Blog

Blogs

Blog article category for blog articles on this site covering the areas of DevOps, Cloud Infrastructure, Site Reliability, Technical Writing, Project Management and Commerical Writing along with Event Management and associated areas. 

Tech Interviews and Communication

Tech Interviews and Communication

Why communication is critical to a successful outcome...

I have just finished an interview as a contractor with a lovely bunch of fellow technologists, who ranged across many technology disciplines. Whilst we came from different technological backgrounds and practised in different areas of technology, what struck me was that shared love of technology. The MS Teams call gave me a chance to quickly assess the body language of the interviewers, and their tone. This gave context to their introduction as a starting point to assess my 'cultural fit' for the role I interviewed for. This positive report was in direct contrast to another interview I attended late last week where the interviewer got on looking frustrated. He asked a general question about my recent working past and instead of even pretending to look interested, he looked to his right off the camera until I apparently had finished boring him about my recent working past. Much to my relief, he called a halt to the interview saying I was not a good fit for their organization. It was the longest 15 minutes I ever spent in an interview with a highly caustic personality. I left the call agreeing with him on a singular point, I was not a good fit for their organisation based on my experience. 

So, two 1st round interview experiences within a few days of each other, one good, one bad. Is the bad one a successful outcome? Whilst it looked like a waste of time, the interview termination call made by the interviewer was consistent with my experience. After 10 minutes, I was ready to leave the call. Another 5 minutes and the interviewer showed me the door to a successful outcome, being the company was not for me. I have been guilty in times past of overlooking red flags around a good fit in interviews, even at one point going 8 rounds to join a company that turned out to be a disaster. With lessons learned, I would advise any engineer going to interviews the following:

  • Find out what the interview content is prior to the interview and if the interviewer(s) materially deviate from it, ask the interviewer about the deviation. If the answer is not satisfactory, withdraw from the selection process after the interview. 
  • The first 10 minutes of the interview is where you should be the most focused on proficient communication. Your goal in these opening minutes in particular is to listen and observe more than you speak. Remember to gauge your interviewer(s) responses to your inputs. Look for positive and negative body language.
  • If you come across a very bad case where an interviewer is displaying negative body language, do not let it phase you. I get nervous in interviews and overcoming this shortcoming has taught me many lessons about what is actually my problem and what is actually somebody else's problem. Have the confidence to carry on and never stop observing as you speak.
  • Preparation for a technical interview is only half the battle. Try to gain clarity around the first round of interviews into what team culture you looking to step into and assess if you are a good fit. If so, use the next technical round to recheck this as this good fit will make the difference in a successful outcome for your job.
  • If you come across someone interviewing that clearly demonstrates the opportunity is so far from a good fit you are wondering if you are on the same planet, do not 'call time' to the interview. Also, be mindful to not deliver some other unprofessional ending to the interview. Let the interviewer(s) do that if they wish to be unprofessional and move on with your professional integrity intact. 
  • If the role is too good to be true, there is some aspect that you have not explored. A well-presented use case for a project should always stand up to post-interview examination, especially if an agency recruiter is involved so work over the details to see what does not align with your knowledge in the area. If questions arise, jot them down for the recruiter to follow up with the client. Remember, you are interviewing them as much as they are interviewing you.

I can't say all accept or decline decisions will be correct over the longer term. However, if the above points are borne in mind, you will have more good days than bad in the workplace.  Stay tuned for more on writing in this blog along with articles on other areas of interest in the infrastructure and DevOps arenas. To not miss out on any updates on my availability, tips on related areas or anything of interest to all, sign up for one of my newsletters in the footer of any page on Maolte. I look forward to us becoming pen pals!

Best Regards

John 

 

 

 

Where We Belong

Where We Belong

Why finding our place in our working lives should not involve compromise...

As my first week of full-time focus on transitioning to contracting comes to an end, I took a break and went to see Top Gun 2. It was a classic feel-good action drama delivered by a top class acting cast. There were many references in the movie to 'where we belong', which got me thinking about my move to contracting. I then reflected on my careers from the Military to Process Management to Engineering over more years than I care to admit. In my reflection, I realised why I'm brave and not foolhardy to make the move to contracting and give it an honest shot. 

Life is an opportunity lottery of cause and effect, which we all go through with varying degrees of 'success'. What makes success attractive is not a title or cash earned in a race to the top, which can often turn into a race to the bottom. It's the accumulation of experience that colours the journey, which we look back upon as success or failure. This fact about success seems to be overlooked by many who implicitly declare it out of reach. Some psychologists have even published online articles submitting that being unhappy in our jobs is ok once we have some outside interests like family, hobbies, etc. I would like to rebuke this argument as folly for the following reasons. Our time on this earth is limited and we spend vast amounts of time figuring out who we are in our early years in particular. I was in the middle of my 2nd career when I gained such clarity but lacked the confidence and the courage to step outside of the comfort zone that society drew for me. This self-defeating behaviour led me to a common misunderstanding that folks often live out their lives upon. To be elevated in life to the next rung on a management ladder, or the next big job only is only meaningful if it touches one's inner values driving one onwards to self-actualization. Not everyone will be a movie star or member of the board. I would argue that it's okay to be neither. Dropping society's misinformed musings of the day around what is expected of us and connecting our passion with purpose should be our primary metric in finding a career where we feel we belong. When we do, our lives will become transformed. Our group, our tribe, and our fellowship with like-minded individuals who share the same passion and purpose energize our very being in a manner that brings happiness to all who we touch with our commitment, positivity and enthusiasm. Visible outputs such as creativity and productivity are secondary to these primary drivers in our lives. 

Even now in these formative stages of setting up Maolte as an IT/Cloud contracting business, I can say that having the courage to go it alone and leave full-time employment behind for the unknown and the unpredictable takes courage. It may work out or may not, but either way; the returns in life lessons fuel my inner being with life experiences I am already connecting with. The quality of learning, commitment and experience that will come will be greater than what was due to this deeper sense of commitment. Where it will end up is not clear, but what is beyond doubt is that my life will be enriched by the experience as I plan my next steps with an enthusiasm that I have not felt in a long time. So as I write the start of a new chapter in my life, I raise my glass to you and wish you the type of success that is bound to happiness on your journey.

Stay tuned for more on writing in this blog along with articles on other areas of interest in the infrastructure and DevOps arenas. To not miss out on any updates on my availability, tips on related areas or anything of interest to all, sign up for one of my newsletters in the footer of any page on Maolte. I look forward to us becoming pen pals!

Best Regards

John 

Why HTTP headers are important

Why HTTP headers are important

We all know about dark hat hackers and their cyber criminal mentality. They have proven their ability to magic their into your life leaving a trail of digital theft, financial loss and business damage in their wake. The security industry is built around developing answers to the latest 'zero day' threat in a race against time that does not always get to a production environment in time. 

Whilst the security industry has an impressive array of services, integrations and platforms available for digital businesses, the fact is that many businesses do not give their application's HTTP headers the attention it needs to reduce the attack surface on their digital footprint. Poorly maintained HTTP headers open up a wide variety of attack vectors that are well known by the wider hacker community. The range of automated bots looking for attack vectors via automated scanning is staggering as is the range of attack vectors associated with HTTP headers. Cross-site attacks, cache and password reset poisoning are just some examples of how poorly maintained HTTP headers can severely damage your business. Ideally, your business should configure all application HTTP headers for X-Frame options, X-Content-Type-Options, Strict-Transport-Security, Content-Security-Policy, and Referrer-Policy. Depending on your business use case, I would add a Permissions-Policy also. If you have an external WAF, you could set your security policies there and the reverse proxy will ensure the appropriate headers reach your server; but make sure you have bypass prevention configuration set up on your external WAF. It's always best therefore to generate these headers at the application stage. A free web scan should pick up your HTTP header posture as described above. It's also worth noting that TLS encryption for HTTPS if at TLS 1.1 should at the earliest be upgraded to TLS 1.2 which may require some programming on your part given the FIPS-140 compliant security feature of 1.2. This may seem excessive but given the speed of development of so many hacking technologies, planning and implementing such upgrades now is a must in my view. 

No application is perfect and no security solution is so wholesome that it guarantees the safety of your digital resources. That said, those who set a high bar on security for their digital resources are destined to be last in line for the focus on the skilled hacking elite that holds companies to ransom as a career choice. They will always target those who can be socially engineered into divulging their secrets and/or those who leave easy vectors open to minimise their effort and maximize their return on investment. By not being 'that guy', you secure a better outlook for your company's future starting with its HTTP headers. 

Stay tuned for more on infrastructure in this blog along with articles on other areas of interest in the writing and DevOps arenas. To not miss out on any updates on my availability, tips on related areas or anything of interest to all, sign up for one of my newsletters in the footer of any page on Maolte. I look forward to us becoming pen pals!

Best Regards

John