Your number one job

Pop quiz time. You're a software developer. You probably have a job. What is your most important job as a developer?

Time's up! What did you say?

If you said "to get another, better job" you're right! If you didn't, well, let's talk about this a little bit.

Most people think their job search ends when they accept a new position. That's not at all true, though. After all, there are tons of things that can go wrong with the role you have (or just accepted): bankruptcy of the company, you hating the role you're in, discovering that the work isn't what you love, and more.

In fact, you should be looking for your next role from the day you start a new job until the day you leave!

Your skills as a developer mean that you are a valuable commodity. Even if your current company doesn't recognize your value, somebody in the market will.

Of course, all of us want to attain the best job, the one that we fall in love with and never want to leave. We want to be the "cream of the crop", at the top of our field. The competitiveness of the developer talent market goes into high gear for  the top 10% of the developer population. So how do you get into this group?

There are two routes you can take to move up into the top 10% of developers. The first is the experience route, which means working for years and years until you finally gain enough experience to reach the upper echelons of development skill.

The other route is the knowledge route, where you focus on gaining as much knowledge as possible so that when you are faced with hard challenges and difficult problems, you can step into the role and solve those problems with ease.

Security Matters

Recently, somebody asked me to take a look at a product they had, and give them some information on what I could do to improve it. Their product was a simple survey tool, focused on gathering data from users they invited or that had paid to use the tool. It seemed straightforward enough. Sure, I had a few concerns: the site had been outsourced, and this person wasn't a technical individual, but I figured I could take a look.

What I found was pretty shocking.

Passwords stored in plain text. No SSL encryption for logins or credit card data. A complete and total lack of any kind of password policy. And this was before I even got into the code.

Too often, it's easy to forget about security considerations when we're working on building something for a client. Security is one of those things that it seems people learn once and then assume they know, like riding a bicycle. But it's not. Security is an ongoing learning process.

When was the last time you stepped out and took a look at the OWASP Top Ten? It changes every year and is worth a look. How about examined security policies in your own app? Checked to make sure your password storage algorithms are up to par? Verified that you're using the latest and greatest version of PHP with all the security fixes? Updated that legacy site to use PDO instead of MySQL_*?

You might think security doesn't impact you, or that once you're done working for a client that the security of a particular application doesn't matter. It does! Clients can and will come after you for security vulnerabilities if they get hacked. And security vulnerabilities can be expensive: just one set of stolen credit cards can ruin a company's reputation and financial bottom line.