Upgrade to Pro — share decks privately, control downloads, hide ads and more …

More Engineers, More Problems: Solutions for Big Teams

More Engineers, More Problems: Solutions for Big Teams

Chime • David Trejo, Chris Dwan, Brian Lesperance • Keeping a large engineering team aligned is hard. In this session, three members of Chime Engineering will talk about a different facet of working with a large engineering staff. How can you create security standards, and make them visible enough to build a team-wide security mindset? How can you create an engaging onboarding session to help new team members connect with the information they need? How can Rails ActiveSupport be more than just a lot of string tools and instead be used to promote common solutions to problems and deliver reliable software? Plus, learn about Chime and Chime Engineering!

6b767d8a4c9910e007c122d81eb4de73?s=128

Noel Rappin

June 12, 2022
Tweet

More Decks by Noel Rappin

Other Decks in Technology

Transcript

  1. RailsConf May 19, 2022 More Engineers, More Problems: Solutions for

    Big Teams
  2. Chime | 2 Welcome!

  3. Chime | 3 REPLACE IMAGE HERE This is one of

    the most terrifying graphs I know
  4. Chime | 4 As you get big fast, the amount

    of communication in your organization gets bigger, faster…
  5. Chime | 5 Chime engineering more than tripled in 18

    months…
  6. Chime | 6 Chime ➔ Chime is a financial technology

    company founded on the premise that basic banking services should be helpful, easy and free. ➔ Members get early access to their paycheck, accounts with no monthly fees, fee-free overdrafts up to $200, and a secured credit card that actually helps you build credit. ➔ Helping our members achieve financial peace of mind with the simplest, lowest-cost, most human financial products ➔ We profit with our members, not from them
  7. Chime | 7 Chime Engineering ➔ Almost 600 Engineers ◆

    San Francisco, Chicago, Vancouver, and Remote ➔ Mostly Ruby Back-end ➔ Many services with APIs and custom messaging ➔ https://careers.chime.com/
  8. Chime | 8 Three talks on solving “big team” challenges

    ➔ David Trejo: How Chime creates a proactive security & engineering culture ➔ Brian Lesperance: Secure & Observable Software with ActiveSupport ➔ Chris Dwan: How To Onboard Ruby Developers
  9. Chime | 9 David Trejo

  10. David Trejo • RailsConf May 19, 2022 How Chime creates

    a proactive security & engineering culture with Monocle
  11. You: Instead, we empower engineers and build trust like this…

    Security Feelings
  12. Tripled our engineering team ⬆ Created many new services 🚚

    Noticed security gaps and filled them 🔐 Chime | 12 Lately at Chime we’ve…
  13. Chime | 13 Our members share sensitive financial data with

    us. A security breach would be bad news. ➔ Leaders can see security posture ➔ Engineers aren’t overwhelmed by 5+ tools ➔ Automation saves us 2,000 eng hours per year on audits 😰
  14. Solution: Monocle, our internal Rails application Chime | 14 Inspired

    by open source and to get attention from engineers, we’ve given a badge to each of our repos with a letter grade
  15. Key items that reduce our audit workload: Approved base images

    Branch protection w/ 1+ review approvals Vulnerability resolution Empower engineers to improve the grade their service’s security
  16. Safeguarded our members’ data Engineers easily improve their services’ security

    Leaders see our investments in security pay off Monocle’s Security and culture results:
  17. A great start / MVP: - A cronjob - that

    hits the Github GraphQL API - then sends Slack notifications to teams, and creates reports I wish I’d started sending Slack messages sooner. Or, if you’re mostly interested in the security benefits, try open source tools like ossf’s AllStar–or more generally, Backstage.io. Chime | 17 “Where should I start?”
  18. Email us (security at chime) or message me on Twitter:

    @ddtrejo Also, we’re hiring–and this is my favorite job ever 😎 Chime | 18 Questions?
  19. Secure & Observable w/ ActiveSupport Brian Lesperance

  20. Context

  21. • The feature doesn’t work • Requests are slow •

    App is crashing Problem(s)
  22. • Measure • Learn • Build Approach

  23. Initial Solution

  24. ActiveSupport::Notifications “An instrumentation API for Ruby”

  25. ActiveSupport::Notifications

  26. ActiveSupport::Notifications

  27. ActiveSupport::Notifications • Separates instrumentation from business logic • Decouples logic

    (collection) from presentation (logging) • Lays groundwork for further reuse
  28. Measure: Before

  29. Measure: After

  30. Initial Solution: Reporting Results

  31. Simple Subscription

  32. ActiveSupport::LogSubscriber “An object set to consume ActiveSupport::Notifications with the sole

    purpose of logging them”
  33. ActiveSupport::LogSubscriber

  34. ActiveSupport::LogSubscriber

  35. ActiveSupport::LogSubscriber

  36. • Follows Rails convention • Consolidates presentation • Simplifies logging

    ActiveSupport::LogSubscriber
  37. • Logged personal & sensitive data is a liability •

    Users ◦ Identity theft, financial hardship • Business ◦ Civil & criminal lawsuits • Need to never log this Sensitive Data
  38. ActiveSupport::ParameterFilter “Allows you to specify keys for sensitive data from

    hash-like object and replace corresponding value”
  39. ActiveSupport::ParameterFilter

  40. ActiveSupport::ParameterFilter

  41. ActiveSupport::ParameterFilter

  42. ActiveSupport::ParameterFilter

  43. • Sanitizes hash-like structures • Shared configuration w/ Rails.application.config.filter_parameters ActiveSupport::ParameterFilter

  44. 1. ActiveSupport::Notifications 2. ActiveSupport::LogSubscriber 3. ActiveSupport::ParameterFilter Mission Accomplished

  45. • Further extraction • Additional destinations Next Steps

  46. Stay Curious

  47. Thank you! 💚 Chime | 47

  48. Chime | 48 Chris Dwan

  49. Chime | 49 Ruby 💚 Rails

  50. Chime | 50 Crazy Love 💚

  51. Onboarding

  52. Chime | 52 Chime | 52 Yawnboarding?

  53. Chime | 53 Consistent

  54. Chime | 54 Ruby 💚 Rails

  55. Chime | 55 Bad 😡 Code 😭

  56. Chime | 56 Team Up 󰠘

  57. Chime | 57 Sustainable

  58. Chime | 58 Content

  59. Chime | 59 Balance? ⚖

  60. Chime | 60 CHEATED

  61. Chime | 61 • Welcome and IRB • Philosophy of

    Ruby • Ruby at Chime • Question Game • Mob Programming Exercise
  62. Chime | 62 Why?

  63. Chime | 63 Curiosity

  64. Chime | 64 Limitations

  65. Chime | 65 Pull > Push

  66. Chime | 66 • Dirty Hands • Two-Way Communication •

    Empty Space • Keep it Moving • Split Ruby + Rails sessions
  67. Chime | 67 Front Row Seat?

  68. Chime | 68 Gratitude

  69. Chime | 69 Ruby Learning Team 󰠘

  70. Chime | 70 You

  71. Chime | 71 Conclusion

  72. Chime | 72 💚 Introduction

  73. Chime | 73 Thank You Email: chris.dwan at chime.com @radixhound

  74. Chime | 74 Q&A