Application Security Testing: An Integral Part of DevOps
The national IT job market has been on the rise the past two years. The hiring statistics over these years have revealed an interesting trend: Companies prefer to hire strong application developers onshore and junior/entry-level developers offshore. Furthermore, hiring managers are looking for "all-around" knowledgeable employees—self-starters, independent, technically proficient, business savvy, and so on.
What does it mean for us, the local developers? It means that the current interviewing process is more vigorous than ever. Technical interviews are only a part of the whole interviewing process. Do not get me wrong; the technical interview is still an essential part, but it is not a sole factor in the ultimate decision making. The contemporary onshore developer is a programmer plus business analyst, designer, architect, DBA, and often, project coordinator. If you are just a programmer, you must re-evaluate your current situation and start evolving with the evolving job market because your job might be at risk.
If you are looking for a new position in IT, here is what hiring managers are looking for:
1. People Skills
During the interviewing process, you must show at least three of the seven traits listed below.
- Self-Discipline: Ability to choose your task, create a plan of attack, and execute the plan.
- Motivational Skills: Ability to stimulate others to action toward a desired goal.
- Organizational Skills: Ability to effectively control resources in the time-constrained environment.
- Communication Skills: Ability to effectively communicate with others by using presentation, writing, and listening skills.
- Strategic Skills: Ability to apply methodology for systematically spotting and exploiting opportunities to improve one's position.
- Conflict Resolution: Ability to control how conflicts are handled and resolved in a group setting.
- Assertiveness: Ability to distinguish yourself as a leader and a person of authority.
If you feel you do not possess any of the traits listed above, you should come up with a plan of action to acquire them. There are a number of great books you can read that will help you acquire these skills. Please consider the following books:
- Cairo, Jim. 2004. Motivation and Goal-Setting - How to Set and Achieve Goals and Inspire Others. New York: Career Press.
- Chandler, Steve and Richardson, Scott. 2005. 100 Ways to Motivate Others. New Jersey: The Career Press.
- Steven W. Flannes and Ginger Levin. 2005. Essential People Skills for Project Managers. New York: Management Concepts.
- Gregg Lee Carter. 1994. How to Manage Conflict in the Organization. New York: AMACOM.
- Stewart Levine. 2002. The Book of Agreement: 10 Essential Elements for Getting the Results You Want. New York: Berrett-Koehler Publishers.
Furthermore, during your interview, you should be ready to discuss your previous professional experience where you had shown your proficiency in the skills above. You also should be prepared to explain what each skill means to you personally.
2. The Basics
When I conduct interviews, I always ask several elementary questions. Why do I do that? I want to make sure that candidates have done their "due-diligence." I want to know if they came prepared. For example, I ask senior Java Developers relatively easy questions such as the following:
- What are reference type variables and primitive type variables?
- How are constants implemented in Java?
- What is an expression?
- Name ten operators in Java.
You should always be ready to answer these questions. Remember, your interviewer cannot assume that you are senior only because you say so; you have to be ready to prove it.
3. Advanced Topics
If you are a senior application developer, you must be ready to discuss advanced topics of the language. The following list highlights advanced topics for Java developers (skip to the next section if you are not a Java developer).
- OO Design Patterns: Application developers must know at least five "design patterns." Every senior developer has come across many design patterns in his/her career. However, he/she might not know how to effectively explain how each pattern works and what the benefits are of one over the other. I recommend you do some reading before you start interviewing. This is a good start: http://en.wikipedia.org/wiki/Design_Patterns.
- UML: Unified Model Language has long ago become a required skill for business analysts, software developers, architects, UI designers, database professionals, testers, and project managers. UML is used as a standard language for specifying, visualizing, constructing, and documenting the artifacts of software systems. UML is also used for business modeling and other non-software systems. There are at least three UML diagrams that a senior Java developer must be familiar with:
- Use-Case Diagram: Shows interaction between application users and application functions.
- Sequence Diagram: Depicts interactions between objects in the sequential order that those interactions occur.
- Class Diagram: Shows static representation of classes and interfaces along with relationships and collaborations between them.
4. Business Knowledge
There is no doubt that knowledge of the business is a great supplement to your technical skills. No employer would pass up an opportunity to interview a candidate who has previous experienced working in the same business area. Unfortunately for employers (and fortunately for you), it is very hard to find a technically proficient person with good communication skills and with specific business knowledge of the job. Furthermore, employers look for candidates who have general experience in the underlining industry (brokerage, banking, manufacturing, publishing, and so on).
What can you do if you are interviewing for a position that belongs to an industry that you have no previous experience with? One way you can distinguish yourself from the rest of the candidates is by depicting your interest and knowledge of the organization's line of work. Try finding out about the specifics of application development for this particular industry and, more specifically, for the department at which you are interviewing. For example, if you are interviewing at a publishing company, show the interviewer that you understand the challenges of the industry and the rewards of working there. If, for example, the department you are interviewing at is responsible for maintaining client and product data and allowing users to view and modify this data, try to explain that you understand the challenges related to creating and maintaining such applications.
5. Relational Database Knowledge
Name one application that is not connected to a relational database. Let me think ... I can't come up with one. Almost all modern applications work with a relational database. That is why it is essential for a candidate to have advanced database knowledge. What are some of the things you must know? Basics Topics include SQL, Entity Relationships, Data Type, and Table Definition Language. Advanced topics include Optimization, Stored Procedures, PL SQL, Triggers, Tuning, and DBRM Commands. I am not advocating that you should become as proficient as a database administrator, but you should be able to freely discuss advanced topics. If you failed to acquire advanced databases knowledge during your previous work engagements, you can acquire it by reading technical literature on the subject.
6. Area of Expertise
What is your area of expertise? Mine is web-based application development using J2EE. You have to choose your area of expertise in application development and cultivate it—become an expert. I am skeptical when a candidate claims that he is an expert in web-based, asynchronous, and fat-client applications. If a job requires a web-based application developer, I would prefer to find one that has mostly web-based application development experience. If you are a subject matter expert in a given area, you have a far greater chance of getting the job you want.