59
Root
4y

So this chick has been super nice to me for the past few months, and has been trying to push me towards a role in security. She said nothing but wonderful things about it. It’s easy, it’s not much work, it’s relaxing, etc.

I eventually decided I’m burned out enough that something, anything different would be good, and went for it. I’m now officially doing both dev and security. The day I started, she announced that she was leaving the security team and wouldn’t join any other calls. Just flat-out left.

She trained me on doing a security review of this release, which basically amounted to a zoom call where I did all of the work and she directed me on what to do next, ignored everything I said, and treated me like an idiot. It’s apparently an easy release. The work itself? Not difficult, but it’s very involved, very time consuming, and requires a lot of paper trail — copying the same crap to three different places, tagging lots of people, copying their responses and pasting them elsewhere, filing tickets, linking tickets, copying info back and forth to slack, signing off on things, tagging tickets in a specific way, writing up security notes in a very specific format etc. etc. etc. It’s apparently usually very hectic with lots of last-minute changes, devs who simply ignore security requests, etc.

I asked her at the end for a quick writeup because I’m not going to remember everything and we didn’t cover everything that might happen.

Her response: Just remember what you did here, and do it again!

I asked again for her to write up some notes. She said “I would recommend.. you watch the new release’s channel starting Thursday, and then review what we did here, and just do all that again. Oh, and if you have any questions, talk to <security boss> so you get in the habit of asking him instead of me. Okay, bye!”

Fucking what.
No handoff doc?
Not willing to answer questions after a day and a half of training?

A recap
• She was friendly.
• She pushed me towards security.
• She said the security role was easy and laid-back.
• I eventually accepted.
• She quit the same day.
• The “easy release” took a day and a half of work with her watching, and it has a two-day deadline.
• She treated (and still treats) me like a burden and ignores everything I said or asked.
• The work is anything but laid-back.
• She refuses to spend any extra time on this or write up any notes.
• She refuses to answer any further questions because (quote) “I should get in the habit of asking <security boss> instead of her”

So she smiled, lied, and stabbed me in the back. Now she’s treating me like an annoyance she just wants to go away.

I get that she’s burned out from this, but still, what a fucking bitch. I almost can’t believe she’s acting this way, but I’ve grown to expect it from everyone.

But hey, at least I’m doing something different now, which is what I wanted. The speed at which she showed her true colors, though, holy shit.

“I’m more of a personal motivator than anything,” she says, “and I’m first and foremost a supporter of women developers!” Exactly wrong, every single word of it.

God I hate people like this.

Comments
  • 20
    When she comes back to ask you to be a reference for her next role, you know what to do. 😜
  • 9
    When you said she said it's "relaxing" I already knew something had to be wrong, work is never relaxing.
  • 2
    @neeno Code reviews are pretty relaxing. Security reviews (where you don’t care if the code works well or not) are triply so.
  • 1
    @Root meh, I find code reviews kinda boring :p. Never did a security review so I can't say anything about that.
  • 7
    You could say that you have been tricked, backstabbed, and quite possibly bamboozled.

    In all seriousness though, what the actual fuck is this demon? I hope that people like that don’t pop up when I get an app dev job...
  • 3
    ...

    You really need a tree house or sth like that to escape the madness.
  • 3
    Reading this, the first thing that comes to mind is "what a fucking bitch"

    The seconds was "Could some of this be automated?"

    Especially the linking tickets, creating tickets part, tagging people...

    Maybe some metadata somewhere on git or jira (or whatever the system is) could be used to automate or at least suggest part of the job?

    Later if you can use this you might be able to ask for a nice raise since you're doing work in a new domain and becomming more valuable
  • 1
    Damn, expected but evil. Why are always girls so vicious to each other?
  • 4
    @Benutzername I mean, men backstab too. This one happened to be a woman, doesn't mean all women do it.
  • 2
    @NoMad Definitely, ppl can be horrible to each other. It is just that from time to time I hear/read stories like this and think Damn! Ladies 🙈
  • 2
    She's a bitch and you are too classy to doxx her. Hang in there @Root , karma police will come to collect her soul.
  • 0
    I hate this "I support X because I am X" kind of talk from the teeth out.
    It is getting in fashion with wll the SWJ bullshit.
  • 3
    @TheCommoner282 Her intent was absolutely malicious, which makes me angry. However, I wanted a change and something kinda mindless to do, which this absolutely is.

    Besides, it involves a fair amount of waiting on others, and once I approve the release, i have nothing else to do, so i can finally sign off at 5pm like a normal person instead of working until 10.

    She thinks she screwed me over, but I actually sought this out and think it’s a welcome change. And even if it ends up being a different kind of hell, at least it’s different. It also gets the product douche off my back a little because he knows I have less time to work on his pet projects.

    I think it’s a nice change.
  • 3
    @Hazarth Absolutely!

    I’ve already started automating some of this, like running brakeman against master and comparing the results to the release branch, then using blame and parsing out the commit date to determine if the issue was introduced during this release or not. That took me all of 15 minutes? That’s about the same amount of time it would have taken to check them manually, so why hadn’t anyone automated this already?

    As for the Jira and github integrations... I have no idea how to do this yet. But the head of security said the company is paying CodeClimate more than $10k a year for their integration, and it keeps breaking. I could probably reimplement at least the basics for that much.
  • 5
    Without wishing to sound stereotypical, I've seen that behaviour most from people who say they support women / minority Devs. All about pencil pushing to boast about how they got them in the role and how they encourage them to apply for things outside their comfort zone, then zero support when they're in the role.

    We have a guy like that here. All sunshine and daisies when he's telling women to apply for roles, then turns his back on them and calls them idiots when they're here. Makes my blood boil. Meanwhile I'm the bad guy because even though I do my best to help anyone here, I voted against enforced diversity quotas in the grad program 😤
  • 2
    Honeypot lmao
  • 3
    @YADU It’s a nice change because of how easy and mindless it is (and how burned out I am from).

    And better yet: now that I’m the only one who has the time to do security reviews, it’s job security :)
  • 1
    Damn she finessed you into this one 🤦🏾‍♂️. But hopefully it gets better over time
  • 0
    Anything is relaxing when you don't care about it :)

    Security can be very stressful...
    I suggest looking up ASVS, it's made by OWASP and is a good starting point to create a sort of a security checklist for your app.
    When you have a checklist of issues you need to look out for it's much easier than when you just have to think about any possible way it could be insecure :)
  • 0
    @Bikonja You should always do both.
Add Comment