How culture can improve engineering velocity, efficiency, and - - PowerPoint PPT Presentation

▶

Nov 28, 2023 1.24k likes •1.58k views

How culture can improve engineering velocity, efficiency, and quality David Mercurio Stripe - Payments Infrastructure Snapchat - Memories Backend Facebook - Infrastructure, Platform, Personalized Videos Efficiency is Leverage Getting a lot

SLIDE 1

How culture can improve engineering velocity, efficiency, and quality

David Mercurio Stripe - Payments Infrastructure Snapchat - Memories Backend Facebook - Infrastructure, Platform, Personalized Videos

SLIDE 2

Efficiency is Leverage

Getting a lot done with a little

SLIDE 3

SLIDE 4

SLIDE 5

SLIDE 6

Privacy Checks

Before

1. Define CanSee privacy check

for node type

2. Load a bunch of data
3. Filter data that fails canSee()

checks After

1. Define a PrivacyPolicy for

node type

2. Define a PrivacyRule list

for that policy

3. Pass in $viewer when

loading data

4. Every data load automatically

executes the privacy rules

SLIDE 7

<?hh class PhotoPrivacyPolicy { public function rules(Photo $photo, Viewer $viewer): vec<PrivacyRule> { return [  AllowIfViewerIsOwner($viewer, $photo), DenyIfViewerIsBlocked($viewer, $photo->getOwner()), DenyIfViewerInHiddenList($viewer, $photo), ... AllowIfViewerIsFriendsWithOwner($viewer, $photo), DenyOtherwise(), ]; } }

SLIDE 8

AllowIfViewerCanSeeAllContent($viewer, $video)

SLIDE 9

SLIDE 10

uploads & downloads metadata & signed urls request https://storage.example.com/bucket/video.mp4?Signature=4439b0b99c1a45b8c83331bcc0350241 Content-Length: 2411724 Content-MD5: 7507d76ec916acf676af82d63a746641 ...

SLIDE 11

abstractions & decision logic dumb (service-agnostic) client request headers & signed urls { 'Content-Length': ‘2411724’, 'Content-MD5': ‘7507d76ec...’, <service-specific-headers>, }

SLIDE 12

Download Object

streaming
connection quality
object location

Upload Object

continuable
user location
uptime status

abstractions & decision logic dumb (service-agnostic) client

SLIDE 13

SLIDE 14

SLIDE 15

SLIDE 16

PCI Compliance

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel

SLIDE 17

PCI Compliance

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel

SLIDE 18

apiori

token token

SLIDE 19

Trust and Amplify

Develop one another in the short and long term

SLIDE 20

Onboarding and Rotational Programs

Bootcamp

“Commit code on your first day”
Low urgency bug fixes, small

features

Early foundation for cultural values
Prioritize productivity
Shared ownership
Team selection

Hackamonth

Full engagement and

disengagement (vs “20% time”)

Bidirectional knowledge sharing
Bus factor
Retention

SLIDE 21

Onboarding and Rotational Programs

/dev/start

Impactful, low-urgency, well-

scoped group projects

Second set of peers
Mentorship opportunities - but

also bottleneck

Rotations

Bidirectional knowledge sharing
Bus factor
Retention
New offices
Knowledge and culture
Seattle, Dublin, Singapore, Remote
Leadership team too!

SLIDE 22

We Haven’t Won Yet

Identifying and resolving unaddressed risks

SLIDE 23

Big Red Button

SLIDE 24

SLIDE 25

SLIDE 26

SLIDE 27

SLIDE 28

Review Process

Blameless
Identify potential remediations
Code changes
Process improvements
Expose and rectify common issues
Enable incident tracking and analysis
Knowledge sharing

SLIDE 29

References

Stripe
https://stripe.com/jobs/candidate-info
https://www.infoq.com/presentations/stripe-api-pci
https://speakerdeck.com/amyngyn/big-red-button-how-stripe-automates-incident-

management-sf-women-in-infrastructure

https://twitter.com/dps/status/1100072703007117313
Facebook
https://www.infoq.com/presentations/Evolution-of-Code-Design-at-Facebook
https://code.fb.com/culture/bootcamp-growing-culture-at-facebook/
https://code.fb.com/production-engineering/facebook-engineering-bootcamp/
Snap
https://investor.snap.com/~/media/Files/S/Snap-IR/reports-and-presentations/snap-q4-and-

full-year-2017-earnings-transcript.pdf

SLIDE 30

How culture can improve engineering velocity, efficiency, and quality

Efficiency is Leverage

Privacy Checks

PCI Compliance

PCI Compliance

Trust and Amplify

Onboarding and Rotational Programs

Onboarding and Rotational Programs

We Haven’t Won Yet

Big Red Button

Review Process

References

Questions?