Do we have right community?
I recently interviewed one technical guy who is supposed to be a good resource in his project. Since the guy has spent most of the time working on Messaging, I thought of asking some questions on Messaging and threats that exist for messaging (No I haven’t worked much on messaging, but as a habit I try to explore concerns that are not related to my work). The question-answer session started with few queries like the application architecture of the system, implementation of messaging and technologies used for development. Later I thought of getting into the security aspects and hence asked basic questions related to security. To my surprise, the guy couldn’t able to give me reasonable answers and not even aware of basic concepts like “Poison Messages”.
While the interview was over, one thing that disturbed me is that are we really having right kind of resources? After spending few hours analysing the cause of the problem, I ended up with following points
1. How well seniors (architects/designers) contribute to the project?
When a solution is provided for a particular problem or system as a whole how many so called architects/designers do really think not just about the context of the problem, but the factors that exists outside the context. How many times such people really think about the environment on which the application is deployed and delivered to customer and not just the application requirements approved by customer on a piece of paper? The inadequate knowledge or ignorance of such aspects by architects/designer never help developers (who are actually building the system) to understand system threats correctly.
2. Strict Deadlines
This seems to be the biggest hurdle in Software Development. The problem could either start from a Customer or due to the inadequate estimations. Most of the Software firms are always in a race to meet Strict deadlines by implementing Customer requirements but overlooking serious concerns that posses threats for overall application.
3. Absence of proper training system within Firm
Though there are firms having their own Training departments, absence of proper training plan for the resources could lead to building up community with inadequate knowledge. While it may happen that resources may be given sufficient time to analyse and provide solution but due to lack of knowledge there is no answer to the concerns that may arise out of the solution (concerns that are not just limited to functional aspects).
While some of the firms do prepare proper training plan and train resources on various aspects like security, performance etc, there is no follow up when such resources are actually deployed on projects. There are no efforts in the direction of reviewing architecture, performing various tests like performance, security, availability etc by experts panel. Sadly most of these activities are implemented if demanded by customer.
4. Lack of self-learning
Looks like a root cause of most of the problems. I had conversation with many developers/technical specialist/designers and always found that they are ready with reason for a simple question “What you really do for your self learning?”. The reasons are
a. Strict project deadlines and hence late night seating at office does not leave enough time for doing research.
b. Voila… You just added a new word to my dictionary – XSS. Now please tell me what is that. (!#@%^$&*)
c. It is not implemented in my project, so why should I learn it?
Well it was hard to believe that most of those resources have worked on critical financial projects in many organisation.
5. Specialist
There are people tagging themselves as “Solution Architect” or “Technical Lead” without really understanding the demand for the role. As stated earlier most of them are busy in implementing requirements stated on paper, they never put enough efforts to address non-functional requirements (some of them are not even ready to accept flaws within design and feel it would impact their image due to lack of knowledge). Such so called specialist are also seen to be passing the responsiblity – “That doesn’t fall within my region”. Some of them even coming up with strange answers like why should we think about non-functional aspects if the project is delivered within intranet.
This topic could well run into multiple pages. People daily read news about a site or application getting hacked or failure of application to meet increased load and companies paying hefty penalty for such failure, but how many times such people try to dig out whats really happening in their project. Every month billions (or it could be trillions or could be more) of lines code is written and new applications are coming out but are they really meeting the customer needs (needs that are not mentioned on paper but could bring down customer business if not addressed.)