Other posts
- 03 Mar 2022 » Job search is over, I'll be joining ActBlue
- 16 Feb 2022 » The perfect guest appearance (for me)
- 10 Feb 2022 » Bro do you even code
- 08 Feb 2022 » Boundaries
- 06 Feb 2022 » The perfect interview (for me)
- 26 Jan 2022 » Documenting my job search
- 08 Sep 2015 » XSS to RCE in ...
- 25 Jul 2014 » Twitter's CSP Report Collector
- 13 Dec 2013 » Automatic XSS Protection With CSP: No Changes Required
- 13 Jan 2013 » Removing Inline Javascript (for CSP)
Bro do you even code
It’s been nearly a decade since I’ve done a true job hunt where I’m chasing down multiple opportunities. I have interviewed and hired people since then so it’s not like I’m completely detached from everything but some conversations have been surprisingly aggressive. I’m attempting to perform a career switch after spending a year in management, I get it. That’s a different profile than someone who has been doing nothing but engineering for as long as my career. But I have been looked at with a surprising amount of suspicion.
Bro do you even code
People who know me: we want you to work here.
— Neil Matatall (NileMatotle) (@ndm) January 25, 2022
People who don’t know me: you want you to work here.
The vibe couldn’t be more polar opposite.
Many of the people I was talking to were coworkers or people who had worked with coworkers of mine. It was less of an interview and more them trying to convince me to work with them. Whether or not that is wise of them, it felt good. I’m not saying I can be flattered into a position, but it’s a very nice cherry on top.
Others approached me with great suspicion and doubt. I get it, I’m a “security person” who has been in management for a year. But I didn’t run burp all day and create PDFs (no disrespect to anyone in these kinds of roles), I was writing application code for most of it. Doing so without product and design support for the most part. Writing tricky code for things with large implications, like the authentication stack.
GitHub wanted me?
When GitHub added support for Twitter cards, they chose to demonstrate it with secure_headers
(a ruby library I wrote). My memory is a bit fuzzy around the 2013 timeline, but I met some hubbers around that time at ShakaCon. Soon after, we were chatting about potentially becoming a hubber but I was enjoying the Twitter IPO at the time. The IPO shinyness wore off and I would go to GitHub late 2014.
I’m not saying that blog post and the decision to choose my library was a way to lure me in as an employee or that I was flattered into joining GitHub, but it helped.
That stupid article.
The new hire who showed up is not the same person we interviewed. I mean no disrespect to the author but the timing wasn’t convenient for me. I am not cheating on coding exams. I did not falsify my resume. I did not pay my neighbor to pretend to be my boss. I did not fake my years of open source contributions or standards body work. I did not hire a doppleganger to present technical ideas or created a deepfake of presentations.
Sadly, we are not able to proceed with a technical interview that does not include live coding. I had some internal conversations about this, and it sounds like a significant driver is that we’ve had past issues with fraudulent identities (IE: someone hires someone else to pretend to be them to ace an interview and get a job).
GTFO. 🚩. But also, I cannot believe this happens. Well, I believe it has happened. I’m not accusing them of making this up. So… it has to be true. What a world we live in.