Upgrade to Pro — share decks privately, control downloads, hide ads and more …

More Engineers, More Problems: Solutions for Bi...

More Engineers, More Problems: Solutions for Big Teams

Chime • David Trejo, Chris Dwan, Brian Lesperance • Keeping a large engineering team aligned is hard. In this session, three members of Chime Engineering will talk about a different facet of working with a large engineering staff. How can you create security standards, and make them visible enough to build a team-wide security mindset? How can you create an engaging onboarding session to help new team members connect with the information they need? How can Rails ActiveSupport be more than just a lot of string tools and instead be used to promote common solutions to problems and deliver reliable software? Plus, learn about Chime and Chime Engineering!

Noel Rappin

June 12, 2022
Tweet

More Decks by Noel Rappin

Other Decks in Technology

Transcript

  1. Chime | 3 REPLACE IMAGE HERE This is one of

    the most terrifying graphs I know
  2. Chime | 4 As you get big fast, the amount

    of communication in your organization gets bigger, faster…
  3. Chime | 6 Chime ➔ Chime is a financial technology

    company founded on the premise that basic banking services should be helpful, easy and free. ➔ Members get early access to their paycheck, accounts with no monthly fees, fee-free overdrafts up to $200, and a secured credit card that actually helps you build credit. ➔ Helping our members achieve financial peace of mind with the simplest, lowest-cost, most human financial products ➔ We profit with our members, not from them
  4. Chime | 7 Chime Engineering ➔ Almost 600 Engineers ◆

    San Francisco, Chicago, Vancouver, and Remote ➔ Mostly Ruby Back-end ➔ Many services with APIs and custom messaging ➔ https://careers.chime.com/
  5. Chime | 8 Three talks on solving “big team” challenges

    ➔ David Trejo: How Chime creates a proactive security & engineering culture ➔ Brian Lesperance: Secure & Observable Software with ActiveSupport ➔ Chris Dwan: How To Onboard Ruby Developers
  6. David Trejo • RailsConf May 19, 2022 How Chime creates

    a proactive security & engineering culture with Monocle
  7. Tripled our engineering team ⬆ Created many new services 🚚

    Noticed security gaps and filled them 🔐 Chime | 12 Lately at Chime we’ve…
  8. Chime | 13 Our members share sensitive financial data with

    us. A security breach would be bad news. ➔ Leaders can see security posture ➔ Engineers aren’t overwhelmed by 5+ tools ➔ Automation saves us 2,000 eng hours per year on audits 😰
  9. Solution: Monocle, our internal Rails application Chime | 14 Inspired

    by open source and to get attention from engineers, we’ve given a badge to each of our repos with a letter grade
  10. Key items that reduce our audit workload: Approved base images

    Branch protection w/ 1+ review approvals Vulnerability resolution Empower engineers to improve the grade their service’s security
  11. Safeguarded our members’ data Engineers easily improve their services’ security

    Leaders see our investments in security pay off Monocle’s Security and culture results:
  12. A great start / MVP: - A cronjob - that

    hits the Github GraphQL API - then sends Slack notifications to teams, and creates reports I wish I’d started sending Slack messages sooner. Or, if you’re mostly interested in the security benefits, try open source tools like ossf’s AllStar–or more generally, Backstage.io. Chime | 17 “Where should I start?”
  13. Email us (security at chime) or message me on Twitter:

    @ddtrejo Also, we’re hiring–and this is my favorite job ever 😎 Chime | 18 Questions?
  14. ActiveSupport::Notifications • Separates instrumentation from business logic • Decouples logic

    (collection) from presentation (logging) • Lays groundwork for further reuse
  15. • Logged personal & sensitive data is a liability •

    Users ◦ Identity theft, financial hardship • Business ◦ Civil & criminal lawsuits • Need to never log this Sensitive Data
  16. Chime | 61 • Welcome and IRB • Philosophy of

    Ruby • Ruby at Chime • Question Game • Mob Programming Exercise
  17. Chime | 66 • Dirty Hands • Two-Way Communication •

    Empty Space • Keep it Moving • Split Ruby + Rails sessions