Preparing for Projects & Prioritizing Security - Ryan Keelaghan

Your host: Joseph Maxwell, Founder and CEO of SwiftOtter

Special Guest: Ryan Keelaghan, Principle Back-End Web Engineer at cbdMD.com

Show Notes

In early 2020, Ryan took a job at cbdMD.com, which has grown tremendously during his short tenure there. Due to that growth, Ryan’s job as their principal web engineer has changed dramatically. He now has a manager underneath him and commands a small team, and recently has come to realize how much he has accomplished by simply committing to doing good work every single day. Ryan's reality is that everything that happens to their online storefront, both positive and negative, reflects on him and his front-end lead. How is he handling this reality, you might ask? Actually, he's handling it quite well, and he has a lot of valuable information to share with us today!

Ryan has become a master at large-scale upgrades and he has a few helpful tips for any developer looking to take on a project of that size. His first tip is simple, but quite important, and it’s to “allow yourself patience”, remember that it’s going to take a long time, and commit to doing it the right way. The next important tip is to make sure you have a solid understanding of how the current system works. Make sure you know what the code base looks like, how the plug-ins work, and then start with one module at a time. From a developer’s perspective, it’s hard to not skip ahead because it’s really hard to explain to the merchant why so much time is necessary, why certain milestones haven’t been completed yet, etc. This is why many developers are so tempted to write sub-par code and sort of duct tape projects together, in order to prove to the merchant that progress is being made. However, down the road, if a brand new upgraded website has been constructed too quickly, it’s going to be filled with bugs and the merchant won’t be happy with that either. 

Ryan and Joseph ventured into the realities of needing to keep your platform up to date and actively defend against breaches. Ryan compares the experience of a data breach to having your own house broken into, and how protecting your data with security protocols is just like making sure your windows and doors are locked at night. The difficulty is convincing the merchant of why all of this time needs to be spent on something that doesn’t add any revenue to their bottom line. Sadly, what usually causes merchants to see the value in security is the event of actually having a data breach. We don’t want to use scare tactics with them, but we do have to communicate the importance of proactive security measures, because once a breach happens, they’ll be looking at their developer team for some cringe-worthy answers. Joseph suggests becoming very familiar with the OWASP top ten web application security risks, because even though there are a bunch more security risks out there, the OWASP top ten likely accounts for roughly 90% of the biggest risks we regularly encounter. 

This might sound like a really super broken record because of how many times we make this point on Smash the Bug, but Ryan goes back to the importance of meticulous documentation practices. Communication between teams is the beginning, so that teams can keep each other accountable and check each other’s work, and then documentation is what ensures that each developer keeps a record of every single little end point they write and how they secured it. Very briefly, Joseph and Ryan discuss when using an anonymous is actually the right way to go, while it is not common, and how to handle that specific occasion. 

To put a cherry on top of this episode, Ryan got to answer the classic Smash the Bug question about what he is doing to sharpen his skills and level-up in his career. He can’t help but urge us to review our code, keep an eye on how our plug-ins are working, and to have side projects going. Ryan talks about how his last 12 months have really not been full of code writing, but mostly just code management. Because writing programs actually interests him and creating things from the ground up makes him happy, he designates some of his spare time to flexing those creative muscles using great resources like codewars.com, which is basically an educational community for programmers that gives them elaborate puzzles to solve and dispenses points to them based on how accurate their output is. Ryan says to keep yourself busy with things that “make you happy”. As Joseph kindly reminds us, burnout is very real, and while many developers break into this career because they genuinely love it, they very often get burnt out because they eventually get away from the kind of work that they really enjoy. 

(Theme music courtesy of TrendingAudio)