarily a bad thing. It does come down a fit on both sides of the process. Ultimately, you aren’t passed over because you suck, it’s typically because of “fit.” On one interview, the culture of the company and my culture just didn’t line up. Other interviews, they were looking for someone with either more or less skill than I could provide, I would have struggled or been underpaid and frustrated for that position. If you focus on being yourself and presenting what you have to offer in the best light, you will find your fit, it may just take some time.

Photo Organizing!

I’m sure you have about 10,000 pictures all in one big folder with no organization, multiple copies, and a wishful intent of organizing it. When you finally find the time to sit down and do your organizing, the task seems so insurmountable, you suddenly realize you forgot to scrub your kitchen floor, do the laundry, weed the garden, and complete every other chore you’ve been putting off! I was there — I made it through.

Vision

I was inspired by Timehop, of all things, when I sat down to organize all of my photos. The intention was that I would combine my entire family’s photos together, organized chronologically. Timehop, for those of you who don’t know, connects to your social media accounts (Facebook, Twitter, Instagram, Google Photos, and Dropbox) to gather your pictures. Each day, Timehop shows you pictures on that day from from your history. It’s pretty fun watching your kids grow up and seeing how much they have grown each day. I quickly found that, while Timehop is pretty great, it requires pictures. I’m not the big picture taker in the family, my beautiful wife is, so my Timehop was barren and her Timehop was full of all the pictures. This made me sad, but also inspired me to bring all of our pictures together (along with all the other pictures I had sitting around on several devices). So here’s what I did to bring my vision to life.

The Work

I started by bringing all of my pictures from all of my devices to my computer. I had to find an SD card reader, the power cord from my old Nikon camera (circa 2001), a plethora of CDs, all the odd folders on my PC, the photo folders I had on Dropbox, and the photo folders I had in Google Drive and bring them together in one place on my PC to start organizing. Once I had all the pictures in one place, I quickly realized that there were quite a few pictures! Roughly 230GB worth of photos!

I started organizing in folders by Year, then Month, then Day to get a good chronological order. I quickly realized there were many, many, many duplicates and that organizing them chronologically helped to identify them. I would manually inspect each of the duplicates and keep the better quality one. I also realized some of the images (typically the ones I had in backup folders) were missing the date information. I put these in a separate folder. Some of them had the date imprinted in the photo, some of these imprints were blatantly wrong (why is the sun out at 2AM?). These also went in the “unknown” folder. I went through all of the pictures and got them sorted chronologically as best as I could. There were a LOT of duplicate photos I was able to remove.

For the “unknown” folder I would occasionally find a dated picture and was able to remove the unknown picture. At the end of all of this organization, I was able to identify the date of some of the unknown pictures by context with other pictures (same outfit, same people and location, etc) and updated the EXIF data with the correct date. There were a few photos that were also mis-dated, but I didn’t find those until later.

After chronologically organizing these pictures, I realized I had mixed in some of my wife’s pictures and some of my in-law’s pictures. This had a really cool effect of seeing what the in-law’s were up to when the wife and I were somewhere else. It was interesting to see what my wife was up to when I was hanging out with friends before we even met. This side-effect was an awesome early payoff for the work I had done already. I wanted to include the rest of the family into this, but haven’t had much luck in getting buy in. Google Photos has the ability to share an album with others allowing collaboration on it. I might revisit this option in the future, especially since my brother recently lost all of his photos.

The Backup

So, after getting all of these photos finally organized (it took a few hours each night for about a week). I wanted all of this hard work backed up. I looked to Google Drive to be the workhorse for this. So, I uploaded all of the pictures to Google Drive one evening and went to bed. That morning I had a bunch of emails from Google about my Google Drive almost being full, options to upgrade my Google Drive space before I ran out of it, and that my Google Drive was finally full. I learned that your Google Drive contains all of your upload as well as all of your emails! So, I stopped getting emails sometime that evening. It was a bit alarming discovering this… so I quickly removed the partially uploaded photos from Google Drive and turned to Dropbox.

Dropbox uploads were done through a folder sync using the companion app. This seemed to go well, I set it up and let it run. Dropbox indexes all of the files it needs to upload before uploading them, so it took a few hours for it to do that before it started the actual upload. The upload lasted several more hours before I started getting emails in the middle of the night about my Dropbox becoming full, then actually being full… So, the next day, I stopped the upload and removed the partial upload from Dropbox. Strike two…

When I originally uploaded my photos to Google Drive, I thought it automatically moved them to Google Photos. Google is magic right? It turns out, they had recently announced they were going to stop doing this in the name of simplicity. Turns out it was still possible, but was confusing to configure. So, I skipped the Google Drive and went straight to Google Photos. I read up on what the requirements were and decided to take the plunge… if it didn’t work out, the worst that could happen would be a few emails, right?

The uploads took most of the day in upload time. I wasn’t sitting in front of the computer the whole time, but I would periodically check in to see how it was doing. I wasn’t getting email warnings, so that was a bonus. I also installed the Google Photos app on my iPhone and it started backing up all of the photos I’d ever taken on the phone to Google Photos as well. After all of the uploads finished (finally) I got my second awesome surprise. Google Photos‘ “assistant” started identifying duplicate photos! All of the hard work I had put in earlier identifying duplicate photos and eliminating them was automatically being done by Google Photos‘ assistant! It did find more duplicates. It also automatically created albums based on the geotags of some of the pictures. It was super neat to see albums starting to be created.

Over time, the Google Photos‘ assistant started identifying people and pets in the pictures and made albums of each person. In the past year since I’ve finished, it’s also been able to identify the same person at different ages and asks if the two faces are the same person. I no doubt have an uneasy feeling in that this is training some AI on facial recognition, but, like any other social media site, it’s a price I’m willing to pay to get the awesome benefits from this free service. Because of this facial recognition, Google Photos has provided me videos of my son growing up through the years, my pets, and my wife and I since we’ve met. It’s been rewarding each and every day.

I did end up sharing the entire drive with my wife. She sees whenever a new photo is uploaded so I don’t have to AirDrop or text the pictures I do take to her, she just gets them in her Google Photos app. I also don’t have to worry about losing pictures on my phone. I can create and share albums in real-time with people instead of having to remember to send them to them later. It’s been an interesting project that’s been more and more rewarding as each day passes.

Wrap Up

My Timehop feed has improved, I have a 811 day streak! It’s been real awesome to see what my wife was doing on the day I graduated high school, or what I was doing on the day she graduated college. It’s shown how large this world is when you step outside your own life and realize everyone is living their own. It really wants me to get all of the pictures into one place and see how my cousins, nieces, nephews, and the rest of my family is doing. While I’m not physically with these people every day, a collective photo album like this would almost be like being there.

The Importance of Data Backups

If it hasn’t happened to you yet, you will eventually suffer a data loss event. The most common event is your hard drive, with all your family pictures on it, suddenly and unexpectedly dies. If you haven’t planned for this, you may have to spend a bunch of money on data recovery to recover all of your valuable family pictures. Worse case, you spend the money only to find out that it can’t be recovered. This happened to my brother recently, and he thought he had a backup system in place, but when his hard drive crashed, even I couldn’t help him. He found out the hard way that his backup system wasn’t running as expected and he had to shell out $5,000 for a specialized clean room direct read data recovery process that ultimately was unable to recover his pictures. If he had an automatic backup system in place, he could have prevented this disaster.

Planning for Disaster

If your computer were to die today, do you know if all of your important data is easily recoverable? If your answer is “no” or you don’t know the answer, perhaps it’s time to set up something simple and easy now for preventing the type of disaster my brother experienced. In Windows, most of your documents are automatically stored in your “My Documents” or “Documents” folder (depending on your Windows version). This is intended from Microsoft’s perspective as it keeps all of your user files in one location. You only need to backup one single folder, and you backup most (if not all) of your important files. There are several premium services out there to help you keep your data safe. There are also some free services you could use.

Recommendations

Dropbox provides a limited amount of space for free accounts with the option of upgrading for more space. This service has a companion application you install on devices you want to automatically backup files from. I personally use Dropbox for backing up files from my PC and backup files from this server. Your files are accessible via the companion app when you install it on a new device or on the Dropbox website.

Google Drive provides a limited amount of free space and has a companion application that is installed on each computer from which you want to automatically backup files. The companion app can be configured to sync multiple computers or to backup individual computers into a single online Google Drive. This could be a useful utility for those with multiple computers they want to backup but not share data, or for those who want to sync working files across multiple devices. I personally use Google Drive for backing up document files (PDFs, Spreadsheets, text documents, etc.).

Google Photos allows for free and unlimited storage for down-scaled images and the service provides a few extra perks like de-duplication, automatic photo album creation, automatic styling, automatic organization, and automatic videos. This was very helpful to me when I consolidated all of my pictures I’ve taken over the past 18 years from several different locations. This is a great option of all you care about are photos and you take the majority of photos with your phone. Photos are automatically down-scaled and uploaded to Google Photos. I personally use Google Photos for all of my photo needs. I chose Google Photos when I filled my Google Drive and Dropbox space with photos and was looking for a free alternative. If you are a photographer or are concerned about retaining the original, high-resolution photo, there is a paid option for Google Photos which allows you to store the original photo rather than the down-scaled image.

iCloud provides a limited free amount of space for Apple users. This drive is a little more complicated to set up and is typically used for syncing files across multiple Apple products. I’ve actually lost files using this service due to it’s rather unintuitive interface and confusing backup strategy.

To get started, you simply need to pick one. I recommend Dropbox for file backups as it’s simple to use and easy to set up. I highly recommend Google Photos for all of your photo backup needs. Remember, if you try one and don’t quite like it, you can always switch to another!

Wrapup

My brother’s backup strategy was to use a external hard drive and have it backup data periodically to it. It wasn’t a terrible plan, I used to do this. He was at least thinking of data backup before disaster struck. I’ve helped clients of mine with fixing their computer and most of my conversations on data backup were brand new concepts to them. Many of them didn’t understand the importance of data backup until it was too late and data was lost. My brother’s backup attempts were valiant, but his downfall was never testing the backup system and never checking up on if it was working. This double-whammy ultimately lead to a false sense of security which is easily identified with regular maintenance and upkeep of the backup system; essential when you create your own system. Making backups easy and truly a “set it and forget it” thing, online backup providers are your ideal choice as they maintain their systems for you, and you don’t have to worry about your backup hardware failing.

If you would like help setting up your backup plan, I am available to help! Simply contact me and we can set up a time to backup your data!

Security

Hacked accounts, identity theft, security breaches. Security compromise is no longer a question of “if” but a question of “when.” With companies hoarding personal information for marketing, the payload of a successful data breach becomes increasingly more valuable to follow up attacks of individuals. Identity theft leveraging stolen information is typical after a large data breach. This is even more valuable if passwords are involved and attackers are more easily able to gain access to other accounts of yours for proving your identity.

Data Breaches

The elephant in the room. These are occurring more and more with companies that aren’t security first oriented. Startups and established and trusted businesses are both at risk and often victims of data breaches. They occur so often it’s hard to keep track and are often left undiscovered for several years. What can an individual consumer do to prevent these breaches? Practically speaking… nothing. You could decide to not use these businesses, but let’s face it, that is rather inconvenient and practically impossible unless you want to completely remove yourself from the internet. Even physical devices such as card skimmers are used to steal financial information. So unless you want to deal solely in cash, hold no money in a bank, and completely relieve yourself from the internet, you are prone to data breaches.

Take Precautions

There are tools to help protect yourself! For identifying yourself as part of a data breach, you could sign up for the completely free “Have I Been Pwned” website (that’s pronounced “Have I Been Owned“) to be notified if the information you provide is involved in a data breach. They also have a password checker to determine if the password you use has been identified in a breach. These are two very useful tools for determining which data breaches you are involved in and what information of yours may be subject to compromise. I use this service for all of my email accounts and have also added this website’s domain as an added precaution. It’s completely free and Troy Hunt is very active in its development. I strongly urge you to check it out, even if just to see if your account was involved in any of their identified data breaches. Spoiler alert: it is, especially if you have an account, like me, with any of these companies:

  1. Adobe
  2. LinkedIn
  3. Dropbox
  4. Evite
  5. Last.fm
  6. Bitly
  7. Elance
  8. MyFitnessPal
  9. Verifications.io
  10. Apollo
  11. Evony
  12. Houzz
  13. NextGenUpdate
  14. ShareThis
  15. Zomato
  16. FlashFlashRevolution
  17. Neteller
  18. and another 2,844 data breaches my accounts have been involved in

Some of these don’t seem familiar to me (Verifications.io, ShareThis, Neteller, and Apollo), but upon further investigation, these are services other sites use for processing. This becomes more of a Privacy Policy fine print issue in that I never knew until a breach was published that another site used these for data processing. More interesting is that at least one breach was a Chinese company (NetEase) that I’ve never used and, through the breach disclosure, other victims have indicated the same!

Because of this data processing issue, and the fact nobody reads privacy policies (did you read mine?), a data breach of one of these services has a much larger amount of data and a much larger payoff for hackers. To combat this, you should never reuse a password, ever. If you currently have that one, easy-to-remember, password you use for all of your sites, you are not in the minority. You can also see if your password has been compromised if you search for it at Have I Been Pwned’s Password Search. It’s astonishing to me that the password “password” has been involved in  3,730,471 breach records at the time of writing this article. Over 35 gigabytes of related breach record data can be downloaded for this password alone. Password reuse is contagion for your accounts. If you use a password that has been breached, you should assume your account is breached and reset all accounts that use the password immediately. I’ve searched through my super-hard-to-guess, personal-to-me passwords and 3 of them were already breached. I then spent the better part of 2 hours changing passwords.

Password Management

These 2 hours had me wondering if there was a better way than remembering which sites I have logins for and what those logins even are. Enter LastPass. LastPass is a free password manager that handles creating and storing all of your passwords. If you’ve used your browser to remember your usernames and passwords for all your sites, LastPass does the same thing, but using secure methods. Your browser stores all of your usernames and passwords in plain text. What that means, is that anyone who has access to your computer can steal your usernames and passwords. It also means if your computer is infected with a virus or malware, that can also steal your usernames and passwords stored by your browser. Plain text password storage is equivalent to writing down your passwords on a sticky note attached to your computer. It’s highly insecure and easily stolen.

LastPass requires a single strong master password (or better yet, a passphrase!). This password encrypts your passwords and sites all in one single block of data known as a “blob.” There is no way to tell what sites you have passwords for or what the passwords are. The encrypted data is stored on LastPass‘ servers with no way of decrypting it unless you know your master password. You cannot recover your master password. Your master password cannot be stolen unless you store it insecurely yourself (in plain text on your computer, for example). You do have a hint you can use in the case you did forget your master password and there are a few options for recovery if you completely forget it (which I have on two occasions).

Getting set up on LastPass can be a bit cumbersome, but there is a password import utility that will import all of your website and password information saved within your browser into LastPass. This is a great first step in securing your online accounts. Once imported, you can disable password storing in your browser an leverage the LastPass browser extension to auto-fill, auto-save, and auto-update your passwords. When you create a new account on a website, LastPass gives you the option of creating a new randomly generated password for the site. This makes keeping strong and unique passwords for each site a breeze. I typically start at a high number of characters (~100) and reduce it if the website requires a shorter maximum password. The longer the password the more cryptographically secure it is. LastPass also provides the options to include numbers and symbols and/or to make the password human pronounceable (i.e.: a pass phrase).

Once you have all of your passwords migrated to LastPass, this tool provides a Security Challenge where it will take all of your passwords and run some tests against them. It checks to see how many are reused, how strong they are, if they have been involved in a known data breach, and if they should be changed based on their age in LastPass. The fewer the problems, the higher the Security Challenge score. Ideally, you would want 100% but that isn’t practical all the time.

Wrap Up

So, you might be a bit alarmed by all of this. You might even be overwhelmed. Security takes vigilance and persistence, but it also takes some time. If you’re sitting there using password for all of your sites and you’ve found it to be involved on thousands of breaches, don’t fret. You’ve identified that you have a password hygiene problem so now you can fix it. Head on over to LastPass or any other password manager you feel comfortable with and start cleaning up the mess. Take it one step at a time and soon you will have a strong grasp on your account security. You are not alone! Myself, I have a current Security Challenge score of 51% which is pretty garbage if you ask me, seems like I have some password hygiene to take care of!

HATEOAS

Hypermedia as the Engine of Application State. Sounds fancy. It pretty much is. HATEOAS is a REST constraint where the state of the entity is transferred as well as what a consumer can do with that entity. It’s REST on steroids as it enables truly stateless distributed services that can scale without worrying about consumers.

In HATEOAS, the actions available for an entity are transferred with that entity. Take, for example, a traditional REST entity of a shopping cart:

<br>{<br>     "id": 11883,<br>     "total": "$10.00",<br>}<br>

In the traditional REST architecture strategy, a consumer would have to have logic to determine if it can add items to a cart, update cart item quantities, remove an item from the cart, purchase the items in the cart, save items from the cart for later purchase, etc. It would also need to know where to go to for each of these actions. This type of logic is intrinsic to a RESTful consumer application. Knowledge of how the REST API must be interpreted and developed prior to use.

Take the same shopping cart example and apply it to the HATEOAS API Design strategy:

<br>{<br>     "id": 11883,<br>     "total": "$25.00",<br>     "items":[{<br>          "id": 73,<br>          "name": "coffee",<br>          "price": "$10.00"<br>          "qty":2<br>     },{<br>           "id": 42,<br>          "name": "creamer",<br>          "price": "$5.00"<br>          "qty":1          <br>     }<br>     ],<br>     "links": [{<br>          "href": "https://shopping.c2technology.net/11883/items/73",<br>          "rel": "item",<br>          "type":"DELETE"<br>     }, {<br>          "href": "https://shopping.c2technology.net/11883/items/42",<br>          "rel": "item",<br>          "type":"DELETE"<br>     },{<br>           "href": "https://billing.c2technology.net/purchase/11883",<br>           "rel": "purchase",<br>           "type":"POST" <br>     }, {<br>          "href": "https://profile.c2technology.net/saved/73",<br>          "rel": "item",<br>          "type":" PUT"<br>     }, {<br>           "href": "https://profile.c2technology.net/saved/42",<br>           "rel": "item",<br>          "type":"PUT"<br>     },{<br>          "href": "https://shopping.c2technology.net/11883",<br>          "rel": "cart",<br>          "type":"DELETE"<br>     },{<br>          "href": "https://shopping.c2technology.net/11883/items/73/qty",<br>          "rel": "qty",<br>          "type":"PUT"<br>     }, {<br>          "href": "https://shopping.c2technology.net/11883/items/42/qty",<br>          "rel": "qty",<br>          "type":"PUT"<br>     }]<br>}<br>

This example shows how you could (poorly) structure your links attributes to handle any steps available when perusing your cart. You could update the quantity of your items, clear your cart, remove a single item, purchase all items, save items for later, etc. The point of this example is that the consumer doesn’t need to worry about the actual API calls. The consumer can just be aware of the entity types and leverage the actions available for any given resource. This example defines links as described in RFC5988. You could really use any type of defined links as long as it describes the actions that are available to the resource.

Wrapup

As you can see, this type of architecture strategy allows consumers to become more dynamic. A consuming application would only need to be made aware of an originating call to the API to retrieve entities with link attributes that determine what is available to the consuming application.

With HATEOAS, scaling web services becomes rather trivial. If multiple domains are used during scaling, the links attribute simply lists whichever are available and the consuming application can blindly follow these links to take whatever appropriate actions they provide.

Using HATEOAS is particularly useful in workflow management for multi-step processes. If you think of HATEOAS in terms of a workflow diagram, the linksattribute becomes more clear. Each step in a workflow diagram can be a resource guided by the links provided by that resource.

The Value of Design

In the projects I’ve worked on, about half of them skipped any sort of design phase. This typically lead to unmanageable code a few months into the project with no discernible way to backtrack or quickly change architecture. While each project could benefit from their own postmortem on their design phase (or lack thereof), I’m going to focus on the commonalities between projects that had some form of design phase and projects that did not. Feel free to use this as a guide for your future projects.

The Good

A design phase can be beneficial for any project. It provides a moment to think about the solution and how the architecture for it can be developed modularly with reusability and maintainability in mind. Do not underestimate this phase! This is where deep thought occurs in how the system should be developed and how the system is intended to be used. APIs are designed during this phase which will determine how the system interacts with itself and other services. A good design at this phase results in cheaper development and cheaper maintenance.

While design is important, there is a diminishing return on investment in design. The more time spent on designing a system without implementation, the less valuable it becomes. Development teams should be cognizant of their time spent designing and, after a high level design, begin designing the first thing to implement. Iterative designing alongside developing results in a flexible work plan and a flexible architecture or API design. The idea with a lightweight and iterative design process is that future design improvements build on top of or extend the existing design. Any future work that requires a re-write highlights the lack of understanding of the original requirements or a design that is inflexible. A good barometer of when a design has “enough” value is when the software engineers understand the system they are about to begin developing.

In addition to understanding a system before implementing it, design provides a blueprint for enabling test-driven development. Designed APIs may have tests written against the expected behavior of the implemented logic before any logic is actually implemented. This type of testing leads to clean and clear requirements alongside understanding of how the system should operate after implementation.

The Bad

So, why don’t teams design? The perceived cost to design in terms of time (and we all know time equals money) may not generally seem to be all that valuable to project management. Why spend time thinking about the project when you can just jump right in and start making it? This perceived cost saving measure of cutting or severely reducing design time isn’t necessarily tangible to project managers. Project managers typically care about actions that move the needle forward. Design does not move the needle forward — it moves the needle faster.

Because design is cut from the process, a lot of time is spent re-implementing, re-working, or refactoring code. Developers often code themselves into a proverbial corner and find the system that they have build is not easily adaptable to a new feature that needs implementation. This new feature requires refactoring the existing code. This refactoring doesn’t have an opportunity for a design phase. And the implemented feature is later refactored again when some other new feature needs implementation. This is a vicious cycle that often becomes the status quo and the team’s productivity quickly plummets (not to mention morale).

Furthermore, with all of this rewriting and refactoring, the system and the team’s understanding of this system, are not guaranteed. The system is a hodgepodge of various hacks and quick fixes that it is effectively held together by “magic.” I’ve been on a project where this “magic” ended up preventing new features and we ended up tracing the logical flows. This lead us to discover that there was a nasty bug in logical flow that wasn’t expected and would not have otherwise been discovered. What was worse was that we couldn’t fix this bug without declaring technical bankruptcy and reworking the architecture to achieve the intended (and expected) results.

The Ugly

Let’s talk about the ugly truth of any code base, regardless of good, bad, or no design: technical debt. Ward Cunningham coined this term and it is an analogy to treating deficiencies in a software product as a loan that accrues interest. The longer a deficiency persists in a system, the more technical debt it accrues. A project can accumulate so much technical debt that forward progress is no longer possible and the project must declare technical bankruptcy. This bankruptcy results in either a failed project, or a rewrite of part or the whole system. Martin Fowler has a lovely article that describes this concept in wonderful detail.

Following this same analogy, consider design a down-payment on a project. Sure, you can certainly start working on a project without a design, but you will quickly start accruing technical debt and that debt will accrue faster. Do yourself a favor and work in a design whenever you need to refactor something and before you start working on the code! Coding without a plan is what typically gets a software team stuck in technical bankruptcy. Don’t repeat what got you there when you dig yourself out!

Wrap up

Knowing all of this, it’s easy to see the value in design. Building a system without a plan has large hidden costs. Refactoring without a plan compounds these costs. When you don’t have a design phase at all you are essentially earmarking money to burn down the road with more time re-developing parts of your system until you can’t move that needle at all.

Hiring Good Developers

Hiring Good Developers

Hiring software engineers is easy, hiring good software engineers is hard. Due to the nature of software engineering, there is no clear or objective way to measure the skills of an engineer. Companies try to determine skill based on questions and online skills assessments. The problem with this approach is that it doesn’t highlight quality skills of a good software engineer.

Online Skills Tests

Online skills assessments typically provide a question to a software engineer and a time limit to answer this question. Sites like HackerRank provide a great platform for these types of tests. The engineer is generally not allowed to look up information (on the honor system) and the question doesn’t typically relate to the work the developer will be doing if hired. This type of skills assessment is reminiscent of college exams and doesn’t typically allow the creative freedoms normal working environments grant.

Homework

I’ve been part of take home assignments and have developed hiring processes that include a take home assignment with an accompanying code review. The intention is to allow the developer to showcase their engineering talents then showcase soft skills (like group presentations) and their ability to accept feedback and explain their work. While this isn’t fool-proof and doesn’t provide a subjective solution to the hiring process, it does showcase talent. The code review is meant to also prevent an unskilled engineer from copying another solution. Unfortunately, this too has some drawbacks: the developers that spend the most time on a take home project have a better quality product.

Solution?

Limiting time on homework projects is more of a suggestion as it is not enforced and favors those who spend more time on the project. This isn’t possible for some who have a full time job and family to tend to. Skills assessment tests favor those who regularly practice assessment tests and isn’t necessarily a good measure of their skill set in the work environment. Perhaps a different solution is necessary. Perhaps a timed, “open book” live coding exercise is better. All input could be tracked through the web console to get an idea of the developer’s thought process behind their work and could be played back (maybe at 10x speed) to watch it all unfold. This type of format would relieve the candidate of time related stress while also allowing the creative process of the candidate to shine. Sure, there are some trade offs to this approach, but isn’t solving problems why we all got into this business? This seems to be the hardest to solve.

Building a Product Vision

Building a Product Vision

Developing software under deadlines is hard. When I start projects I often have a problem to solve in mind and that’s it. It takes some effort and genuine thinking to come up with a solution to that problem. Part of that solution is having a vision. Without that, how do you know which direction to go? Developing a solution without a vision is like attempting to navigate a cave without light. If you haven’t been caving (or spelunking) before, it’s pitch black in there without a light. So much so that you literally cannot see your hand in front of your face and you don’t know which direction you are facing. If you don’t know which direction you are facing when developing a solution, how do you know where you are going?

Vision

Each project I undertake a leadership role in, I seek as much information as possible from the client. Defining your project’s vision is 90% asking the right questions and 10% of thinking about the solution. If you’re asking the right questions the solution will appear as if it’s emerging from some magical mist like a unicorn in the early morning sunrise. The best resource I’ve found for defining your vision is Roman Pichler’s Product Vision Board.

Product vision board
Your best resource for defining your vision.

So what questions should you ask? That’s a great question! While it does largely rely on what field your project is in and your client’s preferred method of communication, there are a few questions almost all project leads should ask and they are all right on the product vision board:

  1. What is your purpose for creating the product?
  2. Which positive change should it bring about?
  3. Which market or market segment does the product address?
  4. Who are the target customers and users?
  5. What problem does the product solve?
  6. Which benefit does it provide?
  7. What product is it?
  8. What makes it stand out?
  9. Is it feasible to develop the product?
  10. How is the product going to benefit the company?
  11. What are the business goals?

Once you can answer these questions, some sort of vision of your solution should come to mind. You should start recognizing that unicorn. You’re also in a great place as you’ve validated your product and have a clear path forward. In addition to this, you could also answer a few more questions about your vision to get clear insight into the current market and what it would take to make your product profitable. This part is optional and definitely recommended if you plan to sell your product. These questions are included in the extended Product Vision Board.

  1. Who are your main competitors?
  2. What are their strengths and weaknesses?
  3. How can you monetize your product and generate revenues?
  4. What are the main cost factors to develop, market, sell, and service the product?
  5. How will you market and sell your product?
  6. Do the channels exist today?

I highly recommend answering these questions if you plan on marketing and subsequently selling your product as it will position you favorably when it comes time to sell your product.

Hiring a Software Consultant?

Hiring a Software Consultant?

Hiring a consultant for your business can be a little uncomfortable. You have a contract that protects your business, but what if the consultant is just… bad? There are a few tips and tricks for identifying a less than stellar software consultant and this article will cover those.

Low Balling

Whether your project requires temporary help or more long term, beware of consultants that bid low. There’s an axiom that states “you get what you pay for.” Some software consultants purposefully provide low estimates. These low estimates may seem like you are getting a bargain, but beware that those consultants make up for this low estimation through scope change fees and additional customization fees. These fees quickly add up to be well more than the original estimate. Be sure to get multiple quotes from software consultants before hiring and compare their experience with their rate. While the cheapest consultant may look like a great choice, the more expensive consultant will save you surprise billing and additional headaches in the end. Realistic cost estimates may seem expensive, but it’s a more accurate representation of what you will end up paying. You can also help protect yourself from purposeful low bids by building into your contracts some wiggle room for specifications on scope and requirements. You should also get a feel for your consultants on how flexible they are before hiring them.

Bait and Switch

Some consultant firms lure clients in by showing off their star performers. This helps justify a higher price and makes the firm more attractive. However, these firms increase their profit margins by bringing in junior developers to do the actual work. Sure, the seasoned engineer might be some part of the development process, but the time that engineer spends on your project is severely limited. You should meet the entire team that you are hiring. At the end of the day it is your product you are paying for. You should interview the team to get an understanding of their competence for defining requirements and developing solutions. Your contract should explicitly list the developers that shall be working on your product. Including a hefty penalty combined with listing explicit team members should dissuade the more devious firms from attempting this ploy. Teamwork makes the dream work!

Communication Breakdown

Good communication is necessary to complete a project. Great communication is necessary to complete a great project. When you hire a consultant, be mindful of lacking communication. No news is not good news with your consultant. You should be driving conversations and making decisions. An unseasoned consultant, especially when paid hourly, may find no incentive of coming up with a decision or ending a long, drawn out meeting. Your decisions should have a clear deadline of delivery or schedule with defined, time-bound milestones. Without a time based factor driving the schedule, an unqualified consultant has room to draw out the project bleeding your company of your cash.

What’s Yours is Yours

When you hire a consultant, you are opening up vulnerability in your character, your trust, and your company. The consultant that is working for you is creating something that should be making you more money than the investment in hiring the consultant to complete the project. Your contracts should protect that vulnerability. The intellectual property rights for products a consultant creates should remain the company’s. You should lay out any tools or processes to help protect that property. Some consultants may try and hold your product, equipment, servers, and accounts hostage. This can become especially problematic when you try and replace the consultant or even add more consultants to the team. Be sure to include in your contracts that the company retains the intellectual property rights for anything developed and^[[C any domains your register. Check with your contract author to determine additional safeguards against having your company held hostage by a bad consultant. Demand copies of any documentation, licenses, and credentials for a consultant as part of the contract.

Project Vampires

Nothing is worse than hiring a consultant that looks great on paper and has talked the talk only to find out they can’t walk the walk. This is probably the most common problem I hear from companies that hire bad consultants. A project vampire is typically someone who is either unfamiliar with a technology that are supposed to be an expert at or someone who cannot make a decision and stall the project while they “figure it out.” Both scenarios are bad news as every minute that ticks by “figuring it out” leads to higher billing. On the flip side, the company itself could be that vampire with not making direct decisions and communicating those to the consultants (communication is key!) as well as keeping those consultants accountable with deadlines and milestones. Decision by committee is rarely productive and as the project drags on, the bill will increase as the consultant is waiting to hear back or busy “figuring it out.”

Teamwork Makes the Dream Work

This is my axiom. As a consultant to your business, I act as a team member for your product. I communicate early and often on anything I don’t understand, I’m not familiar with, and and concerns I have over the technical direction of your project or existing infrastructure. I do respect your business and the decisions that go into operating it. After all, it is your business and I’m helping your achieve your goals. Communication is key to a successful project and I communicate… often. I also share ideas on technical direction and can step back if there is a technical direction already in place. I can work with existing team members (including other consultants) to hit your goals and deliver a quality product. My time is as valuable as yours and I don’t prefer to waste my time or your dime for endless meetings or over analyzing solutions. I do prefer to help your business succeed. I advocate for your business when necessary to ensure you retain what is yours and you don’t over pay on shoddy work or vampires.

Teamwork makes the dream work. If you are looking for a consultant for your project contact me below:

Eisenhower Matrix

Eisenhower Matrix

I’ve had my share of projects in the past. With each project comes a bit of unknown terrain, deadlines, known tasks, known risks, unknown tasks, unknown risks… the list goes on. It’s hard prioritizing everything as it comes in for a project and backlogging this prioritization becomes a huge burden. I’m sure your project backlog (or your at home to do list) is massive and any attempt to start tackling these things may become overwhelming. Fortunately, I’ve found a rather interesting tool to help: the Eisenhower Matrix!

The Eisenhower Matrix was created by Dwight D. Eisenhower, the 34th president of the United States. During his presidency he launched DARPA (the precursor to the internet) and NASA. He was the Supreme Commander of the Allied Forced in Europe during World War 2, and the first Supreme Commander of NATO. This guy was busy! He also had to make a lot of decisions quickly. This box was his tool do accomplish all of these things.

The concept is simple, for a given task, determine if it is urgent or not urgent then determine if it important or not important. Once you figure those out, place the task in the appropriate box. Wherever it lies, you either Do it, Plan it, Delegate it, or Eliminate it.

Consider something on your household to-do list: grocery shopping. It’s urgent if you are out of food, it’s pretty important unless you have some other means of feeding yourself, perhaps a garden or maybe you already have food. If you do have food, it may not be as urgent, but is still important. If you don’t need food right it may not be urgent or important. In either case, you must determine if you need to go now, can plan on going later, can delegate something else to handle your shopping (maybe Amazon pantry?), or if you have a garden that can sustain you, it might not be urgent or important at all and you can completely eliminate it from your to-do list.

Once you completely process your backlog in this manner, you should have (hopefully) eliminated a bit of it. Maybe that deck you want to build can be delegated to a contractor. That room you want organized planned for a day to finally get it done. And that oil change that’s overdue, you’re at the shop today getting it done. This process of backlog grooming can be repeated each week (or however often you want to do it.. be sure to put that task in the right box!) but the process should at least help you see the priority in the items in your backlog and help you groom it to a manageable state. Anything you want to add, make sure you put it in a box!