Preparing for layoffs; The OWASP Top 10; Is it a console, terminal, or...?
🆕 Today I’m trying a new format for the newsletter. A bit more casual, easier to consume, and covering multiple topics in an introductory and guiding format, rather than a single long-form topic. Hit reply to let me know what you think.
Preparing For Possible Layoffs
Losing your job sucks. Our society revolves so much around money. As soon as our income is no longer a secure thing, we freak out.
While software engineering can be a lucrative and stable career, individual jobs aren’t. Here are some ways you can make the possibility of a layoff less scary:
Save up an emergency fund: Build an emergency fund savings account with enough to cover your expenses for 3-6 months. You’ll have peace of mind for regular unexpected costs (like your car exploding) along with an unexpected job loss.
Document your successes: Ensure your resume is current and showcases your latest projects, skills, and accomplishments. Keep your online professional profiles, like LinkedIn, updated. Maintain a portfolio of your work, especially any public contributions to open-source projects or personal projects that demonstrate your skills.
Keep learning and practicing: The tech field is constantly evolving. Stay updated with the latest technologies, programming languages, and industry trends. Online courses, certifications, and workshops can be beneficial.
Get a side piece: Engaging in side projects or freelancing can not only hone your skills but also create additional income streams and open up new career opportunities.
Be emotionally ready for reality: Layoffs can be stressful. It's important to maintain a healthy work-life balance and have a support system in place. This can include family, friends, or even professional counseling. True for regular job stress and burn out, too. Talk to someone when you’re not doing great.
Peep the market: Keep an eye on the job market and the health of companies in your industry. This awareness can provide early signs of market downturns or opportunities in emerging areas.
Brush up on your leet code: Regularly practicing for interviews can keep you sharp and ready to present your best self when opportunities arise.
Further Reading
Gregor helps you document your successes:
John’s newsletter is full of engaging challenges to help you learn and practice:
The OWASP Top 10
As a senior member of engineering teams at two organizations, I often interviewed developer candidates for mid- and senior-level positions. One question I liked to include was: “What security risks should engineers be aware of when developing SaaS applications?”
Very few candidates could list more than 3 or 4 security concerns, and almost no one mentioned OWASP or other security standards they could reference.
Application security is a critical and often required facet of modern software development. Knowledge of security risks should be included in your broad knowledge, alongside things like programming languages, databases, etc.
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Launched in December 2001, its programming includes open source projects, 250+ local chapters worldwide, industry-leading educational and training conferences, and more.
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. It was started in 2003 to help organizations and developers with a starting point for secure development. Over the years it's grown into a standard used as a baseline for compliance, education, and vendor tools.
Why should you care about the Top 10?
Security is not optional. Creating secure code is inherently part of the value we provide businesses as software engineers. This is especially true (and required by law) for software surrounding payments, medical records, and other highly-regulated sensitive data.
Security is important for the business. Sometimes it’s difficult for developers to understand what is important to their employer and the business as a whole. Avoiding costly security breeches, lawsuits, or other ramifications of insecure applications is one thing any good business will prioritize.
Considering security helps you think about more than the happy path. By imagining how your software will be used in ways other than its normal intended functionality, you can ensure a better experience overall. The UI, code quality, tests, and more all will increase in quality.
It makes you look better in interviews. When I interviewed candidates, I expected engineers to have enough knowledge about security to understand how it impacts their role. By mentioning the OWASP Top 10, you demonstrate awareness and an authoritative resource you can rely on without needing to be a subject matter expert.
It’s knowledge and experience! “Never stop learning” is a common theme here at Become a Senior Engineer. You never know when you’ll be in a situation where the Top 10 could save you, your team, or your business the headaches of dealing with a security exploitation.
Knowing what it is and why it should be in your toolbox, head over to the Top 10 to see what the risks are, examples of each, ad how to mitigate them in your apps.
Is it a console, terminal, or…?
No real nuggets of senior wisdom to go along with this, just something fun to nerd out on:
What is the exact difference between a 'terminal', a 'shell', a 'tty' and a 'console'?
Things & Happenings
✨ CharmUI, beautiful production-ready components built with React and Tailwind CSS – by my friend Tim Wilson
Work Chronicles, a web comic
Pathless Path by Paul Millerd is now free to download
ASDF, a runtime version manager
Tally, a really nice looking free form builder
Teal, an AI resume builder and job app tracker
go/links, an internal URL shortener to easily find important info