[__app_dev__]

I used to study and focus on security a lot more and keep up with trends. After several interviews this year I realize a lot of jobs prioritize leetcode over everything else. It's pretty annoying and makes me wonder if the focus for tech works is leetcode above all else then no wonder so many companies have insecure apps and servers.

[stillbourne]

I applied for a job that wanted someone who has experience with SAML. I've actually written my own hobby IDP, and I can diagram the handshake off the top of my head. I've spent a lot of time learning how to write custom decorators to handle access restrictions. I failed my interview because they wanted me to leetcode some shit with 3d geometric volumes. I'm sorry but what does this have to do with SAML or security?

[Gene_Parmesan]

Wow that's dumb. I've done some reading on 3d computational geometry for hobbyist game engine reasons, and in my admittedly limited experience, very few of the algorithms involved are intuitive enough to be derivable in an interview setting.

[xpe]

This sucks -- it is a lose-lose situation. I've seen this kind of thing happen all too often.

[papito]

You interview them as well. You give me dumb, unrelated coding questions - you are out.

[tra3]

If you can't reverse a doubly linked binary prefix tree in O(1) then how can you be trusted with security?! /s :(

[herodoturtle]

Yes but in most circumstances, quick security is better than linear security; not sure about bubble security though.

[dkersten]

Bubble security sounds like a good idea. You know, put everything into its own isolated little bubble.

[sellyme]

Best I can do is Bogo security

[icedchai]

Consider the typical company is running servers/instances that haven't been updated or rebooted in 6 months to 3 years. Never mind the multiple year old software dependencies in their apps...

[nuclearnice1]

You are correct. Especially at big companies, programmers program and security is just some rules dropped on them from above.

You might be playing the long game. I think a CTO might benefit from knowing both app dev and security.

[__app_dev__]

Thanks! Yeah, articles like this I would have studies in greater detail in the past but this year I realize In need to improve my leetcode/algo times so long term I'll keep focused on security and important topics. But in the meantime ... time to zig-zag a binary tree :(

[herodoturtle]

At my company the head of security is also the chief programmer. Not sure if that's a good thing but he's got 30 years experience and likes to tell war stories.

[Rd6n6]

What protects the companies and freelancers who write these insecure systems from liability? Is it just a blanket “we are not liable” clause in every contract?

[unixhero]

What do you mean prioritize leetcode? Do you feel that roles within information security require you to write "leetcode"? What even is leetcode?

[__app_dev__]

There was a famous case about 6 years ago where Google didn't hire the author of Homebrew because he couldn't whiteboard a leetcode type question. He posted to Twitter, then it was discussed heavily on tech sites:

https://www.reddit.com/r/programming/comments/39d0u1/google_...

In my opinion the problem has gotten worse. I spoke with a former Microsoft Product Manager early this year and he mentioned "Highly experienced engineers give the worst interviews" .. based on the current environment. He mentioned it's because the questions that come up are stuff people learned 20 years ago and never used in real-life.

I was invited by several FAANG companies this year to interview and did one interview (and turned down others) but had to cram for 2 months doing leetcode.

I realize it's a game but have mixed feelings. I think the interviews are bad if it's the only option but part of me knows the interview process is so bad it will likely discourage people from being Software Engineers and keep salaries high for many more years.

[the_doctah]

Leetcode is an algorithm-driven hiring preparation website

[herodoturtle]

leetcode is a website that acts as a programming dojo of sorts where programmers can prove their skill in a measurable way and thus increase their odds of being hired.

Employers use it to loosely gauge a programmer's basic skill level, as well as their competency to think clearly and cleverly.

It has its pros and cons.