by Jon Cwiak (Twitter) => Senior Software Engineer | TechOnTap Brewmaster | Microsoft Certified Professional at building things
The High Cost
Head over to any online news source and you are almost certain to see another story about a hack, data breach, data leakage etc. While many of these “hacks” are attributed to complex phishing attempts and/or stolen credentials you often never get an inside view on the technical “how” such attacks were pulled off. The technical details are withheld for lots of reasons but mostly because parts of that vulnerability may not have been fully mitigated; those same vulnerabilities are probably in your organization.
This article is not about inside stories or root causes of hacks; instead, I want to focus on one attack vector where these attacks originate….a danger that creeps, well camouflaged, in all organizations: the complacency culture; Most businesses today buy, lease, or build their own custom software; this is to be expected and absolutely necessary to run a business. When time/scope/cost/feature set make sense, software is purchased and used, purchased and adapted, and often purchased and forgotten; when features of packaged software don’t meet the needs of the business in question, software is created… and often forgotten. In large organizations, it’s not uncommon to have teams of development staff not know about one or more production applications that they own; it was written long ago and lost to the ages….and there is where the danger lurks.
Software can be dangerous when it’s forgotten or ignored. Not only is there are high price in maintaining old code from a support perspective but there is real danger of letting a solution stagnate for too long. In and of itself, old code is not bad code; however, when the operating environment is kept at a lowest common denominator to cater to solutions that have not been touched in years, this screams danger.
Technical debt is a real. We trade time to market, business features, and cost of purchase for a long term technical mortgage that many organizations don’t feel the need to repay….until they spend hundreds of millions of dollars dealing with a data breach or a hack.
As technical leaders we are challenged with a complacency culture; as employees or contractors we have expectations of performance; as craftsman we have a responsibility to our craft before our responsibilities to our managers; so where does this leave us? How to we answer to our craft instead of our demands?
When as system is rotting, it’s up to us to raise this concern and bring our toolbox to bear on what we can; what can we do to ensure that future stewards of our systems don’t pay the high cost that we do today?
Change is hard; Complacency culture is best battled by removing the conditions in which it thrives: laziness and acceptance of good enough. Here are some specific ways to encourage moving forward:
Get involved in the technical community; Join or start a user group; attend a conference; learn and share an idea…even if it’s not really new;
Engage with interviewing; Value integrity and grit over particular technical talents; Remember that we can all attend a training course; not everyone is a good team player.
Learn To Learn
Learn how you and your team learn best; Be selfish and grow yourself…you silently inspire;
Stop doing things manually that can be done with automation; Learn & encourage others to rethink routine.
Stop Wasting Your Keystrokes
Write blogs not emails; the future you will appreciate you more.
Wrapping It Up
Paying back technical debt starts with removing the complacency culture. Take iterative, incremental steps build a great team; a great team helps slow and/or stop the erosion of your culture; be a technologist and “professional up” by remaining a life learner. Automate all you can; last but not least, remember that the success and/or failure of our products may not always be in our control but the decision to remain committed to our craft is.